Business Continuity Management Systems
The importance of due diligence in Information Security
Due diligence is not just a regulatory requirement but a fundamental component of a robust information security strategy.
The importance of a whole-of-society approach to cybersecurity
The world continues to face a significant cybersecurity workforce shortage - the (ISC)² 2024 Global Cybersecurity Workforce Gap report estimates it to be 4.
Top digital challenges facing companies in 2025
In the rapidly evolving digital landscape of 2025, every organisation faces a huge range of challenges that extend far beyond traditional cyber threats.
MEDIA RELEASE: Groundbreaking CREST CAMP Training launched in Kenya
The delivery of training within the CREST CAMP programme was officially launched on 20 January at Strathmore University in Kenya.
From predictions to reality: Digital safety in a year of change
We began this year knowing it was going to be a significant year for digital risk and digital safety. An unprecedented number of elections, brand new online safety legislation under implementation – all taking place against a backdrop of both existing and new conflict and war.
Trust & Safety: A look ahead to 2025
Working within the Trust and Safety industry, 2024 has been PGI’s busiest year to date, both in our work with clients and our participation in key conversations, particularly around the future of regulation, the human-AI interface, and child safety.
Threat Intelligence and the Hydra of decentralised Extreme Right-Wing organisations
Digital threat intelligence helps us respond to harmful entities and their activities online. As our professional investigation capability evolves, so do the online tactics of threat actors themselves, in something of a perpetual cat and mouse game.
PGI joins WeProtect Global Alliance to strengthen the child safety online ecosystem
Protection Group International (PGI) is pleased to announce that it has joined WeProtect Global Alliance to support the creation of a safer online environment for children.
The importance of Business as Usual PCI DSS compliance
Achieving PCI DSS compliance is a significant milestone for any entity that handles cardholder data. But! Maintaining that compliance is just as important, because lapsing into non-compliance can lead to substantial financial penalties, increased fees, and a higher risk of data breaches.
Unlocking potential: How women can shape Southeast Asia’s digital security landscape
PGI, in collaboration with project management partner Development Alternatives Incorporated (DAI), recently completed a study under the USAID and International Telecommunication Union (ITU) initiative aimed at promoting gender equity and inclusion in cybersecurity across Asia and the Pacific.
Journalistic integrity and over-vigilance
A lot has happened in the UK political landscape over the past few months; a landslide election with a significant transition of power, and sweeping waves of riots and political violence.
Supply chain assurance and effective Business Continuity
Explaining how digital incidents severely impact the real world can be difficult, but we are increasingly seeing cyber incidents that illustrate how malicious actors can impact our daily lives.
Electoral Integrity 2024: Reviewing the analysis
“2024 is set to be a monumental year for democracy”. We’re just hitting the 2024 election cycle halfway mark and the first sentence of PGI’s 2024 Digital Threat Forecast already feels modest.
Understanding the PCI DSS v4.0 Customised Approach
PCI DSS v4. 0 became the only authorised standard on 31 March 2024.
Are you prepared for a cyber attack?
Cyber attacks continue to make headline news; every organisation should have considered how they would respond to a major cyber incident.
PCI DSS compliance: What is a Third Party Service Provider?
Navigating the complexities of PCI DSS compliance can be challenging, especially when it comes to understanding the role of Third Party Service Providers (TPSPs).
Safeguarding critical infrastructure: SCADA testing
The world would be a very different place without industrial automation and Supervisory Control and Data Acquisition (SCADA) systems serve as the backbone.
How to spot a pseudo-media outlet
Online influence campaigns are becoming increasingly common as political parties and state actors around the world seek to manipulate public opinion.
How to get buy-in for ISO 27001
Cyber security; when everything is going well, it’s easy for non-tech and non-risk people to underestimate the value of the services they’re paying for and the controls that have been put in place.
2024 Elections – Digital threat forecast
2024 is set to be a monumental year for democracy; with over two billion people across 50 countries going to the polls to elect representatives at local, national, and intra-continental levels.
What is an IT Health Check?
An IT Health Check is an annual assessment required for public sector organisations using the government’s Public Services Network (PSN).
Why do I need an information security gap analysis?
If you’re responsible for or involved with Information Security in your organisation, when you’re planning for the year ahead, your risk and compliance activities likely have a prominent space on your to do list.
Supply chain: Is your security entirely in your hands?
In short, the answer is no. There’s a reason Verizon coined the term, ‘supply chainpocalypse’ in their 2022 Data Breach Investigations Report.
How can I defend my organisation against Ransomware?
Over the past year, there has been a 13% rise in ransomware attacks (according to Mimecast’s The State of Email Security Report 2023); an increase which equates to the number of attacks in the the previous five years combined.
Phishing assessment services: Tailored vs off-the-shelf
Not a week goes by that we don’t see a headline in the press that mentions something along the lines of “sophisticated phishing attack” or “new phishing attack approach”.
Breaking down the cost of a cyber attack
We’re all used to articles citing eye-watering figures on what a data breach or ransomware attack can cost an organisation; typically figures ranging from thousands through to millions.
Where is your data?
The past few years have seen a rise in flexible working, with many of us now in remote and hybrid roles.
What is password hygiene and why is it important?
Back in 2019, the National Cyber Security Centre shared some of the alarming password practices that came out of research they did into cyber security in the UK.
5 benefits of exercising your cyber Incident Response plan
In an ideal world, the security controls you put in place are enough and threat actors have no interest in looking for new vulnerabilities to exploit or developing new approaches to access your systems.
PCI DSS v4.0: What you need to know
In March 2022, the PCI DSS Security Standards Council launched the long-awaited update to the standard, with Version 4.
Default settings: Why configuring your systems correctly is crucial
When there’s a cyber security incident, technology is often the first to take the blame, but it’s important to know that many weaknesses manifest in networks, systems, devices and software because they haven’t been deployed and configured correctly, or in some cases, they are still set to a default configuration.
5 things to consider when choosing the right technology for your business
There was a time when procuring new software to streamline a process was fairly straightforward – identify a gap or problem, find a software solution, pay for it, install it (and maybe teach people how to use it).
How to mitigate third-party digital risk
Every organisation is facing a myriad of third-party digital risks; whether that’s criminal-led (the most common), state-led, hacktivists or commercial espionage driven.
Helping nations build cyber security capability: Jamaica
In March 2022, the Government of Jamaica’s Office of the National Security Advisor (ONSA) published the Caribbean Regional Cybersecurity Training Needs Analysis (TNA), which was designed and delivered by Protection Group International (PGI) and funded by the Foreign, Commonwealth and Development Office of the United Kingdom.
What Is ISO 27002 and why does your business need to know about it?
The International Organization for Standardization (ISO) recently released an update to the ISO/IEC 27002 originally published in 2013.
Young Omani cybersecurity talents honoured at awards ceremony
Muscat—On 28 March 2022, 24 Omanis who participated in the CyberSafe Incident Response competition were honoured with awards at a UK Oman Digital Hub Event.
What is zero trust?
Three years ago, the UK’s National Cyber Security Centre recommended that, in new IT deployments especially those with connections to the cloud, a zero trust approach should be adopted.
The role of an Incident Response team when an organisation is under attack
Cyber security is now such a threat that, in the early part of 2022, the Government launched a nationwide Cyber Security Strategy.
Digital information threat forecast: 2022
Growing hybrid extremism There will be continued challenges in the detection and removal of extremism and disinformation on social media.
Why choose ISO 27001 over other information security frameworks?
ISO 27001 is one of the best known and most recognised internationally agreed set of standards for the specification of information security management systems (ISMS).
‘Tis the season that we’re all more vulnerable to cyber attacks
It’s that glorious time of year; we’re spending time with loved ones, going to parties, exchanging gifts and probably taking some time off work.
When is a good time to do a cyber maturity assessment?
Most of us love data, especially when it gives us a sense of progress. I say this as a confirmed FitBit tragic who lives for yet another point on my ‘cardio fitness’ score.
The evolution of climate change disinformation
With the UN Climate Change Conference (COP26) due to take place in Glasgow from 31 October – 12 November 2022, the PGI Digital Investigations team examined the evolution that climate change disinformation has undergone in recent years, from outright denial of the existence of climate change to partisan politicised manipulation.
What’s the point of a cyber security maturity assessment?
At worst, information assurance consultancy can risk feeling like paying somebody merely to tell you what you already really know; or even performing work that, at least theoretically, you could do yourself.
Gulf women in cyber lead work to address GCC’s cybersecurity skills gap
In collaboration with Ipsos and Protection Group International (PGI), the 2020-2021 cohort of the UK-Gulf Women in Cybersecurity Fellowship Programme has released a report from the first phase of research into cyber skills in the Gulf region, Addressing Cybersecurity Skill Shortages in the GCC Region.
The importance of hands-on experience and industry support in cyber security skills development
Skills development is about so much more than attending classroom sessions. To ensure students and trainees are prepared for careers in cyber security, PGI recommends that a mix of practical placements, hands-on labs and mentoring should supplement classroom learning to build the cyber security workforce of the future.
The evolving use of social media by militant Islamist groups
Militant Islamist organisations have always manipulated the media, whether to publicise their cause, spread their ideology and aims, or recruit new members.
Cyber security as risk management
Many of our first conversations with our clients involve our cyber security consultants aiming to simplify things a bit.
Inauthentic behaviour on social media is fanning the flames of disinformation about Christian Eriksen’s cardiac arrest
In the aftermath of Christian Eriksen’s collapse and subsequent cardiac arrest, PGI uncovered coordinated efforts on social media to amplify false claims that the incident was caused by a COVID-19 vaccine.
Is my organisation doing cyber security correctly?
A question we often hear from our clients is, “are we on the right track?” Of course, when it comes to digital/cyber risk there is no simple answer for this, there never is.
How much data is your organisation leaking without realising it?
Have your friends and colleagues had their COVID-19 vaccine jab yet? Well, don’t worry about waiting for them to tell you because you can find out from the NHS Digital booking website directly…sort of.
Troll well for less: Analysing the racist trolling of the Sainsbury’s Christmas advert
Racism on social media is a pervasive issue and while organic statements of prejudice are commonly expressed on platforms like Twitter, some groups and individuals are leveraging the algorithmic architecture of social media to amplify their hostile beliefs.
Incident Response: The aftermath of a digital incident
In general, we try not to be too negative when it comes to the likelihood of an organisation, of any size, being hit by a cyber-attack, but for the sake of our clients, we also need to be realistic.
Protection Group International (PGI) teams up with the South West Cyber Resilience Centre
As a private sector partner of SWCRC, PGI’s cyber security experts will be recommended to members if they would like to attain the Cyber Essentials certification or should they come up against a cyber security problem outside the scope of the CRC’s mandate.
Malign trolling: Tarnishing reputations and influencing media narratives
The recent online response from inauthentic social media accounts to the events at the Sarah Everard vigil highlights the ongoing and increasing danger of malign trolling activities and their ability to tarnish the reputation of public figures and leverage topical political issues to further conspiratorial and extremist narratives.
PGI Cyber Academy announces CREST-Approved training
In response to increasing demand from its clients—that mandatory training should be aligned with industry recognised certifications—the PGI Cyber Academy has been awarded ‘CREST-Approved’ status for three of its Cyber Threat Intelligence (CTI) training courses, which are aligned to CREST’s CTI exams.
Immunity CANVAS leak: What you need to know - 2020
In 2020, Immunity’s CANVAS exploit platform was leaked to the VirusTotal database; making the usually cost-prohibitive tool available to a much wider audience.
5 ISO 27001 myths that make the Standard seem expensive and difficult
ISO 27001, the gold standard of information security management best practice, or a royal pain in the neck? Let’s be honest; more often than not, organisations don’t implement ISO 27001 for fun, it’s because they don’t have a choice.
The man behind Trump’s Twitter account
Have you ever heard of Dan Scavino? Well, if it makes you feel any better, neither had I until I dived deep into Trump’s now extinct twitter feed.
Parler isn’t the problem: Why de-platforming won’t stop the spread of far-right ideologies in the US
In brief Apple and Google have recently pulled the social networking site Parler from their App stores, stating that the app failed to comply with content moderation requirements.
IMO’s 2021 Cyber Security Regulations are dead ahead
Malicious cyber activity targeting or affecting the maritime sector has soared in 2020 and, with the end of the year fast approaching, so too is the impending deadline for compliance with the International Maritime Organisation’s (IMO) cyber security regulations.
Phishing and operational resilience? Old words, new environment
‘Operational resilience’ has left the world of management buzzwords and is now firmly embedded in operational reality.
Double-extortion ransomware: Two different considerations
Double-extortion ransomware reflects the inevitable evolution of the digital version of kidnap and ransom.
The challenges of PCI DSS compliance
We were already steadily moving towards a cashless society, even before the COVID-19 pandemic hit; banks made it easier for us to use our cards while we are out and about, with contactless payments, and we are certainly spending more time and money doing our shopping online.
AGH and PGI announce next stage of cyber academy partnership
KRAKOW—Earlier this week, the AGH University of Science and Technology in Krakow and British cyber security company, PGI (Protection Group International Ltd) announced that PGI’s UK Government certified role-based cyber security training will now available to Polish clients, including MSPO attendees, at AGH’s state-of-the-art laboratories and technical training facilities.
Cyber security in the healthcare sector
The UK Healthcare sector is currently regarded as the most at-risk sector to cyber attacks. This follows a report by data security provider Clearswift which revealed that last year in the UK, 67% of healthcare organisations experienced a cyber security incident.
Are lack of tech upgrades really a digital security problem?
We recently read an article on lack of tech upgrades contributing to the risk of data breaches. It got us thinking: While we all love the latest and greatest hardware, what’s the real risk? There was a time when hardware ‘usability’ was defined by the requirement for a modern, secure operating system supported appropriately by vendors.
The importance of Identity and Access Management
When we help our clients with their cyber and information security, one area that we sometimes find neglected is identity and access management (IAM).
The continued rise of Business Email Compromise
Back in July 2020, a pair of well-known Instagram users—one of whom had 2. 4 million followers—were extradited to the US to face charges of conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from online crimes.
The cost-effective way to address cyber security skills and diversity gaps
The global cyber security workforce gap is estimated to be 4. 07 million with 35% of organisations unable to fill open cyber security jobs to protect their assets.
Ransomware attacks continue – as do ransom payments
Not a month goes by that we don’t see that another organisation has suffered a ransomware attack. In fact, in the last month we’ve even seen global car manufacturer Honda become a victim, along with several lesser-publicised organisations, including the city of Florence, Alabama in the US.
Unregulated Social Media: Havens for hate?
Unregulated social media – in brief Stricter regulations on large social media platforms are driving some extremists to smaller, unregulated networks.
What is the difference between misinformation and disinformation?
The terms misinformation and disinformation are often used interchangeably, but they do differ in nuance.
Keeping an eye on COVID-19 cyber security risks
As the world deals with the COVID-19 pandemic, cyber security issues may have taken a backseat for both individuals and companies.
Cyber security and remote working
Hybrid working or full remote working arrangements are the norm now, so here are some suggestions for keeping your organisation running smoothly.
Two years of GDPR: Clarifying personal data [Infographic]
The 25th May 2020 will mark the two-year anniversary of the implementation of the General Data Protection Regulation, also known as the GDPR (and sometimes referred to as the bane of your DPO’s existence).
Cyber breaches: People in glass houses shouldn’t throw stones
One of the issues highlighted by the Travelex incident—and the reaction to it—is the extraordinarily high level of culpability and scorn that continues to be attached to corporate victims of cyberattacks.
Changes to the Data Security and Protection Toolkit (DSPT) for 2019/2020
Keeping data safe is an ongoing process—once a regulation or process is in place, the body responsible for monitoring compliance will always be looking into ways to improve the measures.
The importance of checking Firewall Rules and PCI DSS
Requirement 1 in the Payment Card Industry Data Security Standard (PCI DSS) is largely concerned with firewalls and how they are such a critical protection mechanism for network security.
UK Oman Digital Hub launches with PGI Cyber Security Training
The UK Oman Digital Hub was launched this month. It aims to enhance collaboration in technology and education between the United Kingdom and the Sultanate of Oman.
What’s the difference between a vulnerability assessment and a penetration test?
We often get enquiries asking for a penetration test, but really the enquirer wants a vulnerability assessment (also referred to as a vulnerability scan).
PGI partners with Qatar University to develop cyber training capability
Protection Group International yesterday signed a Memorandum of Understanding with Qatar University College of Engineering (QU-CENG) KINDI Center for Computing Research to partner on developing a Cyber Academy at Qatar University.
How your IT department can get the most out of penetration testing
When arriving on site to undertake penetration testing, one very quickly gets a sense of how the local IT staff work.
Is your limited cyber budget invested to maximum effect?
All businesses are at risk of a cyber-attack, so we won’t bore you with a lengthy introduction on how around 30% of businesses will be breached in the coming year, how more than 60% are not adequately prepared and average cost per breach etc.
Cyber security training and combating the same old recruitment problems
Let’s face it, the security industry is confusing. On one hand, we‘re telling organisations to educate staff better, secure systems, create useful policies, and employ more staff with skills and knowledge to protect data and operational systems.
Cyber education for your workforce: Where to start
Governments, corporates and SMEs all need increased protection to counter the ever-present and changing cyber threat.
Understanding the NIS Directive (NISD) and how to be compliant [Video]
In this video, PGI’s CEO, Brian Lord discusses the basics of the NIS Directive (NISD), the concerns and risks, and how to begin the process of becoming compliant without reinventing the wheel or implementing an unnecessary or expensive framework.
Information security: The choice between Cyber Essentials and ISO 27001
We know information security is a complex world – there are a lot of initialisms and controls and, often, knowing where to start is the hardest part.
Common mistakes when engaging a penetration testing consultant
FACT: In 9 out of 10 internal penetration tests we undertake, we are able to achieve a complete compromise of the network due to simple configuration mistakes.
5 reasons your organisation needs a cyber Incident Response plan
Because so many of our business processes depend on technology, most organisations rely heavily on their IT team to keep networks running smoothly and revenue generating activity operating consistently.
What is NISD and how it impacts the OES community
In the 21st Century, many of our essential services—health, transport, energy, water and digital infrastructure in particular—have become heavily reliant on networks, technology and internet connected service delivery.
How a hacker will access your network
It has become rather cliché to say that data is now more valuable than oil, but for many organisations, it’s absolutely true.
The Data Protection Act: What is personal data?
You may have seen in the news recently that the pregnancy and parenting club, Bounty have been fined £400,000 by the Information Commissioner’s Office (ICO) for illegally sharing 34.
Cyber security: Human risk – a car crash waiting to happen
In every Corporate Cyber Security Maturity Model that we conduct across all varieties of corporate clients, two categories repeatedly always score lowest – one of those is ‘Staff Training and Education’ (the other is supply chain management’, but that’s for another blog post).
To hack back or not to hack back
Discussions around ‘hacking back’ are increasing proportionately with the rate and scale of disruptive hostile cyber action on large corporate organisations.
Why organisations can’t afford to forget about data protection and GDPR
You probably can’t believe we’re saying it because it feels like only yesterday that we had GDPR fatigue – constant reminders from every publication, a little fearmongering here and there, and generally an overload of information.
6 things you will learn about your organisation from a penetration test
A penetration test will help you understand your technical vulnerabilities. But, that’s not all.
What is whaling?
More than 90% of breaches start with a phishing attack. Hackers are adaptive and opportunistic, so it’s no surprise that some have adapted their phishing attempts so they can land the biggest fish—CEOs and executives—using a technique known as ‘whaling’.
What is a Red Team?
‘Red team’ activities are concerned with offensive security exercises e. g.
What is Social Engineering?
With the wealth of information about business and people available online, it is little wonder that criminals can and do use it for malicious purposes.
Filling the cyber security knowledge gap in your organisation
Every year, businesses of all sizes lose money to increasingly innovative cyber criminals. To exacerbate this problem, there are too few cyber security professionals globally to complete all the work required to protect and defend critical systems; the estimated gap is at least 1 million.
Defending against cyber threats while on the road
What would we do without the internet while we’re abroad? Whether it’s looking up directions to the next meeting or trying to find the best place to stop for lunch, we’re always connected.
Fake news and trusted sources
In the age of fake news, as individuals we are being encouraged to check the sources of information that we use.
What is the difference between cyber crime and traditional crime?
Simply put, cyber crime is a crime committed using the means of technology and the internet. Although we talk about cybercrime as a separate entity to traditional crime, it is carried out by the same types of criminals for the same type of reasons.
PGI Cyber Academy courses available in Southeast Asia
PGI Cyber Academy courses available in Southeast Asia PGI has partnered with the Malaysia Digital Economy Corporation (MDEC) and Asia Pacific University (APU) to train 72 Malaysians as Cyber Security Incident Responders.
Cyber Career Conversion Programme: Armed Forces to cyber
Joseph Chmiel, Cyber Career Conversion Programme participant Prior to the Cyber Career Conversion Programme I served as a Captain in the British Army’s Intelligence Corps.
Diversity deficient cyber security industry: Skills gap made worse
The cyber gap, the difference between the demand for cyber security professionals and their supply, is projected to reach 1.
Information security and the supply chain
As best practice, being able to address security requirements with your critical service providers is consistently included in all of the major cyber security standards.
Jordan Design and Development Bureau (JODDB) launches a cyber security academy with UK Cyber training specialists PGI
The Jordan Design and Development Bureau (formerly, the King Abdullah II Design and Development Bureau) announced the launch of its Cyber Security Academy at the Special Operations Forces Exhibition and Conference (SOFEX).
Managing Cyber Security Risk – Brian Lord’s chapter
Managing Cyber Security Risk – Brian Lord’s chapter Cyber security invasion is an ever-growing threat and should be a source of daily concern for all organisations.
PCI DSS: A terminology and acronym minefield
We’ve all been there; you’re talking to someone who throws an acronym at you that you’ve never heard before, or worse, you have heard it, but it means something totally different in the context of your conversation (or you’ve forgotten).
PCI DSS: Ensuring ongoing compliance
Once a status of compliance has been successfully achieved, the last thing an organisation wants is to drop its guard and lapse into a state of non-compliance the following year.
PGI chosen to build cyber security skills in Malaysia
Malaysia Digital Economy Corp (MDEC) has partnered with Protection Group International to build a cyber training academy at APU (Asia Pacific University), to protect and enhance Malaysia’s digital economy and build cyber security training capability across the Asia-Pacific region.
PGI presents methodology for developing national cyber security skills at 1st AFCEA Jordan Cyber Security Conference
Sebastian Madden, Chief Corporate Development Officer, PGI The AFCEA Jordan chapter hosted its first annual cyber security conference ‘Secure the Future through Cyber Protection’ on 11-13 December.
PGI and AGH University to build a cyber academy in Poland
Protection Group International and Jerzy Lis, Vice-Chancellor for Cooperation for AGH University of Science and Technology signed an agreement in Krakow, Poland on 18 October declaring their intent to work together to deliver cyber security training and develop a cyber academy to build professional skills in cyber security.
PGI’s Cyber Academy hosts the UK’s first boot camp to reform teenage hackers
PGI and The National Crime Agency has started the UK’s first ‘rehab’ course for hackers. As one hard-hitting headline after another details the targeting of our public and financial services, it is becoming painfully clear that cyber insecurity is one of the greatest threats we face as a nation.
