Black Arrow Cyber Threat Briefing 01 March 2024
Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.
Top Cyber Stories of the Last Week
Risk-based spending: An Imperative for Cyber Security That Demands Board Attention
Staying ahead of the latest cyber security developments is essential to keeping your organisation safe. But with the rise of artificial intelligence and attackers dreaming up new techniques every day, a lot of organisations are left to question how they can create proactive, agile cyber security strategies and what approach gives the best return on investment, mitigating risks and maximising the value of their cyber security investments.
Unfortunately, most organisations do not have an unlimited budget, and for small and medium-sized businesses, there is even less to work with. What is needed is a risk-based approach, where organisations identify and prioritise their greatest vulnerabilities, correlating these to business impact; this is then used to form the cyber risk strategy for the organisation.
Sources: [Security Week] [The Hacker News] [Risk.net]
If you Pay Ransoms, You May not Get Your Data Back and Worse, You Will Probably Get Hit Again, with 78% of Firms who Paid Then Suffering Repeat Ransomware Attacks
Recent research from Proofpoint has found that 69% of organisations experienced a successful ransomware incident in the past year, a rise of 5% compared to the previous year. The report found that 60% reported four or more separate ransomware incidents and of the total involved, 54% admitted to paying a ransom. In a separate report, it was found that 78% of organisations suffering a ransomware attack suffered repeat attacks even after they paid.
Sources: [databreaches.net] [Infosecurity Magazine] [Infosecurity Magazine] [Claims Journal]
Cyber Resilience and Cyber Hygiene: Why They Matter to Your Business
Cyber resilience unites cyber security with business continuity and organisational durability, with proper implementation allowing the continuation of routine operations during adverse cyber incidents. Cyber hygiene, on the other hand, refers to having strong cyber security processes and procedures, to help the organisation mitigate the chance of an incident. The combination of both of these allows an organisation to reduce their likelihood of suffering a cyber incident, whilst improving their likelihood of continuing operations in the event of such an incident.
Sources: [Information Week] [Security Boulevard]
Why Governance, Risk and Compliance Must be Integrated with Cyber Security
With pressure from regulators, the evolving threat landscape and requirements for stronger oversight, governance, risk and compliance (GRC) has even more of an argument for alignment with cyber security. After all, cyber security is still security. Incorporating cyber security into the GRC programme of an organisation allows for cyber to become a business enabler.
Source: [CSO Online]
More and More UK Firms Concerned About Insider Threats
A report has found that 54% of UK business decision makers are concerned about the likelihood of their employees disclosing sensitive information or providing network access to fraudsters. In a separate report, 35% of respondents cited overworked and distracted staff making mistakes as a reason why they thought their business experienced insider risk. Certainly, insider risk does not just involve malicious employees; it can also include negligence and in some cases, employees may not be trained enough to identify the risk they are placing on the organisation such as not knowing or following an organisation’s call back procedure. It is important for organisations to consider whether their current training addresses this and whether the programme is doing enough to ensure that insider risk is mitigated.
Source: [Infosecurity Magazine]
98% of Businesses Linked to Breached Third Parties
A new report has found that 98% of organisations are associated with a third party that has experienced a breach, and these breaches often take months or more to be discovered. 75% of external business-to-business (B2B) relationships that enabled third-party breaches involved software or other technology products and services. Third party security is an important part of an organisation’s cyber security and to manage it correctly, organisations need to implement a third party risk management programme.
Source: [Help Net Security]
Phishing, Smishing and Vishing Skyrocket 1,265%
According to a report, since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265%. Despite different techniques, these attacks all have one focus, and that’s on the user. Organisations looking to protect themselves should consider a blend of mitigations, including advanced email filtering, enabling multi-factor authentication and arguably the most important, effective user education and awareness training. This training should go beyond ticking boxes, by instead teaching employees how to both recognise and report phishing attempts.
A separate report analysed over 1 billion emails. Some of the key findings included that the majority of phishing attempts (71%) rely on deceptive links, but attachments (22%) and predatory QR codes (7%) are on the rise. When it came to spoofs, Microsoft was the most spoofed entity and financial services were amongst those most targeted sectors.
Source: [Bleeping Computer] [Help Net Security] [Security Affairs]
Business Email Compromise Attacks Are Evolving, But What Can Be Done About It
Business Email Compromise (BEC) attacks remain a dominant danger, with a staggering $51 billion lost over the last decade. A recent report underscores the prevalence of email as the primary battlefield, far outstripping other cyber attack methods. The low-cost, high-reach nature of email makes it an attractive starting point for cyber criminals. As organisations embrace cloud-based infrastructures, these attacks have morphed, presenting new challenges. Attackers have progressed from direct phishing attempts, to compromising business partners, vendors and other third parties. In this arms race, artificial intelligence (AI) assumes a pivotal role as an essential ally, efficiently discerning between benign and malicious content. This development signifies a significant milestone in the realm of email security resilience.
Source: [ITPro]
Vulnerabilities Count Set to Rise by 25% in 2024
The cyber threat landscape is rapidly evolving, with an anticipated 25% increase in published systems vulnerabilities for 2024. This surge, reaching approximately 2,900 vulnerabilities per month, underscores the critical need for robust vulnerability management strategies. Vulnerabilities serve as prime entry points for ransomware actors, heightening the urgency for organisations to fortify their defences. However, the sheer volume of vulnerabilities poses a daunting challenge for security and IT teams already thinly stretched. Timely risk-scoring remains a significant issue, leaving defenders vulnerable to exploits with threat actors often gaining a head start. Honeypot data reveals a concerning uptick in scans targeting remote desktop protocol (RDP), with businesses running end-of-life (EOL) software at heightened risk. In this dynamic cyber security climate, proactive risk management and expert intervention, such as Managed Detection and Response (MDR), are imperative to safeguarding against emerging threats.
Source: [Help Net Security]
BYOD Increases Mobile Phishing; Risks Have Never Been Higher
The risk of cyber attacks looms large, with stolen employee login credentials serving as a prime target for malicious actors. Mobile phishing has emerged as a significant threat, with data revealing a surge in encounter rates, especially in hybrid work environments and amid Bring Your Own Device (BYOD) policies. Personal devices, once considered outside the realm of corporate security, now pose substantial risks, as attackers exploit social engineering schemes to breach organisational networks. The financial implications of a successful phishing attack are staggering, with estimates suggesting potential losses of up to $4 million for organisations. As phishing encounter rates continue to rise, it's imperative for businesses to bolster their security strategies, ensuring comprehensive protection against mobile phishing threats across all employee devices. To navigate this evolving landscape and safeguard sensitive data, organisations must stay vigilant and adopt proactive measures.
Source: [MSSP Alert]
What Companies Should Know About Rising Legal Threats
The cyber security landscape is witnessing a significant shift as legal actions increasingly target both corporations and individual security officers. Recent cases including lawsuits by Tesla against ex-employees for cyber security breaches and charges by regulatory bodies like the US FTC and SEC, underscore the mounting legal risks associated with cyber security breaches. Notably, private companies are not exempt from such liabilities, facing scrutiny from authorities, regulators, customers and other affected parties. This environment has prompted many cyber security leaders to reconsider their roles, with concerns raised about the future of the profession. Amidst escalating threats and enforcement actions, there's a pressing need for enhanced cyber security budgets, robust risk-based controls and proactive audits or other independent assurance.
Source: [Darkreading]
CIOs Rethink All-In Cloud Strategies as Five Eyes Nations Warn of Evolving Russian Cyber Espionage Practices Targeting Cloud Environments
As organisations embrace the cloud, CIOs recognise that a one-size-fits-all approach may not be optimal. Many now favour a nuanced strategy, shifting workloads from public clouds to platforms offering productivity gains and cost savings; a trend known as ‘cloud exit.’ CIOs are rethinking cloud strategies, assessing each application’s suitability and fostering context-aware hosting decisions.
This comes as a recent advisory issued jointly by cyber security agencies from the UK, US, Australia, Canada, and New Zealand reveals that Russian cyber espionage units, including APT29 and Cozy Bear, are adapting tactics to target cloud environments used by both public and private organisations. These sophisticated attacks pose significant threats across industries. Implementing basic cloud security measures is crucial to regularly evaluate dormant accounts, limit system-issued token validity, and enforce stringent device policies. As cloud adoption rises, prioritise cyber security fundamentals for effective defence.
Sources: [CyberScoop] [CIO]
Governance, Risk and Compliance
Why governance, risk, and compliance must be integrated with cyber security | CSO Online
Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista
The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week
Why Cyber Resilience May Be More Important Than Cyber Security (informationweek.com)
Beating the drum on cyber risk: the battle for boardroom attention - Risk.net
What is cyber hygiene and why businesses should know about it - Security Boulevard
Bridging the Gap: Connecting Cyber Security Spending to Business Results - Security Boulevard
What Companies & CISOs Should Know About Rising Legal Threats (darkreading.com)
Essential Guide To Security Metrics For Businesses (informationsecuritybuzz.com)
Essential Guide To Information Security Compliance (informationsecuritybuzz.com)
Mastering Risk Management: The Art Of Effective Strategy (informationsecuritybuzz.com)
The CISO: 2024’s Most Important C-Suite Officer (forbes.com)
UK Unveils Draft Cyber Security Governance Code - Infosecurity Magazine (infosecurity-magazine.com)
Cyber security 'blind spot' leaves businesses exposed - Accountancy Age
Building Your Cyber Incident Response Team - Security Boulevard
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
AWS on why CISOs should track 'the metric of no' | TechTarget
2024 will see more cyber threats emerge – here is what SMEs need to know | TechRadar
Threats
Ransomware, Extortion and Destructive Attacks
Stages of LockBit Grief: Anger, Denial, Faking Resurrection? (inforisktoday.com)
What CISOs Need To Know About The Lockbit Takedown - Security Boulevard
Ransomware crews lean into infostealers for initial access • The Register
78% of Organisations Suffer Repeat Ransomware Attacks After Paying (claimsjournal.com)
Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)
Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)
What Are Ransomware Attacks and Can They Be Stopped? Explainer - Bloomberg
Study: Ransom payment not a shield against future attacks | SC Media (scmagazine.com)
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (bleepingcomputer.com)
Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)
Is Now the Right Time for a Ransomware Payment Ban? (govtech.com)
What is Old is New Again: Lessons in Anti-Ransom Policy | Recorded Future
3 Ways Your Organisation Could Be Susceptible To Ransomware Attacks (forbes.com)
What the war on terrorism teaches us about the war on ransomware | SC Media (scmagazine.com)
Cyber criminals follow the money to hit manufacturing sector • The Register
Why your legitimate software is not safe from ransomware attacks (networkingplus.co.uk)
Ransomware Victims
Change Healthcare Ransomware Attack: BlackCat Hackers Quickly Returned After FBI Bust | WIRED
LoanDepot Ransomware Attack Exposed 16.9 Million Individuals - Security Week
Rhysida ransomware wants $3.6 million for children’s stolen data (bleepingcomputer.com)
Stolen Donald Trump Court Files Will Be Published February 29, Hackers Say (forbes.com)
Epic Games attacked by new ransomware group Mogilevich | SC Media (scmagazine.com)
Hackers claim to have stolen 7GB of data from Irish Department of Foreign Affairs | Independent.ie
Insomniac Games alerts employees hit by ransomware data breach (bleepingcomputer.com)
German Steelmaker Thyssenkrupp Confirms Ransomware Attack - Security Week
US pharmacy outage caused by Blackcat attack on Optum (securityaffairs.com)
MGM Resorts Says Regulators Probing September Cyber Attack (claimsjournal.com)
Phishing & Email Based Attacks
European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack - Help Net Security
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security
BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert
SMBs are being targeted by this new phishing scam — make sure you don't fall victim | TechRadar
Need to Know: Key Takeaways from the Latest Phishing Attacks (bleepingcomputer.com)
Unmasking 2024's Email Security Landscape (securityaffairs.com)
Registrars can now block all domains that resemble brand names (bleepingcomputer.com)
Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails | TechSpot
Other Social Engineering
Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT - Help Net Security
The Silent Threat: Why Vishing is Causing Major Problems for Businesses - Security Boulevard
Registrars can now block all domains that resemble brand names (bleepingcomputer.com)
How to stay safe from cyber criminal "quishing" attacks | TechRadar
Artificial Intelligence
Blackstone's Schwarzman sees peril in “not bright” criminals getting their hands on AI | Fortune
AI threats: The importance of a concrete strategy in fighting novel attacks | ITPro
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)
AI in cyber security presents a complex duality - Help Net Security
AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)
Held to ransom: How criminal gangs are weaponising AI in the name of cyber extortion (holyrood.com)
Cyber experts raise AI fears security fears in Parliament | IT Reseller Magazine (itrportal.com)
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
BEAST AI attack can break LLM guardrails in a minute • The Register
2FA/MFA
Malware
Ransomware crews lean into infostealers for initial access • The Register
BobTheSmuggler: Open-source tool for undetectable payload delivery - Help Net Security
New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT (thehackernews.com)
North Korean Hackers Targeting Developers with Malicious npm Packages (thehackernews.com)
Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub (thehackernews.com)
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica
Pikabot returns with new tricks up its sleeve - Help Net Security
TimbreStealer Malware Spreading via Tax-themed Phishing Scam Targets IT Users (thehackernews.com)
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)
CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)
Cloud-focused malware campaigns on the increase (betanews.com)
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events (thehackernews.com)
Mobile
BYOD Increases Mobile Phishing; Risks Have Never Been Higher | MSSP Alert
Kaspersky Finds Attacks on Mobile Devices Significantly Increased in 2023 (darkreading.com)
Meet 'XHelper,' the All-in-One Android App for Global Money Laundering (darkreading.com)
Denial of Service/DoS/DDOS
Internet of Things – IoT
Data Breaches/Leaks
U-Haul says 67K customers' data was stolen in cyber attack • The Register
Pharma giant hit by major cyber attack — Cencora confirms data was stolen | TechRadar
Organised Crime & Criminal Actors
Chart: Cyber Crime Expected To Skyrocket in Coming Years | Statista
8 Worrying Cyber Security Statistics You Need to Know in 2024 (tech.co)
It’s only February and cyber crime is already running rampant (techinformed.com)
Scottish Police Face Toil and Trouble From Cyber Crime (govinfosecurity.com)
How active adversaries divide labour to more effectively target victims | SC Media (scmagazine.com)
Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain
SonicWall: Cryptojacking Attacks Spike 659% in 2023 | MSSP Alert
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Insider Risk and Insider Threats
Are remote workers at greater risk of cyber security threats? | TechRadar
Understanding employees' motivations behind risky actions - Help Net Security
The human element of cyber security: Why people are the ultimate defence. (thecyberwire.com)
Insurance
Supply Chain and Third Parties
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks (thehackernews.com)
98% of businesses linked to breached third parties - Help Net Security
Cloud/SaaS
Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)
Cryptojacking is no longer the sole focus of cloud attackers - Help Net Security
Your Data Has Moved to the Cloud: Can Your Security Strategy Keep Up? | MSSP Alert
Cloud-focused malware campaigns on the increase (betanews.com)
Identity and Access Management
How organisations can navigate identity security risks in 2024 - Help Net Security
Echoes of SolarWinds in New 'Silver SAML' Attack Technique (darkreading.com)
Linux and Open Source
Passwords, Credential Stuffing & Brute Force Attacks
Social Media
Rights groups file GDPR suits on Meta's pay-or-consent model • The Register
Meta Patches Facebook Account Takeover Vulnerability - Security Week
Malvertising
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Google faces $2.27 billion lawsuit over advertising practices (searchengineland.com)
Training, Education and Awareness
Cyber awareness education is a change-management initiative | CSO Online
Cyber Security Training Not Sticking? How to Fix Risky Password Habits (bleepingcomputer.com)
4 Ways Organisations Can Drive Demand for Software Security Training (darkreading.com)
Creating a cyber security training curriculum for SMBs and MSPs | TechRadar
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
Regulations, Fines and Legislation
81% of security leaders predict SEC rules will impact their businesses | Security Magazine
Orgs Face Major SEC Penalties for Failing to Disclose Breaches (darkreading.com)
Getting Ahead of Cyber Security Materiality Mayhem - Security Boulevard
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
Backup and Recovery
Models, Frameworks and Standards
NIST Adds “Govern” Function to Cybersecurity Framework | MSSP Alert
Top 3 NIST Cyber Security Framework 2.0 takeaways | SC Media (scmagazine.com)
Data Protection
UK ICO issues warning on biometric employee tracking, guidance for businesses | Biometric Update
Privacy Beats Ransomware as Top Insurance Concern (darkreading.com)
Rights groups file GDPR suits on Meta's pay-or-consent model • The Register
UK ICO Vows to Safeguard Privacy in AI Era - Infosecurity Magazine (infosecurity-magazine.com)
Careers, Working in Cyber and Information Security
A Perfect Cyber Storm is Leading to Burnout | Network Computing
The Next Gen of Cyber Security Could Be Hiding in Big Tech (darkreading.com)
Lost to the Highest Bidder: The Economics of Cyber Security Staffing - Security Boulevard
Law Enforcement Action and Take Downs
Is the LockBit gang resuming its operation? (securityaffairs.com)
Challenges Remain in Evaluating Ransomware Crackdowns | Decipher (duo.com)
Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)
Misinformation, Disinformation and Propaganda
Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity
Cyber Warfare and Cyber Espionage
Nation State Actors
China
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica
US Official Warns Of China’s Growing Offensive Cyber Power – Analysis – Eurasia Review
Chinese Cyber Espionage Set To Ramp Up This Year (forbes.com)
The Drums of US-China Cyber War by Stephen S. Roach - Project Syndicate (project-syndicate.org)
Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware (thehackernews.com)
The White House Warns Cars Made in China Could Unleash Chaos on US Highways | WIRED
Foreign Firms in China Flag Lack of Feedback on Data Security (bloomberglaw.com)
Beijing Silent Over Russia's Reported War-Gaming of China Invasion
Russia
Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns | Ars Technica
Russia may have just carried out its first direct action against the West (yahoo.com)
Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)
Russia's 'Midnight Blizzard' Targeting Service Accounts for Initial Cloud Access (darkreading.com)
Cyber Security Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat (thehackernews.com)
Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions (govinfosecurity.com)
Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)
Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry (darkreading.com)
Russia warns of "military-technical" response to Sweden's NATO membership (newsweek.com)
Russian hacker is set to face trial for the hack of a local power grid (securityaffairs.com)
Beijing Silent Over Russia's Reported War-Gaming of China Invasion
Russia subjected to deluge of nation-state, hacktivist cyber threats | SC Media (scmagazine.com)
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Iran
North Korea
Vulnerability Management
Vulnerabilities
Moscow Military Hackers Used Microsoft Outlook Vulnerability (inforisktoday.com)
Lazarus APT exploited 0-day in Win driver to gain kernel privileges (securityaffairs.com)
Cisco Patches High-Severity Vulnerabilities in Data Center OS - Security Week
CISA warns against using hacked Ivanti devices even after factory resets (bleepingcomputer.com)
Five Eyes Agencies Warn of Active Exploitation of Ivanti Gateway Vulnerabilities (thehackernews.com)
Critical Flaw in Popular 'Ultimate Member' WordPress Plugin - Security Week
Meta Patches Facebook Account Takeover Vulnerability - Security Week
MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs (darkreading.com)
Citrix, Sophos software impacted by 2024 leap year bugs (bleepingcomputer.com)
Ivanti integrity checker tool needs latest update to work, Five Eyes alert warns | CyberScoop
Zyxel fixed four bugs in firewalls and access points (securityaffairs.com)
Tools and Controls
The Imperative for Modern Security: Risk-Based Vulnerability Management - Security Week
Cyber awareness education is a change-management initiative | CSO Online
Strengths & Weaknesses of MFA Methods Against Cyber Attacks | Duo Security
AI and cyber security: Navigating the risks and opportunities | World Economic Forum (weforum.org)
How Zero Trust Data Detection & Response is Changing the Game - Security Boulevard
APIs become the leading attack vector, cyber security research shows (securitybrief.co.nz)
How organisations can navigate identity security risks in 2024 - Help Net Security
9 Steps to Fostering a Cyber Security-Aware Culture (newsweek.com)
Artificial Arms Race: What Can Automation and AI do to Advance Red Teams - Security Week
Savvy Seahorse gang uses DNS CNAME records to power investor scams (bleepingcomputer.com)
Cloud Apps Make the Case for Pentesting-as-a-Service (darkreading.com)
Other News
Cyber attacks on UK law firms on the rise - Spear's (spearswms.com)
IntelBroker claimed the hack of the Los Angeles International Airport (securityaffairs.com)
It's time to stop trusting your antivirus software | Digital Trends
Three new advanced threat groups targeted industrial organisations last year | CSO Online
What’s on the Radar for Aviation Industry Cyber Security? - Security Boulevard
Business leaders warn of rising cyber security threat | The Herald (heraldscotland.com)
Why Health Care Is Top Target for Cyber Criminals (govtech.com)
RCMP investigating cyber attack as its website remains down (bleepingcomputer.com)
Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning (bleepingcomputer.com)
Sector Specific
Industry specific threat intelligence reports are available.
Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.
· Automotive
· Construction
· Critical National Infrastructure (CNI)
· Defence & Space
· Education & Academia
· Energy & Utilities
· Estate Agencies
· Financial Services
· FinTech
· Food & Agriculture
· Gaming & Gambling
· Government & Public Sector (including Law Enforcement)
· Health/Medical/Pharma
· Hotels & Hospitality
· Insurance
· Legal
· Manufacturing
· Maritime
· Oil, Gas & Mining
· OT, ICS, IIoT, SCADA & Cyber-Physical Systems
· Retail & eCommerce
· Small and Medium Sized Businesses (SMBs)
· Startups
· Telecoms
· Third Sector & Charities
· Transport & Aviation
· Web3
As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.
Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.
You can also follow us on Facebook, Twitter and LinkedIn.
Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.