Nov 15 2022

How To Take A Multi-Layered Approach To Cybersecurity

Category: Cyber maturity,cyber security,Information SecurityDISC @ 1:10 pm
Padlock Icon Cyber Security of Digital Data Network Protection, Secure Technology Blockchain Data Network Connectivity Background, And Secure Information for Privacy 3d rendering

As we continue to rely on technology more and more, we should also be increasingly thinking about protection. According to Cyber Security Hub, two-thirds of companies are spending more on cybersecurity in 2022 than last year — a pattern that should only continue.

On the heels of National Cybersecurity Awareness Month, it is the perfect time for business leaders and organizations to consider the cybersecurity safeguards they use to protect sensitive information. Cybersecurity can be a complex task for many organizations. Businesses, educational institutions and government entities often struggle to navigate the available options. Aside from IT professionals, finding the right solution requiressubject matter experts, a group of leaders who represent different lines of business, C-suite representatives and a thorough risk assessment to determine where to strike a balance between security and productivity.

Security is a constant discipline of due care and due diligence over time. It requires a mindset shift for employees and extends far beyond computers. Printers, scanners, fax machines, document management systems and other hardware and software solutions must contain the latest security features as well. While updating these devices may not be top of mind, neglecting them can pose a serious threat to your organization if compromised.

If you are just getting started, or need a refresher on cybersecurity, here are some of the first steps you should take:

Risk Assessment

Layered security Standard Requirements

Tags: Multi-Layered Approach

Aug 16 2022

Organisations Must Invest in Cyber Defences Before It’s Too Late

Category: Cyber maturity,Information SecurityDISC @ 8:22 am

We’ve all been feeling the effects of inflation recently. Prices rose by 8.2% in the twelve months to June 2022, with the largest increases being seen in electricity, gas and transport prices.

Meanwhile, the cost of renting commercial property continues to rise, despite the decreased demand for office space amid the uptick in remote work.

It should be obvious why costs are on the rise; substantial disruption remains related to COVID-19, Russia’s invasion of Ukraine has disrupted supply chains and interest rates have been raised several times this year.

The Bank of England says that the causes of rising inflation are not likely to last, but it has warned that the prices of certain things may never come down.

Clearly, then, rising costs are not simply a temporary issue that we must get through. We must instead carefully plan for how we will deal with increased costs on a permanent basis.

One apparent measure is to look at ways your organisation can cut costs. For better or worse, the most likely targets will be parts of the business that don’t contribute to a direct return on investment.

However, before you start slashing budgets, you should consider the full effects of your decisions.

Take cyber security for example. It’s already notoriously underfunded, with IT teams and other decision makers being forced to make do with limited resources.

According to a Kaspersky report, a quarter of UK companies admit underfunding cyber security even though 82% of respondents have suffered data breaches.

The risk of cyber security incidents is even higher in the summer months, when staff holidays mean that cyber security resources are even more stretched than usual.

What’s at stake?

The global cost of cyber crime is predicted to reach $10.5 trillion (£8.8 trillion) in the next three years, more than triple the $3 trillion (£2.5 trillion) cost in 2015.

We’ve reached record numbers of phishing attacks, with the Anti-Phishing Working Group detecting more than one million bogus emails last quarter. Meanwhile, there were more ransomware attacks in the first quarter of 2022 than there were in the whole of 2021.

These are worrying signs for organisations, and an economic downturn will only make cyber criminals more determined to make money – especially as they know their targets are focusing on cutting costs.

But it’s not just the immediate costs associated with cyber attacks and disruption that organisations should be worried about. There are also long-term effects, whether that’s lingering operational disruption, reputational damage or regulatory action.

Consider the ongoing problems that British Airways faced after it suffered a cyber attack in 2018. It took the airline more than two months to detect the breach, creating enduring difficulties and ultimately resulting in a £20 million fine.

The ICO (Information Commissioner’s Office), which investigated the incident, found that British Airways was processing a significant amount of personal data without adequate security measures in place, and had it addressed those vulnerabilities, it would have prevented the attack.

There were several measures that British Airways could have used to mitigate or prevent the damage, including:

  • Applying access controls to applications, data and tools to ensure individuals could only access information relevant to their job;
  • Performing penetration tests to spot weaknesses; and
  • Implementing multi-factor authentication.

In addition to the fine, British Airways settled a class action from as many as 16,000 claimants. The amount of the settlement remains confidential, but the cost of the payout was estimated to be as much as £2,000 per person.

Remarkably, the penalty and the class action represent a case of strikingly good fortune for British Airways. Had it come earlier, it would have been at the height of the COVID-19 pandemic when airlines were severely affected, and were it any later, it would have come during a period of massive inflation.

It’s a lesson that other organisations must take to heart. The GDPR is being actively enforced throughout the EU and UK, so organisations must ensure compliance.

Failure to do so will result in unforeseen costs at a time when every precaution must be taken to reduce costs.

Invest today, secure tomorrow

It’s long been accepted that it’s a matter of ‘when’ rather than ‘if’ you will suffer a cyber attack. When you do, you’ll have to invest heavily in security solutions on top of having to paying remediation costs.

In times of uncertainty, you need your services to be as reliable as possible. The challenges your organisation will face in the coming months as a result of falling consumer confidence are enough to deal with without having to contend with cyber crime and its inevitable fallout.

Investing in effective cyber security measures will enable your organisation to make the most of its opportunities in straightened circumstances.

You can find out how you can bolster your organisation’s defences quickly and efficiently with IT Governance’s range of training courses.

We want to help our customers get the most from their cyber security training this August.

Book any classroom, Live Online or self-paced training course before the end of this month and automatically receive:

Tags: defense in depth

Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…

DISC InfoSec

#InfoSecTools and #InfoSectraining



Tags: Cybersecurity Stats

Jan 30 2021

Gartner says 40% of boards to have cybersecurity committee by 2025

Category: Cyber Communication,Cyber maturity,cyber securityDISC @ 12:15 pm

Oct 02 2020

The Cybersecurity Maturity Model Certification (CMMC)

Category: Cyber maturityDISC @ 1:32 pm

CMMC – A pocket guide | Available now for pre-order 📢

Suitable for senior management and the C-suite, general or legal counsel, IT executives, IT organizations, and IT and security students, this pocket guide will give you a solid introduction to the CMMC and its requirements.

A clear, concise primer on the CMMC (Cybersecurity Maturity Model Certification), this pocket guide:

  • Summarizes the CMMC and proposes useful tips for implementation
  • Discusses why the scheme has been created
  • Covers who it applies to and why being non-compliant will result in missed business opportunities
  • Highlights the requirements for achieving and maintaining compliance

Available for pre-order! Buy today and we’ll email you as soon as The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide becomes available on 11/10/2020. Buy Now


Tags: CMMC