Aon plc is a British multinational professional services firm that sells a range of financial risk-mitigation products, including insurance, pension administration, and health-insurance plans.
Ransomware: Concentrate on controls
The Ransomware epidemic is causing major problems for organisations in all sectors across the globe, but there are some simple IT security steps that can be taken to help harden your organisation’s security posture. This episode will discuss common attack routes, latest trends in entry and exfiltration processes from a network and methods to proactively identify these risks and implement adequate security measures.
Social Engineering: Strengthening your front line
Approved procedures and guidelines are the baseline for managing the human element of your organisation’s security. In our Red Team and Social Engineering work we have seen that with concerted effort and a little bit of creativity, it is possible for employees to circumvent these procedures and perform actions they should not do. This episode reflects on the techniques used to elicit undesirable behaviour from your staff, as well as how some basic principles can have great results when training staff on how to recognise and resist social engineering attacks.
PSD2: The next step in banking
PSD2 is a huge step away from the traditional banking model in the UK and EU. It mandates that banks must allow authorised 3rd party service providers to access their highly sensitive information - a task never asked of them before. Clients are increasingly seeking advice and guidance on performing this securely. This episode focuses on the challenges that PSD2 brings to banks and how they can best prepare for them.
Know your partners: Third-party product assurance
Most organisations will use many third-party products within their IT infrastructure, yet few perform thorough security assessments of these and understand all risks associated with them. This episode looks at how our cyber security teams have helped many organisations holistically assess their risk from third-party products and vendors, providing a level of detail and assurance beyond that which is typically given by the vendor.
IoT Secure by Design: What is the way forward?
The DCMS (Department for Digital, Culture, Media and Sport) has introduced 13 principles as guidelines for device manufacturers. In this episode we discuss the DCMS approach to security issues in internet connected devices and look at other standards in the industry., We also look at what the real-world implications of legislation are, whether increased market regulation will help and what courses of action should be taken by governments, industry bodies, manufacturers and consumers.
Medical Device Regulation: Where are we now?
As the medical device market grows fuelled by COVID-19, and with the increased need for telemedicine, in this episode we look at the programme of security around these devices across their lifecycle including support. More organisations are moving into this space, including many start-ups and new businesses with less mature cyber security postures. EU legislation may potentially be introduced to drive an increased focus on security - but where are we now?