Bulletproof Cyber & Compliance Newsletter - February 2023

Prefer to get this in your inbox? Sign up to our email newsletter?right here.

Welcome to the February 2023?Bulletproof Newsletter - your?latest cyber & compliance resources from Bulletproof.

We’re back with a bang this month as we're launching the annual Bulletproof State of Cyber Security Report 2023! Packed full of insight into the real challenges you’re facing in the world of compliance and cyber security.

Beyond that, in cyber news this month we’re zooming in on everything penetration testing – very timely given February’s zero-days. Meanwhile on the compliance side of things we’re exploring changes to the GDPR, and looking at what the recent focus on supply chain security means for your compliance plans. So let's dive in.

Get essential insights to power your cyber security & compliance

No surprises that first-up in this month's newsletter is our insight-packed report. In this edition we're analysing real-world data to look at the actual threats business are facing in 2023, and looking at what you can do about them. We’re talking about the changes to the threat landscape, how the behaviour of cyber criminals is evolving, and how to leverage threat data for increased efficiency. For a more complete picture we’re also exploring updates and changes in the world of compliance, including GDPR, PCI, ISO 27001, and Cyber Essentials.

Check out this quick video teaser to see what's in this year's report:

Editorial Comment: State of Cyber Security Report 2023

"We’re always evolving our security reports to give the best insights and value, and in this edition were not going to talk about metrics that don’t change year on year. Instead we’re focussing in on interesting data and discussing the real challenges that our customers face and what they can do about it.

Cyber security as an everyday business challenge will never go away, but these always challenges that can be overcome through spending wisely, not freely. I hope this report provides you with some of that insight needed to implement effective security defences."

February: a good month for the bad guys

February was a bad month for cyber security vulnerabilities, with zero-day vulns for Microsoft and Apple that were being actively exploited before patches were available. This can only reinforce the need for penetration testing and VA scanning, but what’s the difference? Well, find out in 99 seconds seconds with this handy dandy improvised video.

Altogether now... "big up". The rest of the #Cybersecurity101 series, which covers the basics of cyber security, is up for grabs on YouTube.

Looking to find out more about pen testing? We answer the most commonly asked questions in this ultimate guide blog. You’ll learn things like what it is, different types, how it works, how often you should do it, and what you get out of it.?

Editorial Comment: Proactive Information Security

"A lot of our work comes from ad hoc projects helping businesses deal with lengthy and involved supplier due diligence questionnaires. This supply chain pressure is also driving ISO 27001 compliance to smaller organisations. Whereas legal regulation pushed data protection forward in the form of the GDPR, ISO 27001 and security risk management is being pushed by the community. While I’d love to say that this comes from organisations being proactive about security risks, in reality they’re?being driven by commercial pressure. No-one wants to be the weakest link in the chain.

What I’d love to see is more organisations being proactive about their security. A lot of our clients are high-growth product-led businesses, and these organisations need to realise that protecting your data is just as important as developing your product. One data breach could end your business, and information security is easier the sooner you start."

Supply chain security in the spotlight

Supply chain security has been in the spotlight recently, being featured in recent posts from the National Cyber Security Centre (NCSC). They called it “one of the key future threat challenges”, and we at Bulletproof firmly agree. Supply chain security has traditionally been seen as something for the larger organisations to worry about, but in recent times it’s been increasingly on the agenda smaller businesses too. This is one of the reasons for the surge in ISO 27001 and Cyber Essentials certification. There’s no excuse for any business not to get Cyber Essentials, and both it and ISO 27001 have become business enablers.

ISO 27001 compliance can seem an uphill battle to some companies, and whilst it’s true that there are some challenges, there are also some quick wins. For example, getting a virtual CISO on a retainer basis gives you access to top-tier information security strategy without breaking the bank. We actually wrote a whole blog about how getting a vCISO can help with ISO 27001 compliance.

GDPR set to gain extra scrutiny

The European Commission is stepping up its monitoring of how data protection authorities enforce rules across the EU. The Commission has committed to regular checks on “large scale” GDPR cases to address criticism that enforcement of the GDPR has been weak – especially on Big Tech. This has been applauded by privacy campaigners who have long argued that the GDPR has failed to protect consumers from unwanted tracking and profiling by tech giants.

This is proof that the world of data protection never stays still, and that GDPR scrutiny is only ever going to increase. Bulletproof has lots of GDPR resources for business who want to learn more – just head over to our blog. Here’s an interesting one on understanding data retention. Or if you want to get started with getting up-to-speed with GDPR as a business, try a GDPR gap analysis. It's the best way to find out where you are compared to where you need to be.

That's all for this month - see you in March's newsletter! If you want to chat anything cyber or compliance, get in touch with Bulletproof.co.uk