protection from cybercrime

In today’s business world, every organisation holds a huge amount of business-critical data. And as email remains to be the most important form of communication and a widespread way to store information, it can hold significant numbers of business-critical documents. Data can be stored on-premises, in private or public clouds or a mixture of both. However, regardless of where it resides, the importance lies in its availability. Being able to access data is fundamental for business success and a core responsibility of IT strategy. After all, the unavailability of important data may lead to poor productivity, legal risk, and compliance violation penalties.

The notion of hybrid workforces and “working from anywhere” has now become engrained in many employees’ normal corporate lives. Unfortunately, this has presented new challenges for securing this new hybrid work model whilst ensuring employees have the same, adequate, user experience they would have if they were in a traditional corporate office setting.

With organisations now requiring protection not only for users, but also devices, apps, and data everywhere and at all times, here are some considerations to ensure you are correctly securing your hybrid workforce:

If you're familiar with the concept of cybercrime, you might have heard of the term "spear phishing" before. But what does it mean? How does it differ from other cybersecurity threats, and what can you do to protect your organisation's data, people, and assets from spear phishing? In the points below, we'll cover what spear phishing is, how you can protect yourself from these attacks, and what to look out for.

Changes to the upcoming ISO 27001 standard are due to be released shortly. This article describes major changes to the components of ISO 27001’s Annex Controls by analysing what new modules now exist in the ISO 27002:2022 standard.

DOES THIS APPLY TO ME?

These modules will quickly become standard components of risk questionnaires, and will become non-negotiable baseline security requirements when your business handles data, or provides services.

The cyber threat landscape is continually evolving as cybercriminals look for new vulnerabilities in organisation’s systems and processes. As we increasingly access applications, data, and tools from remote locations, these risks compound further. To mitigate the threat of risk or loss to critical assets, it’s vital to have a full set of security technologies along with the ability to monitor and track user behaviour within the organisation’s network. The Security Service Edge (SSE), a term coined by Gartner and a new concept in the cybersecurity landscape, aims to help do just that. SSE uses a collection of integrated, cloud-centric security capabilities to facilitate secure remote access to corporate resources. 

ISO 27002:2022 was released on 15th February replacing the 2013 version.

This blog discusses what revisions were made in ISO 27002:2022 to reflect the improvements in technology and updates in information security practices within a diverse range of industries, businesses, and governments. We will also explain how the updated structure has been simplified for ease of use.

What has changed in ISO 27002:2022