Articles

Shadow AI: The Hidden Risk of Staff Using AI Tools

A few years ago, most organisations worried about staff using unapproved cloud apps and personal file-sharing accounts. The term for it was shadow IT: technology being used inside the business without the knowledge or approval of the people responsible for security.

Today there is a new version of the same problem, and it is spreading far faster. It is often called shadow AI: employees using artificial intelligence tools, usually with good intentions, without any oversight or guidance. If you have not thought about it yet, it is worth doing so, because it is almost certainly already happening in your organisation.

Read more →

Making ISO 27001 Work for Your Organisation

ISO 27001 has a reputation problem. For many people it brings to mind thick binders of policies, a stressful audit, and a certificate that goes on the wall and is quietly forgotten. That is a shame, because at its heart the standard is simply a sensible, structured way of looking after the information your organisation depends on.

Used well, ISO 27001 helps you understand what you need to protect, decide how to protect it, and keep that protection working over time. Used badly, it becomes a paperwork exercise that satisfies an auditor but does very little for your actual security. The difference comes down to how you approach it.

Read more →

Your Backups May Not Save You From Ransomware

The standard advice for dealing with ransomware was traditionally relatively simple: maintain reliable backups and you can recover without paying the ransom. That advice is still broadly correct, but ransomware groups have spent the last several years adapting specifically to that strategy, and the threat landscape has changed considerably.

Backups are no longer an afterthought for attackers. They are often one of the first things targeted during an intrusion.

How ransomware attacks have evolved

Modern ransomware attacks are rarely opportunistic smash-and-grab operations.

Read more →

Five Signs Your Network May Have Been Compromised

Most successful network intrusions go undetected for weeks or even months. Many attackers deliberately avoid disruption during the initial stages of a compromise, preferring to quietly extract data, steal credentials, or maintain access for future use. Knowing what to look for can make the difference between detecting an incident early and discovering it only after significant damage has been done.

1. Unexpected outbound traffic

Your firewall and network logs are some of the most valuable sources of early warning. If you notice large volumes of data leaving your network at unusual times — particularly to unfamiliar IP addresses or overseas destinations — it should be treated as suspicious until proven otherwise.

Read more →

Why Phishing Emails Are Getting Harder to Spot

For many years, the standard advice for spotting a phishing email was relatively simple: look for spelling mistakes, poor grammar, and awkward phrasing. That guidance worked reasonably well because many phishing campaigns were mass-produced, poorly translated, and designed to target large numbers of people with minimal effort.

That is no longer a reliable way to identify a malicious email.

Generative AI has significantly changed the quality and sophistication of phishing attacks. Attackers can now produce convincing, professional-sounding messages in almost any language, tone, or writing style within seconds. The obvious warning signs that people were trained to look for are increasingly absent.

Read more →

MFA Is Not Enough on Its Own

Multi-factor authentication (MFA) is one of the most effective security controls an organisation can implement. Accounts protected by MFA are significantly harder to compromise than those relying on a password alone, and enabling it across your organisation is absolutely worthwhile.

However, it is important to understand what MFA does and does not protect against. While it prevents a large proportion of account compromise attempts, several common attack techniques are now specifically designed to bypass it.

Read more →

The Software You Trust Can Be the Weakest Link

When most people think about a cyber attack, they picture someone attempting to breach a firewall or trick a member of staff into clicking a malicious link. Both are common attack methods, but there is another route that organisations often underestimate: compromising a trusted supplier, service provider, or software platform and using that trust as a way into the target environment.

This type of compromise is known as a supply chain attack, and it has become one of the most significant security risks facing organisations of all sizes.

Read more →