fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

UK Govt Seeks Advice On Defending Against Supply-chain Cyberattacks

UK Govt Seeks Advice On Defending Against Supply-chain Cyberattacks

Today, the UK government has announced a call for advice on defending against software supply-chain attacks and ways to strengthen IT Managed Service Providers (MSPs) across the country.

The move comes after last week when President Biden had issued an executive order to increase cybersecurity defenses across the U.S.

The government’s invitation to provide feedback that will be open for almost two months comes at a time of prominent cyberattacks such as, the Colonial Pipeline incident, the Codecov supply-chain attack, and ransomware attacks on mission-critical organizations [12] that continue to grow.

UK Government seeking views on cybersecurity

Starting today, the Department for Digital, Culture, Media, and Sport (DCMS) is seeking advice on measures to increase cybersecurity efforts across the UK from firms that both procure and provide digital services.

The initiative is a part of the nationwide “cyber resilience” efforts set forth by the UK’s National Cyber Security Strategy to safeguard businesses and organizations that increasingly rely on technology from cyber-attacks, and to strengthen digital supply-chain security.

Also Read: Practitioner Certificate In Personal Data Protection: Everything You Need To Know

To do so, the government has opened up a survey today, May 17th, that members of firms that either procure or provide IT services can respond to, until 23:59 on Sunday, July 11th:

uk government survey supply-chain security
UK government-provided survey that can be filled out by IT firms (MSPs) and customers

In a press release, DCMS stated that only 12% of organizations reviewed cybersecurity risks posed to them from their immediate suppliers and that only 5% of the firms remediated vulnerabilities in the wider software supply-chain.

As more and more businesses are relying on technology or moving entirely online, securing digital supply-chains and services provided by the IT Managed Service Providers (MSPs) has become significantly more important to ensure business continuity and resilience, says DCMS.

“There is a long history of outsourcing of critical services. We have seen attacks such as ‘CloudHopper‘ where organisations were compromised through their managed service provider.”

“It’s essential that organisations take steps to secure their mission-critical supply chains – and remember they cannot outsource risk,” says Matt Warman, Minister (MP) of Digital Infrastructure.

“Firms should follow free government advice on offer. They must take steps to protect themselves against vulnerabilities and we need to ensure third-party kit and services are as secure as possible,” continued Mr. Warman.

Proposals could mean new rules for firms

Depending on the input collected from firms and industry experts, the UK government would then review whether the further strengthening of current cybersecurity policies is needed, and specifically what areas need to be improved on.

The proposals collected as a part of this two-month long survey could mean IT management firms (MSPs) will be required to follow updated new security standards.

A detailed policy paper expands on the two major tasks that the government wishes to accomplish through this initiative:

  1. Evaluating supply-chain risk management, understanding the barriers to effective supplier cyber risk management, methods of improvement, the current risks, and the defenses.
  2. Examining the critical role of MSPs in the UK’s supply chains across all sectors of the economy, including government and critical national infrastructure, and building a security framework for MSPs.

The need to focus on strengthening IT vendors is important as ransomware operators have recently targeted MSPs to mass-infect all of their clients in a single attack, as reported earlier by BleepingComputer.

Multiple MSPs have been reportedly hacked in the last few years, leading to hundreds, if not thousands, of clients being infected with the “GandCrab” Ransomware.

Last year’s SolarWinds supply-chain attack allowed threat actors to push a trojanized Orion update downstream to over 18,000 company customers, where they targeted high-value organizations for further attacks.

Also Read: The DNC Singapore: Looking At 2 Sides Better

The government’s request for input comes at a time when, more recently, prominent cyber incidents like the Colonial Pipeline attack and the Codecov supply-chain incident are under the spotlight, and multi-million dollar ransomware attacks on mission-critical organizations like Ireland’s Health Services continue to grow.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us