Possible Decrease in Lost Devices by UK Government Departments

Whilst discussions of information security tend to focus on high-tech cyber attacks; the reality is that many data breaches are down to human error. Generally the biggest single cause of data breaches reported to the Information Commissioner’s Office is simply people sending information to the wrong people. Loss or theft of devices is another significant […]

Some Good News in Latest Figures from the Financial Conduct Authority

Never let it be said that we don’t celebrate good news! Since April 2018, UK banks have had to report “Operational and Security Incidents” affecting personal and business current accounts to the Financial Conduct Authority (FCA) if they reach any of the following thresholds: 10% of transaction affected; 5000 payment service users affected; and/or 2 […]

Another Big Rise in ISO 22301 and ISO 27001 Certifications

According to figures published recently by the International Standards Organisation (ISO), there was another steep rise in the number of certifications globally to both ISO 222301 and ISO 27001 last year.  As of the end of 2020, there were: 44 486 valid ISO 27001 certificate (up 22% on 2019); and 2205 valid ISO 22301 certificates […]

Why is the Databarracks Data Health Check Interesting?

Databarracks have just published their 2021 Data Health Check.  You may think “So what?” – we are constantly bombarded with surveys on different aspects of information security management.  I would argue that the Data Health Check is interesting for two reasons: It is explicitly UK focused; and The survey has been carried out every year […]

Kaseya Ransomware Attack – Is this the new Face of Cyber Attacks?

There has been extensive coverage over the weekend of the massive ransomware attack, that began at the US-based IT firm Kaseya.  The attackers managed to infect a software update for Kaseya’s VSA product that went out to customers on Friday with REvil ransomware.  This not only affected these firms, but also their customers.  One of […]

BCAW Day 5 – What Have we Learnt?

So it’s the final day of Business Continuity Awareness Week (BCAW) 2021: what have we learnt this year?  Undoubtedly, BCAW 2021 has been dominated by high-profile ransomware events, with a combination of: Continued fallout from the DarkSide attack on Colonial Pipeline earlier in the month; Ongoing disruption to the Irish Health Service following an attack […]

Will Ransomware Attack Lead to Fuel Shortages in the US?

Concerns are growing about the impact of a ransomware attack on one of the major oil pipeline networks in the US.  The Colonial Pipeline, which carries 100 million gallons of refined oil products a day from Houston as far North as New York, has been closed since Friday following a ransomware attack. Emergency legislation has […]

Information Security Issues for New Alba Party

Only 48 hours after the dramatic launch of Alex Salmond’s Alba Party, the Herald on Sunday reported that the names of more than 4,000 people who had signed up to attend party events were inadvertently made public.  Amusingly (or not, depending on your viewpoint), the list apparently contained a number of high-profile SNP members.  The […]

How Safe are Data Centres?

Yesterday morning, millions of websites were off-line as fire raged through a data centre in Strasbourg.  OVH is the fourth largest web-hosting provider in Europe (after AWS, Microsoft Azure and Google Cloud), and operates four data centres on the Strasbourg site.  One 500m2 data centre was destroyed and another was damaged in the blaze; the […]

Will the Number of GDPR Fines Keep Rising?

The GDPR Enforcement Tracker website shows a dramatic increase in the number of fines being issued for data breaches in recent months.  Across Europe only 75 fines were levied in the first two years after GDPR came into force, or about 3 fines per month.  However, in the last 9 months a further 72 fines […]