Damien Childs

After years of work, we have decent security standards, but we'll continue to struggle until we adopt security by default. Take the relationship between TLS 1.2 and 1.3, for example. Both protocols can provide reasonable security, but TLS 1.2 supports a kitchen sink of options, and you need to know what you're doing to configure it correctly. TLS 1.3, on the other hand, just works, no further work needed. This is just one example; there are dozens of standards and situations for everyone to consider when it comes to their network infrastructure. Until we get security by default, the only way to stay ahead is to have comprehensive configuration monitoring to catch problems and drift. I created Hardenize to solve exactly this problem. Our free test is still available at hardenize.com, and the commercial product has been rolled into Red Sift's. Now that Mail Check and Web Check are being retired, I am very happy that there is still a way for Hardenize to continue to serve.

13

1 Comment

Fun writing this, bringing it back to the North West but the implications do stretch beyond the region. We consistently over-focus on the likelihood of cyber incidents happening in comparison to understanding the impact of them when they do. Some thoughts here on what that means and what we can do differently.

13

MDR sharpens visibility. Because resilient businesses need a clearer lens. In today’s cyber landscape, what you don’t see often matters more than what you do. Modern security teams face an overload of alerts. MDR steps in to give clarity where it matters most: - Filters noise so only real threats demand attention - Adds context to alerts for faster understanding - Guides action with expert-driven recommendations - Accelerates decisions when time is critical - Strengthens resilience by spotting what tools alone may miss MDR makes your defenses sharper, faster and more reliable. Graftronics is a Sophos MDR partner, transforming IT teams across organizations in multiple industries. Reach out to us for assessing MDR for your setup. - Vimesh Avlani Managed Detection & Response | Cyber Resilience | Trusted by Mid-Market CXOs

20

4 Comments

CISA and UK NCSC Release Joint Guidance for Securing OT Systems Release Date September 29, 2025 CISA, in collaboration with the Federal Bureau of Investigation, the United Kingdom’s National Cyber Security Centre, and other international partners has released new joint cybersecurity guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture (https://lnkd.in/euEz8jyd). Building on the recent Foundations for OT Cybersecurity: Asset Inventory Guidance for Owners and Operators, this guidance explains how organizations can leverage data sources, such as asset inventories and manufacturer-provided resources like [software bill of materials] to establish and maintain an accurate, up-to-date view of their OT systems. A definitive OT record enables organizations to conduct more comprehensive risk assessments, prioritize critical and exposed systems, and implement appropriate security controls. The guidance also addresses managing third-party risks, securing OT information, and designing effective architectural controls. Key recommendations include: * Collaborating Across Teams: Foster coordination between OT and IT teams; * Aligning with Standards: Follow international standards such as IEC 62443 and ISO/IEC 27001. Organizations are encouraged to use this guidance to strengthen their OT security posture and reduce risks. For additional details, review the full guidance: Creating and Maintaining a Definitive View of Your Operational Technology (OT) Architecture (https://lnkd.in/ejrPCm4S) https://lnkd.in/eBEdW3tm

3

𝐁𝐞𝐲𝐨𝐧𝐝 𝐭𝐡𝐞 𝐏𝐞𝐫𝐢𝐦𝐞𝐭𝐞𝐫: 𝐓𝐡𝐞 𝐍𝐞𝐰 𝐅𝐫𝐨𝐧𝐭𝐢𝐞𝐫 𝐨𝐟 𝐂𝐲𝐛𝐞𝐫 𝐃𝐞𝐟𝐞𝐧𝐜𝐞 💻 In an era where digital threats evolve faster than our defences, the traditional model of cybersecurity is no longer sufficient. It's not just about building a stronger wall around our systems; it's about integrating resilience, agility, and innovation into the very fabric of our operations. The partnership between ALTEN LTD - UK, Methods, and Quick Release_ highlights this critical shift, offering a compelling blueprint for the future of cyber defence. The battlefield has expanded. A nation's defence capability now hinges as much on the integrity of its data and digital infrastructure as it does on its physical assets. Cyberattacks targeting supply chains, critical data, and operational technology can cripple readiness and erode strategic advantage. The challenge, emphasising the need to 𝐛𝐮𝐢𝐥𝐝 𝐭𝐡𝐞 𝐰𝐨𝐫𝐤𝐟𝐨𝐫𝐜𝐞, 𝐚𝐜𝐜𝐞𝐥𝐞𝐫𝐚𝐭𝐞 𝐝𝐞𝐥𝐢𝐯𝐞𝐫𝐲, and  𝐥𝐞𝐯𝐞𝐫𝐚𝐠𝐞 𝐢𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐨𝐧 providing a holistic approach that recognises cyber defence as a core component of operational readiness. This is where the power of a multidisciplinary partnership becomes clear. While Methods brings its expertise in 𝐝𝐢𝐠𝐢𝐭𝐚𝐥 𝐭𝐫𝐚𝐧𝐬𝐟𝐨𝐫𝐦𝐚𝐭𝐢𝐨𝐧 𝐚𝐧𝐝 𝐜𝐲𝐛𝐞𝐫 𝐫𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞, ensuring data is secure and systems are robust, Alten’s deep 𝐞𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐚𝐧𝐝 𝐭𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐲 𝐬𝐞𝐫𝐯𝐢𝐜𝐞𝐬 can embed security from the design phase of a new system. Meanwhile, Quick Release’s mastery of 𝐩𝐫𝐨𝐝𝐮𝐜𝐭 𝐝𝐚𝐭𝐚 𝐦𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 ensures that the vast amount of data generated by modern defence systems is a strategic asset, not a vulnerability. Ultimately, the future of cyber defence is not about a single solution or a piece of software. It’s about a comprehensive strategy that connects people, processes, and technology. It’s about creating an ecosystem of 𝐬𝐞𝐜𝐮𝐫𝐞, 𝐝𝐚𝐭𝐚-𝐝𝐫𝐢𝐯𝐞𝐧, 𝐚𝐧𝐝 𝐢𝐧𝐧𝐨𝐯𝐚𝐭𝐢𝐯𝐞 capabilities that can withstand and adapt to the threats of today and tomorrow. The Alten Defence partnership represents a significant step towards this vision, proving that true security is found not just in walls, but in seamless, strategic collaboration. #DSEI2025 #DSEI #Defence #DefenceIndustry #CyberSecurity #CyberDefence #DefenceTech #Aerospace #Security #Innovation #StrategicPartnership #Military #NationalSecurity #London #Methodsforgood

17

2 Comments

Exciting news! This new standard is one you will want to become familiar with & provide feedback on given its potential impact on other standards such as PCI DSS, PCI PIN, P2PE, etc... #PCIDSS

24

Glasgow City Council announced on Wednesday being impacted by a cyber incident which it said was “disrupting a number of online services and which may have involved the theft of customer data.” The nature of the incident hasn’t been confirmed. It was uncovered by the council’s IT supplier CGI last week, “on servers managed by a third-party supplier,” according to the council’s statement. Day-to-day digital and online services have been disrupted by the council taking the affected servers offline. Its statement included an apology “for the anxiety and inconvenience this incident and the necessary response to it will undoubtedly cause.” #cybersecurity #CNI #Glasgow

17

CYSIAM’s David A. speaks about the importance of high risk supply chains such as in the UK Defence sector using credible partners that understand the adversaries they face. #CYSIAM #DefenceSupplyChain #cybersecurity

5

Chris Roberts speaking against a punitive approach via phishing tests, with Avishai Avivi on the CISOnomics podcast. Links in comments👇

Defence Holdings is pleased to announce the appointment of Jim Clover OBE to its Advisory Board. Jim is a former UK national security and cyber operations senior leader, with over 25 years’ experience across cyber operations, open-source intelligence and digital forensics. He previously served as Deputy Director of Cyber Operations within HM Government, with senior responsibility for cyber and digital activity in support of UK Defence and national security objectives, including work with allied partners. He was awarded an OBE for services to UK and overseas national security. Jim’s appointment significantly strengthens the Advisory Board’s depth of experience across Defence, national security and cyber operations. It directly supports the expansion of Defence Technologies’ National Security pillar, as the Group builds defence-led, mission-aligned software capability for real operational environments. As software, data and decision advantage continue to shape modern Defence, board-level insight grounded in operational delivery is critical. Jim’s experience brings valuable perspective as Defence Holdings advances from capability development into deployment-aligned delivery.

119

4 Comments

The UK National Cyber Security Centre (NCSC) has reported a doubling in the number of "nationally significant" cyber incidents between September 2024 and May 2025 compared to the same period the previous year. NCSC CEO Richard Horne revealed this during his keynote at the CYBERUK conference in Manchester, stating that the agency has handled more than 200 incidents overall since September 2024. Link in comments #cybersecurity #ncsc #cyberuk #management #technology #threats

11

1 Comment

Fantastic new partnership between Institute of Directors (IoD) an Cyber Innovation Hub to deliver cyber awareness and leadership training to Directors and Board members 🙌🏻

12

The inclusion of intelligence capacity within the organisation, combined with access to broader analysis expertise, creates a strong and resilient risk management model.

7

Supply chain cyber attacks are increasing, yet just 14% of UK businesses assess the cyber risks posed by their immediate suppliers. The Cyber Essentials Supply Chain Playbook will provide your team with the resources and guidance to help you embed a baseline cyber security standard throughout your supply chain. Act now to protect your organisation against common cyber attacks and strengthen the UK’s position as a secure, trusted environment for investment and innovation.

9

Jaguar Land Rover hit by major cyber incident — 𝗽𝗿𝗼𝗱𝘂𝗰𝘁𝗶𝗼𝗻 & 𝘀𝗮𝗹𝗲𝘀 disrupted JLR reported a significant cybersecurity incident that forced shutdowns across retail and production systems while recovery proceeds in a “controlled” manner. Early statements say no evidence of customer data compromise, but operational downtime highlights sector-wide exposure to ransomware/business disruption campaigns. Suppliers should prepare for cascading effects. 🔗 https://lnkd.in/dNuwD2is #Ransomware #Manufacturing #Automotive #OTSecurity #Akamai

3