Posts Categorized: cyber security

People and Awareness

Ambersail Aware. Keeping Your Staff Security Conscious Is As Important As Securing Your Networks. A great deal more effort and time is now spent educating staff on how to be more security aware. This pays dividends as people start to think and behave differently. It is not just about spotting suspicious emails. It extends to physical... Read more »

Pen Test or Vulnerability Scan?

ambersail security awareness

Summary The difference between a penetration test and a vulnerability scan lies in the amount of human time and skill needed to perform it, and the depth to which the target systems will be assessed. Scans are automated and therefore are quite shallow, whereas penetration tests are largely manual but can result in systems being more thoroughly… Read more »

Infographic: How You Can Combat Cyber Crime

Our infographic gives you simple advice on how you, the individual, can combat cyber crime. Many organisations will spend much time and money on technological solutions to this growing problem. Have you ever wondered how you can help yourself, without depending on increasingly ineffectual technology?

Cryptographic Weakness: No Trust Without Security

Are You Talking To Me? I had a conversation with a client recently. We’d just conducted a penetration test for his organisation and a number of cryptographic weakness findings had come up. “These issues aren’t normally significant” he said. “Why are we failing now, when we were okay before?”. A fair question, and one that deserves an answer. Here’s… Read more »

Blocking Your Penetration Tester is a Bad Idea

What’s wrong with blocking your penetration tester? You’ve invested in technologies that prevent the bad guys from scanning your site and finding problems that they might be able to exploit. To be sure things are working, you commission a penetration test, and ask the penetration tester to see if the defences can be defeated. You block… Read more »

What is SQL Injection?

What is it? Put simply, SQL or sometimes “sequel” injection is a web site security fault that enables a hacker to steal the private or confidential data that you have available on your web site. It is surprisingly common, can have a devastating business impact, and is easy to prevent. Now you too can answer the question “What… Read more »

5 Essential Tips For Those New To A PCI Scan

PCI scan for weaknesses

Recently, we have started with a significant number of new clients on ASV scanning projects. This is the PCI scan on networks that needs to be performed by merchants and service providers. Nothing new in that. We have been an ASV for over ten years. What has caught our eye is what has prompted these… Read more »

PCI Penetration Testing Policies. Just Like Buses

    … nothing for a few weeks and then three come at once.   Last Friday afternoon at the office turned into a somewhat sedate – and welcomed – end to the working week. Until I took three sales calls one after each other. Nothing notable about that. What was significant was that all were asking about… Read more »

6 Signs Of Poor Cyber Security Health

cyber security

Business owners: is your cyber security health at risk? I can tell you that the bar for cyber security health in many small businesses is very low indeed. There are two important facts I’d like to point out concerning the cyber security health of the nation. Firstly, that the economy consists mostly of smaller businesses, many… Read more »