Business Continuity Management Systems
WEBINAR: Proactively managing emerging digital threats
Are you adapting your cyber defence strategy? As corporate cyber defences have improved over recent years, organised criminal groups and malicious state actors have discovered new ways of penetrating company systems, based around the exploitation of their digital vulnerabilities, rather than just cyber security or technical weaknesses.
Which types of penetration testing should my organisation invest in?
A proactive cyber security strategy will minimise risk and help you achieve a mature security posture.
The importance of a whole-of-society approach to cybersecurity
The world continues to face a significant cybersecurity workforce shortage - the (ISC)² 2024 Global Cybersecurity Workforce Gap report estimates it to be 4.
Top digital challenges facing companies in 2025
In the rapidly evolving digital landscape of 2025, every organisation faces a huge range of challenges that extend far beyond traditional cyber threats.
Guidelines for the 2025 changes to Cyber Essentials requirements in the education sector
The Department for Education (DfE) is changing its IT security requirements to improve resilience against cyber threats in the education sector.
Automated vs. human-led penetration testing: Which offers more value?
Rapid developments in AI have seen more companies adopting automated penetration testing to identify IT infrastructure vulnerabilities.
From predictions to reality: Digital safety in a year of change
We began this year knowing it was going to be a significant year for digital risk and digital safety. An unprecedented number of elections, brand new online safety legislation under implementation – all taking place against a backdrop of both existing and new conflict and war.
When did you last audit your suppliers?
Many organisations overlook a proactive approach to supply chain management until they experience a data breach or other cyber incident—which can be a very costly mistake.
Five quick wins to reduce your risk of a data breach
What is a data breach? A data breach occurs when sensitive, protected, or confidential information is accessed, shared, or stolen by an unauthorised person.
Unlocking potential: How women can shape Southeast Asia’s digital security landscape
PGI, in collaboration with project management partner Development Alternatives Incorporated (DAI), recently completed a study under the USAID and International Telecommunication Union (ITU) initiative aimed at promoting gender equity and inclusion in cybersecurity across Asia and the Pacific.
Supply chain assurance and effective Business Continuity
Explaining how digital incidents severely impact the real world can be difficult, but we are increasingly seeing cyber incidents that illustrate how malicious actors can impact our daily lives.
Safeguarding critical infrastructure: SCADA testing
The world would be a very different place without industrial automation and Supervisory Control and Data Acquisition (SCADA) systems serve as the backbone.
What is an IT Health Check?
An IT Health Check is an annual assessment required for public sector organisations using the government’s Public Services Network (PSN).
Why do I need an information security gap analysis?
If you’re responsible for or involved with Information Security in your organisation, when you’re planning for the year ahead, your risk and compliance activities likely have a prominent space on your to do list.
Do your digital security measures evolve with technology?
In a recent conversation with colleagues, we were celebrating (and lamenting) the technology available to us in 2023.
Supply chain: Is your security entirely in your hands?
In short, the answer is no. There’s a reason Verizon coined the term, ‘supply chainpocalypse’ in their 2022 Data Breach Investigations Report.
Phishing on Microsoft Teams: What you need to know
There has been a recent uptick in the number of phishing campaigns happening over Microsoft Teams. Though there is a lack of publicly available information on attempts that have happened in the UK, Microsoft has issued an urgent alert warning of a highly sophisticated phishing campaign attributed to the well-known threat actor group Storm-0324.
How can I defend my organisation against Ransomware?
Over the past year, there has been a 13% rise in ransomware attacks (according to Mimecast’s The State of Email Security Report 2023); an increase which equates to the number of attacks in the the previous five years combined.
Phishing assessment services: Tailored vs off-the-shelf
Not a week goes by that we don’t see a headline in the press that mentions something along the lines of “sophisticated phishing attack” or “new phishing attack approach”.
Mitigating the risks of public IP addresses
You’ve heard of IP Addresses, you might even know what they are, but if you need to get a penetration test for your website or web application, why is your cyber security consultant asking about these as well? When it comes to penetration testing your web applications, it’s important to include your public IP addresses in the scope and here’s why.
Breaking down the cost of a cyber attack
We’re all used to articles citing eye-watering figures on what a data breach or ransomware attack can cost an organisation; typically figures ranging from thousands through to millions.
What is password hygiene and why is it important?
Back in 2019, the National Cyber Security Centre shared some of the alarming password practices that came out of research they did into cyber security in the UK.
What is Infrastructure Testing?
Infrastructure Testing is an aspect of penetration testing that is often overlooked by organisations who are looking at improving their cyber security.
The importance of Business Continuity and Resilience
The Ministry of Defence released an ‘Industry Security Notice‘ to “remind readers of the importance of having an effective and up-to-date Business Continuity Plan (BCP)”.
Default settings: Why configuring your systems correctly is crucial
When there’s a cyber security incident, technology is often the first to take the blame, but it’s important to know that many weaknesses manifest in networks, systems, devices and software because they haven’t been deployed and configured correctly, or in some cases, they are still set to a default configuration.
5 things to consider when choosing the right technology for your business
There was a time when procuring new software to streamline a process was fairly straightforward – identify a gap or problem, find a software solution, pay for it, install it (and maybe teach people how to use it).
How to mitigate third-party digital risk
Every organisation is facing a myriad of third-party digital risks; whether that’s criminal-led (the most common), state-led, hacktivists or commercial espionage driven.
Helping nations build cyber security capability: Jamaica
In March 2022, the Government of Jamaica’s Office of the National Security Advisor (ONSA) published the Caribbean Regional Cybersecurity Training Needs Analysis (TNA), which was designed and delivered by Protection Group International (PGI) and funded by the Foreign, Commonwealth and Development Office of the United Kingdom.
Young Omani cybersecurity talents honoured at awards ceremony
Muscat—On 28 March 2022, 24 Omanis who participated in the CyberSafe Incident Response competition were honoured with awards at a UK Oman Digital Hub Event.
What is zero trust?
Three years ago, the UK’s National Cyber Security Centre recommended that, in new IT deployments especially those with connections to the cloud, a zero trust approach should be adopted.
The role of an Incident Response team when an organisation is under attack
Cyber security is now such a threat that, in the early part of 2022, the Government launched a nationwide Cyber Security Strategy.
‘Tis the season that we’re all more vulnerable to cyber attacks
It’s that glorious time of year; we’re spending time with loved ones, going to parties, exchanging gifts and probably taking some time off work.
When is a good time to do a cyber maturity assessment?
Most of us love data, especially when it gives us a sense of progress. I say this as a confirmed FitBit tragic who lives for yet another point on my ‘cardio fitness’ score.
What’s the point of a cyber security maturity assessment?
At worst, information assurance consultancy can risk feeling like paying somebody merely to tell you what you already really know; or even performing work that, at least theoretically, you could do yourself.
The importance of hands-on experience and industry support in cyber security skills development
Skills development is about so much more than attending classroom sessions. To ensure students and trainees are prepared for careers in cyber security, PGI recommends that a mix of practical placements, hands-on labs and mentoring should supplement classroom learning to build the cyber security workforce of the future.
Cyber security as risk management
Many of our first conversations with our clients involve our cyber security consultants aiming to simplify things a bit.
Is my organisation doing cyber security correctly?
A question we often hear from our clients is, “are we on the right track?” Of course, when it comes to digital/cyber risk there is no simple answer for this, there never is.
How much data is your organisation leaking without realising it?
Have your friends and colleagues had their COVID-19 vaccine jab yet? Well, don’t worry about waiting for them to tell you because you can find out from the NHS Digital booking website directly…sort of.
Incident Response: The aftermath of a digital incident
In general, we try not to be too negative when it comes to the likelihood of an organisation, of any size, being hit by a cyber-attack, but for the sake of our clients, we also need to be realistic.
Protection Group International (PGI) teams up with the South West Cyber Resilience Centre
As a private sector partner of SWCRC, PGI’s cyber security experts will be recommended to members if they would like to attain the Cyber Essentials certification or should they come up against a cyber security problem outside the scope of the CRC’s mandate.
PGI Cyber Academy announces CREST-Approved training
In response to increasing demand from its clients—that mandatory training should be aligned with industry recognised certifications—the PGI Cyber Academy has been awarded ‘CREST-Approved’ status for three of its Cyber Threat Intelligence (CTI) training courses, which are aligned to CREST’s CTI exams.
Phishing and operational resilience? Old words, new environment
‘Operational resilience’ has left the world of management buzzwords and is now firmly embedded in operational reality.
AGH and PGI announce next stage of cyber academy partnership
KRAKOW—Earlier this week, the AGH University of Science and Technology in Krakow and British cyber security company, PGI (Protection Group International Ltd) announced that PGI’s UK Government certified role-based cyber security training will now available to Polish clients, including MSPO attendees, at AGH’s state-of-the-art laboratories and technical training facilities.
Cyber security in the healthcare sector
The UK Healthcare sector is currently regarded as the most at-risk sector to cyber attacks. This follows a report by data security provider Clearswift which revealed that last year in the UK, 67% of healthcare organisations experienced a cyber security incident.
Are lack of tech upgrades really a digital security problem?
We recently read an article on lack of tech upgrades contributing to the risk of data breaches. It got us thinking: While we all love the latest and greatest hardware, what’s the real risk? There was a time when hardware ‘usability’ was defined by the requirement for a modern, secure operating system supported appropriately by vendors.
The importance of Identity and Access Management
When we help our clients with their cyber and information security, one area that we sometimes find neglected is identity and access management (IAM).
The continued rise of Business Email Compromise
Back in July 2020, a pair of well-known Instagram users—one of whom had 2. 4 million followers—were extradited to the US to face charges of conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from online crimes.
The cost-effective way to address cyber security skills and diversity gaps
The global cyber security workforce gap is estimated to be 4. 07 million with 35% of organisations unable to fill open cyber security jobs to protect their assets.
Cyber security and remote working
Hybrid working or full remote working arrangements are the norm now, so here are some suggestions for keeping your organisation running smoothly.
UK Oman Digital Hub launches with PGI Cyber Security Training
The UK Oman Digital Hub was launched this month. It aims to enhance collaboration in technology and education between the United Kingdom and the Sultanate of Oman.
What’s the difference between a vulnerability assessment and a penetration test?
We often get enquiries asking for a penetration test, but really the enquirer wants a vulnerability assessment (also referred to as a vulnerability scan).
How your IT department can get the most out of penetration testing
When arriving on site to undertake penetration testing, one very quickly gets a sense of how the local IT staff work.
Is your limited cyber budget invested to maximum effect?
All businesses are at risk of a cyber-attack, so we won’t bore you with a lengthy introduction on how around 30% of businesses will be breached in the coming year, how more than 60% are not adequately prepared and average cost per breach etc.
Common mistakes when engaging a penetration testing consultant
FACT: In 9 out of 10 internal penetration tests we undertake, we are able to achieve a complete compromise of the network due to simple configuration mistakes.
5 reasons your organisation needs a cyber Incident Response plan
Because so many of our business processes depend on technology, most organisations rely heavily on their IT team to keep networks running smoothly and revenue generating activity operating consistently.
Cyber security: Human risk – a car crash waiting to happen
In every Corporate Cyber Security Maturity Model that we conduct across all varieties of corporate clients, two categories repeatedly always score lowest – one of those is ‘Staff Training and Education’ (the other is supply chain management’, but that’s for another blog post).
To hack back or not to hack back
Discussions around ‘hacking back’ are increasing proportionately with the rate and scale of disruptive hostile cyber action on large corporate organisations.
Why organisations can’t afford to forget about data protection and GDPR
You probably can’t believe we’re saying it because it feels like only yesterday that we had GDPR fatigue – constant reminders from every publication, a little fearmongering here and there, and generally an overload of information.
What is whaling?
More than 90% of breaches start with a phishing attack. Hackers are adaptive and opportunistic, so it’s no surprise that some have adapted their phishing attempts so they can land the biggest fish—CEOs and executives—using a technique known as ‘whaling’.
What is a Red Team?
‘Red team’ activities are concerned with offensive security exercises e. g.
What is Social Engineering?
With the wealth of information about business and people available online, it is little wonder that criminals can and do use it for malicious purposes.
Defending against cyber threats while on the road
What would we do without the internet while we’re abroad? Whether it’s looking up directions to the next meeting or trying to find the best place to stop for lunch, we’re always connected.
What is the difference between cyber crime and traditional crime?
Simply put, cyber crime is a crime committed using the means of technology and the internet. Although we talk about cybercrime as a separate entity to traditional crime, it is carried out by the same types of criminals for the same type of reasons.
Information security and the supply chain
As best practice, being able to address security requirements with your critical service providers is consistently included in all of the major cyber security standards.
Managing Cyber Security Risk – Brian Lord’s chapter
Managing Cyber Security Risk – Brian Lord’s chapter Cyber security invasion is an ever-growing threat and should be a source of daily concern for all organisations.
