Chris Hodson

BREAKING: Middlesbrough Council has allocated £25,000 to cyber security for the next 12 months - safeguarding £300 million in public funds, services, and citizen data. That’s 0.0083% of annual turnover. Or £0.11 per resident. Or roughly the cost of a mid-range firewall and a motivational poster about password hygiene. In an era of ransomware-as-a-service, AI-driven fraud, and cascading supply chain breaches, this is a bold gesture - not toward resilience, but toward plausible deniability. What does £25,000 buy you in 2025? • A phishing simulation, two awareness emails, and a laminated “Think Before You Click” sign • A procurement trail proving “something was done” • A future FOI response that reads: “Cyber security measures were in place at the time.” Obviously tongue in cheek, as hopefully they’ve allocated more budget and resources toward cyber security than this, but it got my attention anyway. :) #CyberSecurity #LocalGovernment #DigitalRisk #SymbolicSpending #Middlesbrough #PublicSectorPriorities #Procurement #Accountability #LinkedInIrony

204

82 Comments

*** 𝗖𝗣𝗗𝗣 𝗖𝗼𝗻𝗳𝗲𝗿𝗲𝗻𝗰𝗲 𝟮𝟬𝟮𝟱 *** First day of an insightful week at Computers, Privacy and Data Protection (CPDP) Conference as the EDPS actively engages in discussions on a range of key topics, from the evolving landscape of AI to combatting spyware and enhancing vulnerability management. Today, we had the opportunity to discuss: 𝗔𝗜'𝘀 𝗜𝗺𝗽𝗮𝗰𝘁 𝗼𝗻 𝗙𝘂𝗻𝗱𝗮𝗺𝗲𝗻𝘁𝗮𝗹 𝗥𝗶𝗴𝗵𝘁𝘀 Supervisor, Wojciech Wiewiorowski, shared his insights in a panel organised by the European Union Agency for Fundamental Rights titled "𝘈𝘴𝘴𝘦𝘴𝘴𝘪𝘯𝘨 𝘍𝘶𝘯𝘥𝘢𝘮𝘦𝘯𝘵𝘢𝘭 𝘙𝘪𝘨𝘩𝘵𝘴 𝘙𝘪𝘴𝘬𝘴 𝘰𝘧 𝘈𝘐: 𝘖𝘱𝘱𝘰𝘳𝘵𝘶𝘯𝘪𝘵𝘪𝘦𝘴 𝘢𝘯𝘥 𝘊𝘩𝘢𝘭𝘭𝘦𝘯𝘨𝘦𝘴 𝘈𝘩𝘦𝘢𝘥". The discussion focused on navigating the delicate balance between leveraging AI for societal benefits and safeguarding fundamental rights. In his intervention, the Supervisor spoke about the AI Act reinforcing the protection of fundamental rights, including the right to data protection, by requiring every high-risk AI system to undergo a prior identification and analysis of known and reasonably foreseeable risks to fundamental rights, and mandates the adoption of appropriate measures to mitigate any such risks. “The AI Act complements existing regulatory frameworks, therefore its implementation raises a number of challenges, in terms of interplay and possible overlapping - he said. Cooperation is the key word. The multiplication of regulatory frameworks is a response to the development of new technologies, which have profound implications on our societies, for better or for worse. Their effective implementation requires a close and strong cooperation among all stakeholders. At the EU level, we have launched the Digital Clearinghouse 2.0 to foster collaboration among competent authorities. 𝗦𝘁𝗿𝗲𝗻𝗴𝘁𝗵𝗲𝗻𝗶𝗻𝗴 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆: 𝗖𝗼𝗺𝗯𝗮𝘁𝗶𝗻𝗴 𝗦𝗽𝘆𝘄𝗮𝗿𝗲 Anna Buchta, Head of Policy and Consultation Unit, contributed to the Society for Civil Rights panel discussion "𝘊𝘭𝘰𝘴𝘪𝘯𝘨 𝘵𝘩𝘦 𝘋𝘪𝘨𝘪𝘵𝘢𝘭 𝘉𝘢𝘤𝘬𝘥𝘰𝘰𝘳: 𝘚𝘵𝘳𝘦𝘯𝘨𝘵𝘩𝘦𝘯𝘪𝘯𝘨 𝘝𝘶𝘭𝘯𝘦𝘳𝘢𝘣𝘪𝘭𝘪𝘵𝘺 𝘔𝘢𝘯𝘢𝘨𝘦𝘮𝘦𝘯𝘵 𝘵𝘰 𝘊𝘰𝘮𝘣𝘢𝘵 𝘚𝘱𝘺𝘸𝘢𝘳𝘦." The panel addressed critical strategies to enhance cybersecurity measures and protect against the threat of spyware. 𝗘𝗻𝗳𝗼𝗿𝗰𝗶𝗻𝗴 𝗗𝗮𝘁𝗮 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗶𝗻 𝗔𝗜 Fanny Coudert, Deputy Head of Supervision and Enforcement Unit, moderated the EDPS panel "𝘕𝘢𝘷𝘪𝘨𝘢𝘵𝘪𝘯𝘨 𝘙𝘦𝘨𝘶𝘭𝘢𝘵𝘰𝘳𝘺 𝘊𝘰𝘮𝘱𝘭𝘦𝘹𝘪𝘵𝘪𝘦𝘴: 𝘌𝘯𝘧𝘰𝘳𝘤𝘪𝘯𝘨 𝘋𝘢𝘵𝘢 𝘗𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘪𝘯 𝘵𝘩𝘦 𝘍𝘪𝘦𝘭𝘥 𝘰𝘧 𝘈𝘐". This session explored the challenges and solutions to ensure robust data protection in the fast-paced world of AI development. Follow us to stay up to date on Day 2 of #CPDP25!

49

1 Comment

📢 Cycode Bulletin; Understanding the GitHub Actions tj-actions/changed-files Supply Chain Attack To help you understand, mitigate and recover quickly from this incident, we sat down with Alex Ilgayev, Cycode's Head of Security Research to cover the 'must-know' details of the tj-actions/changed-files incident. Watch the bulletin where Alex Ilgayev covers: 1️⃣ The ‘must-know’ details of the incident 2️⃣ Step-by-step guidance on securing your repositories 3️⃣ How to prevent future supply chain attacks 👇 All the tools & resources covered are linked below in the comments 👇 Don't hesitate to reach out to Alex Ilgayev or the team at cycode.com if you are looking for 1:1 support. #GitHubActions #SupplyChainSecurity #DevSecOps #Cybersecurity #Cycode

46

4 Comments

❗New Research - Cyber Security in CNI 2025❗ At last week's CNI Cyber Security Summit, we launched our annual research looking at the top cyber threats, trends and challenges facing UK CNI organisations in 2025. Now in it's fifth consecutive year, the research surveyed over 600 respondents across critical sectors. Some of our key findings were: 👉95% of organisations surveyed have experienced a data breach 👉41% of CNI organisations rank data protection as one of their biggest security challenges. 👉37% of CNI organisations have experienced costs in excess of £500,001 due to ransomware Read more ➡️ https://lnkd.in/eC8ceFsQ #CNIResearch2025 #CyberSecurity

28

1 Comment

🚨 Fresh off the press: Sifted’s “22 Cybersecurity Startups to Watch 2025” is out today, and our Investment Manager James Baker is one of the VCs spotlighting the next wave of cyber innovators. Here are the two UK teams on James’s radar: 🔹stealthium.io – real-time threat detection for machine-learning models running at the edge 🔹Sense Defence AI – an adaptive web-application firewall that learns and responds as fast as the attackers do These founders are tackling the hardest security gaps emerging as AI weaves into critical infrastructure and internet-scale apps. That’s exactly the kind of purposeful innovation we champion at Amadeus. 🔗 Read the full Sifted list: https://lnkd.in/eaU2N7dy Building a deep-tech solution that keeps systems safe? Let’s talk. #Cybersecurity #DeepTech #AI #Startups #VentureCapital

31

Why should yesterday's £3 million fine issued after ransomware attack – be a wake-up call for UK SMEs? The ICO has just fined a UK software provider £3 million following a 2022 ransomware attack, citing poor security practices and avoidable failures that left customer data exposed. 👉 Read the full article here via link in the comments Why is this significant? Because this wasn’t a huge multinational. This was a software provider servicing UK businesses – many of them probably like yours and mine. Here’s what stood out: • ⚠️ The company hadn’t applied security updates three years after known vulnerabilities were published. • 🔐 Weak passwords and lack of multi-factor authentication (MFA) gave attackers a much easier route in. • 📉 The fine wasn’t for being hacked. It was for failing to take reasonable and expected steps to protect sensitive data. If you’re a small or mid sized business owner, you might assume your company isn’t a target. But attackers increasingly target SMEs because they assume – often rightly – that security might be less robust. This case is a reminder that basic cyber hygiene isn’t just good practice – it’s a regulatory and reputational necessity. If you’re not sure where to start: • Review patch management processes. • Make sure MFA is on literally everything. • Audit where sensitive data lives – and who has access. • And if you’re not confident in your current IT provider’s approach to security, challenge it. Happy to chat or point you towards practical resources if you need a starting point. Let’s keep raising the bar – before the ICO or a hacker makes the point for us. #CyberSecurity #SMEs #DataProtection #Leadership #ICO #Ransomware #BusinessResilience

27

1 Comment

The UK Cyber Team is in Warsaw for the European Cybersecurity Challenge 2025 👩‍💻      It’s bringing together top young talent from 38 countries for challenges in cryptography, forensics and a live attack and defence simulation.      This government funded team delivered with the SANS Institute will showcase advanced skills and solidify the country’s commitment to producing future cyber professionals with exciting careers. 

142

4 Comments

When security is non-negotiable, you choose a platform you can trust 💪  That’s exactly what the British Army did, when they partnered with Cantarus to transform their outdated website into a scalable, secure, and accessible platform powered by Umbraco CMS, hosted on Microsoft Azure.   Working to strict requirements for data protection, user experience, and editorial flexibility, the project delivered: ✔️ 14% increase in task success ✔️ 46-second drop in average task completion time ✔️ Daily clicks to the job site doubled from 2,000 to 4,000 ✔️ Key recruitment tasks saw up to a 67.5% improvement   The result is a future-ready website that’s more than just a redesign. It’s a modern engagement platform supporting recruitment, public engagement, and continuous digital optimisation.   A standout example of what’s possible when flexibility, accessibility, and trust come together in one solution. Explore the case study here: https://lnkd.in/dRftJkS8

72

5 Comments

𝐎𝐯𝐞𝐫 𝟐𝟓% 𝐨𝐟 𝐔𝐊 𝐁𝐮𝐬𝐢𝐧𝐞𝐬𝐬𝐞𝐬 𝐇𝐢𝐭 𝐛𝐲 𝐂𝐲𝐛𝐞𝐫-𝐀𝐭𝐭𝐚𝐜𝐤𝐬 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐚𝐬𝐭 𝐘𝐞𝐚𝐫 🇬🇧 The Royal Institution of Chartered Surveyors (RICS) revealed that more than 27% of UK businesses experienced a cyber attack(s) in the past year. That's a significant - and unignorable - increase from last year's 16%. RICS warns that many firms risk "sleepwalking" into disruption unless they act fast. And it's not that business leaders are unaware. 73% of those surveyed fully expect their operations to be disrupted due to a cyber event within 12 to 24 months. So why the disconnect? Why are so many still "sleepwalking?" Because they still lack a structured way to assess their cyber risk and prioritize mitigation efforts based on real business impact. This yet again underscores why on-demand cyber risk quantification (CRQ) has become essential. CRQ allows these business leaders to: - Translate cyber vulnerabilities into financial exposure, making it easier to justify investment in protective measures. - Prioritize which systems to secure first - based on the level of disruption they would cause. - Build board-level awareness with tangible metrics rather than vague threat descriptions. With CRQ, business leaders can take their understanding that "cyber vulnerabilities exist" and transform it into actionable insights. This perspective is much needed, especially when critical infrastructure, like buildings, is becoming increasingly digitized and interconnected. #CRQ #cyberrisk #cyberriskmanagement #cybersecurity #UKcyberattack #cyberevents #businessresilience https://lnkd.in/dPyHndVN

20

2 Comments

NEWS: 📣 Global cybersecurity consultancy, CyXcel, a business division of Weightmans, today announced that it is just one of two law firms to achieve NCSC Cyber Incident Response (CIR) Approved Vendor status. This status has been achieved by only 43 companies in total in the UK and is a crucial benchmark for organisations delivering incident response services set by the UK government’s leading cybersecurity authority. The announcement demonstrates CyXcel’s technical capability, experience, and operational effectiveness to handle serious cyber incidents.  To read more about this story, click here: 👉 https://lnkd.in/eeHHiyis #cyberinsurance #cybersecurity #ncsc

90

4 Comments

Our own Chief Digital Officer, James Hatch, was featured on the Sky News Daily podcast yesterday, sitting down with its host Niall Paterson for an insightful conversation on ‘How to survive a cyber-attack’.   In light of recent incidents, James outlines current cyber threat trends and shares practical advice to help organisations protect themselves. His main message was that cyber security should be at the heart of business plans from the start, not an afterthought. Listen here or wherever you get your podcasts ➡️ https://lnkd.in/eTpcc7Er #cybersecurity #cyberattack

41

NEW: We have fined DPP Law Ltd £60,000 for cyber attack that led to highly sensitive and confidential information being published on the dark web. ❔ What happened? In June 2022, DPP suffered a cyber attack which affected access to the firm’s IT systems for over a week. A third-party consulting firm established that a brute force attempt gained access to an administrator account that was used to access a legacy case management system. This enabled cyber attackers to move laterally across DPP’s network and take over 32GB of data, a fact DPP only became aware of when the National Crime Agency contacted the firm to advise information relating to their clients had been posted on the dark web. DPP did not consider that the loss of access to personal information constituted a personal data breach, so did not report the incident to the ICO until 43 days after they became aware of it. We found DPP failed to put appropriate measures in place to ensure the security of personal information held electronically. This failure enabled cyber hackers to gain access to DPP’s network, via an infrequently used administrator account which lacked multi-factor authentication, and steal large volumes of data. DPP specialises in law relating to crime, military, family fraud, sexual offences and actions against the police. The very nature of this work means it is responsible for both highly sensitive and special category data, including legally privileged information. As the information stolen by the attackers revealed private details about identifiable individuals, DPP has a responsibility under the law to ensure it is properly protected. Andy Curry, Director of Enforcement and Investigations (Interim), said: “Our investigation revealed lapses in DPP’s security practices that left information vulnerable to unauthorised access. “In publicising the errors which led to this cyber attack, we are once again highlighting the need for all organisations to continually assess their cybersecurity frameworks and act responsibly in putting in place robust measures to prevent similar incidents. “Our investigation demonstrates we will hold organisations to account for a failure to notify where there was a clear obligation to do so at the time of the underlying incident. Read more about the case including the full monetary penalty notice and lessons organisations can learn from this case: https://lnkd.in/eFwkKTm8

400

25 Comments

Tech Monitor has an interesting article on how the public agency Crown Prosecution Service went from paper-based processes to modern #cloud solutions using #lowcode. The Crown Prosecution Service prosecutes criminal cases investigated by the police and other organizations in England and Wales. Their team was short on IT resources and drowning in Excel sheets so they decided to reevaluate their tools and begin a transition to the cloud. In the process, head of software engineering Elizabeth Thomason and her team discovered OutSystems. 38 apps later, we're delighted to see how transformative this journey has been. I'll leave the link to the full story in the comments.

74

2 Comments