Insights

Practical thinking on cybersecurity, programme delivery, and risk

Explore Attomus perspectives on cyber risk, programme delivery, operational resilience, and the issues that shape real decisions.

Insights focus

Written to support decisions, not just fill a blog

Attomus shares practical insight on resilience, technology delivery, specialist security, and operational risk.

cybersecurity culture CISO

Using Organisational Culture to Improve Cyber Security

We consistently recommend that you build a resilient business where cyber-security a priority. But what does organisational culture have to do with improving cyber-security? As most managers and CISOs know, one of the least static areas of business is cyber security. That’s because more than half of the fraud in the UK is conducted online. Therefore, in light of mounting attacks, it’s important to increase awareness at the company level. Plus, to ensure your cybersecurity policies are effective, you must get buy-in and action from all levels of staff. When you do, you can use organisational culture to improve cyber security.

Read article
ciso security

Managing Third-Party Risk - the Importance of Real-Time Intelligence

Managing third-party risk is inevitable when you work with vendors, suppliers, contractors, and business partners. And the harrowing thing is that you have no control over their networks or security. On-off or snapshot assessments of third-party risks still leave your business vulnerable as neither your business nor the third-party’s operates in a static environment. As things change in real time, you need real-time intelligence to manage third-party risk in your firm.

Read article
crime cybersecurity

The State of Cyber Crime in the UK

Cyber-crime in the UK is on the rise. And the readiness of most firms to meet these challenges leave much to be desired for many local and regional businesses. In the UK alone, the Cabinet Office has estimated the cost of cyber-crimes on the economy at £27bn. At least an estimated £9.2bn of that is related to just the theft of IP from UK businesses. Companies bear the brunt of these financial losses. And unless our firms take firm security measures, we will continue to see a rise in breaches, hacks, espionage, and thefts from cyber-crime.

Read article
security insider-threat CISO

Insider Threats: A CISO Nightmare

With insider threats, your biggest assets become your biggest risks. One of today’s most damaging security threat comes from trusted insiders. Insider threats can come from anyone in your organisation, from those with the highest access to your company data to those who you think have no access at all. Your insiders are both employees and third parties. The risk is at all levels. Its no wonder that 25% of all security incidents involve company insiders.

Read article
cybersecurity malware security

A live malware infection - a real life study (Part 1)

We recently assisted a client that was aggressively hit with a phishing campaign. Following a couple of successful compromises they found themselves faced with an escalation with the malware attempting to impersonate staff, both emailing their customers and pivoting to attack the admin users in a secondary phishing attack. What made things a little more interesting than the usual kiddy attack was that the initial malware was not carrying a particularly nefarious payload, which meant that it escaped the usual malware detection that the client had deployed.

Read article