34ce9c05

Leading through a cyber crisis – strategies for CEOs

it@methods.co.uk (IT Support) — Wed, 17 Apr 2024 09:19:08 GMT

How do you lead your company through a cyber incident?

If you are responsible for protecting your organisation from cyber threats and creating a culture of cyber awareness and accountability in your organisation, I am aware of how challenging this can be.

Cyber attacks are a reality for every business , no matter the size or sector. They can disrupt your operations, damage your reputation, and cost you money . That’s why you need to be prepared to respond quickly and effectively to a cyber incident, and not leave it to your IT team alone.

A cyber security incident isn’t just a cyber security problem, it’s also a business continuity and communications issue, and can be a financial and legal one too . Empowering and appropriately equipping the organisational leadership team plays a vital role in ensuring that your company can recover from a cyber incident; minimising the impact on your customers, partners, and stakeholders.

The National Cyber Security Centre (NCSC) has recently published a guide for CEOs on how to respond to a cyber incident and it is well worth reading as it covers the key steps you need to take, such as:

establishing a cyber incident response team and assigning roles and responsibilities
communicating effectively with your internal and external audiences
identifying the cause and scope of the incident and containing the threat
restoring your normal operations and learning from the incident.

You can review the NCSC’s guide for CEOs here .

As a leader of your organisation, you have a responsibility to ensure that your company is prepared for any cyber threats that may arise . Reviewing your security posture and incident response capabilities can help you identify and address any gaps or weaknesses that could put your business at risk allowing you to:

enhance your resilience and agility in the face of unpredictable and evolving cyber attacks
reduce the potential impact and cost of a cyber incident on your operations, customers, and reputation
strengthen your trust and credibility with your stakeholders, regulators, and the public
align your security strategy with your business objectives and priorities
foster a culture of cyber awareness and accountability within your organisation.

If you want to learn more about effectively responding to a cyber incident and what steps to take before, during, and after an attack, you can review my recent LinkedIn post or get in touch with me on cyber@methods.co.uk .

Gunpowder, treason, and secure social media!

Thu, 02 Nov 2023 11:51:27 GMT

Gunpowder, treason, and
secure social media!

With Bonfire Night around the corner and Social Media Kindness Day on November 9th, we are highlighting the importance of a secure online presence to ensure your privacy doesn’t go up in smoke!

Keep your online presence burning bright on Bonfire Night with these five handy social media security tips:

use strong passwords and activate multi-factor authentication
set accounts to private and adjust privacy for total control
lock or log off to prevent unauthorised access
block spam and unwelcome connections
verify links’ authenticity to dodge phishing risks.

Gareth Jones receives ‘Chartered’ title in Cyber Security Governance and Risk Management

Wed, 01 Nov 2023 11:02:39 GMT

Gareth Jones receives ‘Chartered’ title in Cyber Security Governance and Risk Management

We are delighted to share the exciting news that our Chief Information Security Officer, Gareth Jones, has earned the professional designation of ‘ Chartered ‘ within the domain of Cyber Security Governance and Risk Management, by The UK Cyber Security Council .

This prestigious title is a testament to Gareth’s exceptional expertise in the intricate world of cyber security, highlighting his leadership in managing cyber-related engagements, his invaluable contributions to the broader profession, and his profound grasp of associated specialised fields. It is a recognition of his exceptional commitment and dedication to the cyber security industry.

Well done Gareth!

Creep away ghostly glitches

Tue, 31 Oct 2023 12:43:29 GMT

Creep away ghostly glitches

Rounding up our tips and guidance across this Cyber Security Awareness Month , our final blog focuses on the importance of installing and performing software updates regularly.

Vulnerabilities in software are becoming more common than ever, with the move to more frequent use of network connected devices, from electric cars to smart speakers, smart washing machines, and doorbells!

Unpatched vulnerabilities can put your and your organisation’s data at risk!

Methods is here to help protect your organisation from dangerous security vulnerabilities.

Ghoul-proof passwords

Tue, 24 Oct 2023 13:32:04 GMT

Ghoul-proof passwords

#Cybersecurityawarenessmonth

As part of Cyber Security Awareness Month , this week we are highlighting the importance of ‘Ghoul-Proof Passwords’!

Over 65% of accounts use duplicated passwords! Meaning if a bad actor gains the password of an employee’s email account, there’s a 65% chance they can access other accounts using the same password!

Methods are here to help your business establish best practices around data, account, and personal security. Find out more about our broad range of Cyber Security offerings here.

Beware Strange-r Links

Mon, 16 Oct 2023 13:26:58 GMT

Beware Strange-r Links

Continuing on with Cyber Security Awareness Month… this week we are discussing ‘Strange-r Links’!

Cyber attacks are one of the fastest growing problems faced by businesses across the world. 79% of UK businesses that reported a cyber-attack in 2023 identified receiving phishing emails.

Methods are here to help secure your business against phishing attacks and other cyber threats. Find out more about our broad range of Cyber Security offerings here .

Cyber Security Awareness Month is here!

it@methods.co.uk (IT Support) — Thu, 12 Oct 2023 09:22:14 GMT

Cyber Security Awareness Month is here!

This month is the 20th anniversary of NIST’s Cyber Security Awareness Month. To highlight the importance of good security practices, we will be bringing you a series of terrifyingly useful blogs and guidance.

Let’s make this Cyber Security Awareness Month the spookiest one yet for cyber-ghouls by staying safe and secure online!

You can learn more about Cyber Security Awareness Month here .

Scare hackers away with the power of MFA!

This week we will focus on the importance of preventing unauthorised access by enabling Multi-Factor Authentication. Multi-Factor Authentication, or MFA, is a common method used to prevent eerie intruders from accessing sensitive information.

Common authentication methods used today include biometric authentication using either fingerprint or facial recognition and single use codes to authenticate to systems, services, and apps. Multi-Factor Authentication adds an additional layer of security for your devices and ensures only authorised individuals can access sensitive information and accounts.

Enabling MFA on your devices will help to keep the cyber-ghouls at bay! If you would like more advice and guidance on how MFA can prevent unauthorised access, please click this link .

Stay tuned for next week’s blog…

With cyber attacks increasing 28% YoY and insurance premiums skyrocketing, organisations must reassess their supply chains to meet stricter guidelines

Mon, 11 Sep 2023 18:18:16 GMT

With cyber attacks increasing 28% YoY and insurance premiums skyrocketing, organisations must reassess their supply chains

Cyber attacks are one of the fastest growing problems faced by businesses in the UK and worldwide. According to Checkpoint , the number of global cyber attacks has increased by 28% in the third quarter of 2022, compared to the same period in 2021.

It is predicted that with the increasing agility and “professionalism” of cyber criminals, the threat of both ransomware and cyber attacks on the supply chains will continue to grow .

The challenges for companies are enormous. It is extremely difficult to manage all hardware and software components from multiple providers, each potentially with its own requirements or security standards, and to adequately assess the resulting risk from, or through, the supply chain.

Insurance companies are also increasing their rates dramatically, higher premiums for both public and private organisations are a result of the rising demand for coverage in the light of frequent and costly cyber crime incidents . According to Marsh’s insurance pricing index, UK cyber insurance pricing increased by 66% in the third quarter of 2022, following a peak increase of 102% year-over-year in the first quarter of 2022.

Implementing appropriate organisational structures, policies, and processes to understand, assess, and systematically manage security risks to the network and information systems supporting essential functions is paramount .

At Methods we recognise that there is a fine balance between good security and business operation using a balance of business process, education, and technology to achieve a successful security outcome. We take an outcome-led approach, supported by mature processes, professional staff, and accredited technology .

Organisations need protection from advanced cyber threat actors and we use the NCSC Cyber Assessment Framework (CAF) to help support organisations undertake a systematic and comprehensive approach to assessing the extent to which cyber risks to essential functions are being managed by the organisation responsible.

From advanced cyber threat actors, we can enable the secure exchange of sensitive information , between domains managing cyber security risks according to the UK National Cyber Security Centre guidance to help address the security concerns, whilst ensuring that the business objectives will still be met .

If you would like to discuss this service then drop us an email at cyber@methods.co.uk , or you can visit Cyber Methods or our Cyber Security page to find more.

Methods is a member of the UK Cyber Security Council

Mon, 11 Sep 2023 18:05:25 GMT

Methods is a member of the UK Cyber Security Council

Methods has been appointed as a member of the UK Cyber Security Council .

Formed to be the voice for the UK cyber security profession, the Council has an increasing responsibility for cyber and national interests, and works to bring together key stakeholders to drive and build engagement in developing standards and ethical practice, identifying and acting on current issues, and promoting the profession.

In collaboration with multiple UK Government departments and the National Cyber Security Council (NCSC), the Council works to improve cyber security awareness and resilience for public good, and shape the standards that individual practitioners will be held to.

As a member of the Council, Methods has committed to support the raising of professional standards in the undertaking of cyber security, as well as committing to ensuring our staff abide by the Council’s Code of Conduct and Code of Ethics .

We at Methods pride ourselves in delivering best practice, pragmatic Cyber Security solutions. The UK Cyber Security Council is a powerful platform for sharing our experience, and learning from other practitioners, to ultimately improve Cyber Security awareness and drive professional standards.

Gareth Jones, Chief Information Security Officer, Methods

‘Securing an open and resilient digital future’ – Key takeout’s from CYBERUK23

Mon, 11 Sep 2023 11:53:46 GMT

‘Securing an open and resilient digital future’ – Key takeout’s from CYBERUK23

James Tee and myself recently attended CYBERUK , held for the first time in the vibrant city of Belfast and coinciding with the historic 25th anniversary of the Good Friday Agreement.

CYBERUK is the UK’s flagship cyber security event run by the National Cyber Security Centre (NCSC) and is a chance for cyber professionals to gain an insight to the challenges and future threats the UK face . With guests from across the globe, representing governments and industry leaders, speaking on securing an open and resilient digital future, it was an exciting few days.

The event, held at the International Conference Centre (ICC) Belfast, examined how today’s cyber ecosystem – a sector worth £10 billion to the UK economy – is able to strengthen, join together, and innovate in order to resist the threats, be ready for opportunities, and keep the UK the safest place to live and work online.

The programme was packed with four main ‘Streams’ covering a broad range of technical and non-technical areas:

Stream A – Strong ecosystem; resilient society
Stream B – Threats, risks, and vulnerabilities
Stream C – Securing foundations for technology advantage
Stream D – Interactive workshops

The event kicked-off with an informal welcome drinks reception at St George’s market and was a chance to network with peers, meet sponsors, catch-up with friends, and hear from industry figures, all while enjoying drinks, local food, and entertainment.

The following day, Lindy Cameron , CEO of NCSC welcomed delegates, this was followed by a ministerial address from The Rt Hon Oliver Dowden CBE MP . The main takeaways were:

1. The growing threat China posed to the world economy if we don’t keep pace with their technological developments, coupled with its ambition to become the world leader in technology. This has become more apparent considering the increased reliance western organisations place on China to provide for the global supply chain.

2. The skills shortage within the industry still remains an on-going issue within the UK where roughly 13,000 people are needed to plug the gap within the workforce and maintain a robust cyber resilience for the UK economy.

3. GovAssure officially launched and will require government entities to undergo an assessment of their cyber security set-up against one of two NCSC Cyber Assessment Frameworks (CAF). The aim for this is to ensure that each government entity has a risk profile and is able to better understand the level of cyber resilience across government so that any vulnerabilities can be addressed before they are exploited.

4. Advances in quantum computing and artificial intelligence (AI) proved to be popular topics of conversation with panel discussions highlighting the growing need to exploit the opportunities that could be gained from adopting these sooner rather than later, but airing caution over the potential new threats they may pose to organisations and the speed at which cyber criminals are able to exploit new technologies.

5. AI remains to be one of the most exciting technologies to be used within the cyber industry, however, organisations are still slow to adopt new technologies. There is increasing concern regarding the amount of technical debt within UK organisations that neglect updating their IT systems and do not have the foundations of cyber resilience in place.

6. The need to collaborate with partners, vendors, and governments. The sharing of intelligence and providing an increased transparency of technologies and standards significantly helps those smaller states that don’t have the resources available to develop their own technologies. They rely on the likes of the US and UK to lead the developments in cyber standards and practices.

One key statistic that stood out for me was that only 13% of primes assess the risks associated with their suppliers . From this there was a call for introducing joint top table exercises so supply chains can become more resilient when things go wrong and partners can work together to overcome the threats and vulnerabilities quickly to minimise damages.

If you’d like to learn more about how the Methods Cyber and Technical Advisory team can help your organisation to adapt and comply with Gov Assure , or to become a more resilient organisation, please take a look at what we have to offer on Cyber Methods and get in touch!

Junaid Mohammad achieves Certified Cyber Professional (CCP) accreditation from the NCSC Assured Cyber Consultancy

Mon, 11 Sep 2023 10:48:57 GMT

Junaid Mohammad achieves CCP accreditation from the NCSC Assured Cyber Consultancy

We are delighted to announce that Junaid Mohammad has achieved a NCSC (Security Architecture) Certified Cyber Professional (CCP) accreditation from the Assured Cyber Consultancy. This builds on Methods’ Cyber & Technical Advisory Team’s NCSC Cyber Assured Service Provider status (which is held by less than 25 companies in the UK) , that was acquired and maintained by Methods since 2021.

NCSC CCP has taken a lot of hard work and dedication and is awarded only to those who demonstrate sustained ability to apply their skills, knowledge, and expertise in real-world situations.

The Cyber & Technical Advisory Team, are able to demonstrate and provide the following service to our clients:

we provide trust and credibility by demonstrably maintaining high levels of expertise, and adherence to industry best practices
we provide confidence that our certified individuals possess the necessary knowledge, skills, and experience to effectively contribute to cyber security efforts
we are recognised within the UK cyber security industry, achieving the most credible certification
we provide assurance to clients through our NCSC CCP-certified professionals, bringing a recognised level of expertise to their projects
we help improve the security posture of organisations and strengthen their cyber security defenses
we stay updated with the latest trends, technologies, and threats in the field of cyber security, in order to maintain and develop the skills through continuing professional development (CPD) activities.

As a dedicated NCSC Cyber Assured Service Provider, Methods’ Cyber & Technical Advisory Team is committed to upskilling and expanding the cyber security workforce. We are actively collaborating with the UK Cyber Security Council (UKCSC) during the transition of stewardship, aiming to establish a new professional standard for cyber security and define long-term goals for specialised roles within the field. You can find more information here .

What is National Cyber Security Centre (NCSC)

The NCSC supports the most critical organisations in the UK, the wider public sector, industry, SMEs, as well as the general public. When incidents do occur, they provide effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future. The NCSC provides a single point of contact for SMEs, larger organisations, government agencies and departments, and the general public. They also work collaboratively with law enforcement, defence, the UK’s intelligence and security agencies, and international partners.

What is National Cyber Security Centre’s Certified Cyber Professional

National Cyber Security Centre’s Certified Cyber Professional ( NCSC CCP ) program is developed by the UK’s National Cyber Security Centre (NCSC), to establish a recognised standard for cyber security professionals and to enhance the quality and professionalism of cyber security practice in the UK.

The Certified Professional assured service is a recognition of competence which is awarded to those who demonstrate their sustained ability to apply their skills, knowledge, and expertise in real-world situations.

Junaid Mohammad new Head of Security Architecture

Junaid’s dedication and diligence throughout his four-year tenure at Methods has seen him consistently deliver an exceptional and competent service, whilst contributing significantly to the advancement of the profession. As a result of his remarkable efforts, Junaid has earned a well-deserved promotion to the position of Head of Security Architecture.

We extend our heartfelt congratulations to Junaid on achieving the highly sought-after recognition of NCSC CCP, and earning the well-deserved promotion. This promotion is a clear testament to his expertise and proficiency in the field of cyber security.

Keep up the excellent work, Junaid! You are an invaluable asset to Methods.

Improving agility and reducing cyber security risk by migrating to the cloud, at Abertay University

Mon, 09 May 2022 13:19:12 GMT

Improving agility and reducing cyber security risk by migrating to the cloud, at Abertay University

CoreAzure has delivered an exciting cloud migration programme at Abertay University, that will see the majority of IT services transition to the Microsoft cloud platform – Azure.

The programme builds upon their existing use of cloud capabilities including Azure Lab Services, which are now being used to support the delivery of teaching and learning in areas such as cyber security.

The successful transition to cloud business case focused on modernising their IT infrastructure by improving resilience, scalability, security posture, and taking advantage of innovative digital technologies in the future.

Quote from Frazer Greig, Head of IT and Corporate Services at Abertay University:

“From the outset CoreAzure used their considerable experience of successfully transitioning universities to the cloud to demonstrate how the use of the Microsoft cloud platform could positively impact our IT services. Improving agility, reducing cyber security risk and our carbon footprint by decreasing our campus data centre capacity significantly are key objectives of the programme. At the end of the project, we will have a modern, secure IT infrastructure capable of delivering a wide range of innovative digital services to our students and staff.”

Redefining the security perimeter around the identity of a ‘person’ or ‘thing’

Wed, 09 Mar 2022 12:43:30 GMT

Redefining the security perimeter around the identity of a ‘person’ or ‘thing’

With the transition to work anywhere, applications moving to the cloud, and the increased use of technologies and data mobility reaching more devices, traditional security platforms no longer provide the levels of security and access control modern digital organisations need . Most corporate assets are now outside the traditional security perimeters, rending legacy controls inadequate, to protect them against increased cyber threats. With remote working and work-from-anywhere the new norm, enterprises have transformed into a geographically distributed environment of assets, employees, partners, and customers.

So, with more assets now existing outside of the traditional security perimeter, cybersecurity needs to be redefined , around the identity of a person or thing. As perimeter protection becomes less meaningful, the security approach of a walled city must evolve.

So – where do we go?

Gartner’s Top Security and Risk Trends for 2021 report identified cybersecurity mesh as the “modern conceptual approach to security architecture, that enables the distributed enterprise to deploy and extend security where it’s most needed.” – but what does that mean?

My personal view is that cybersecurity mesh is yet another building block (foundation) of a Zero Trust journey ensuring all data, services, devices, and applications are accessed securely regardless of where they are. All connections to access the data are considered unreliable unless verified.

A cybersecurity mesh enables scalable, flexible, and reliable cybersecurity controls via a distributed architectural approach. With more assets existing outside of the traditional security perimeter, cybersecurity mesh allows for the security perimeter to be defined around the identity of a person or thing. This approach to network security leads to a more standardised, responsive security approach, that prevents hackers from exploiting different parts of a given network, in order to access the broader network.

Whether you want to call it a cyber security mesh or zero trust model, when you are up against a skilled, professional adversary (e.g. Advanced Persistent Threat (APT29) which is a threat group that has been attributed to Russia’s Foreign Intelligence Service (SVR)), this model helps move organisations to a proactive security posture to defend and investigate against such attacks.

If you’d like to find out more, please visit here .

CISO Gareth Jones achieves lead practitioner certification from the BCS CCP

Thu, 03 Mar 2022 15:11:21 GMT

CISO Gareth Jones achieves lead practitioner certification from the BCS CCP

We are delighted to announce that Methods CISO Gareth Jones , has been awarded the highest certification for Cyber Security / IA Architect by the BCS CCP Scheme .

The National Cyber Security Centre (NCSC) recognition sets the professional standards for cyber practitioners in the UK, supporting the development of a robust and respected cyber security profession. The CCP has been developed by the NCSC in consultation with the government, industry and academia’s to address the growing need for specialists in the cyber profession.

As part of Methods’ ongoing commitment to the NCSC Certified Cyber Security Consultancy , we strive to deliver independently certified people to deliver work and consultancy for government, wider public sector, and Critical National Infrastructure organisations. As such, Methods’ Cyber and Information team work to honour this commitment through upskilling their technical abilities in this specialism, completing appropriate professional development frameworks, and knowledge transfer.

The CCP specialism recognition is valid for three years, and will be re-evaluated throughout this period to ensure that professionals are maintaining a level of skills and knowledge.

Well done Gareth – this certification is a credit to your passion, diligence, enthusiasm, and knowledge in this field.

Tackling a sophisticated HTML smuggling campaign against a global UK public sector organisation

Thu, 03 Mar 2022 12:43:31 GMT

Tackling a sophisticated HTML smuggling campaign against a global UK public sector organisation

Defending against HTML smuggling

Methods’ Group security and risk consultants from CoreAzure and Methods BDT have been engaged with a major global UK public sector organisation to provide security operation center (SOC) services, and have recently been defending against a sophisticated HTML smuggling campaign . The SOC team investigated this as part of a wider phishing campaign in which targeted users were sent malicious files imitating a legitimate business process in an effort to gain access to the organisation’s environment.

A total of 77 HTML smuggling emails were detected , of which 17 users reported these as suspicious. Of the 77 malicious emails detected, the SOC team only received 15 high severity from Azure Sentinel.

Further research found the method used by the threat actor(s) was HTML smuggling. The HTML smuggling method is highly evasive as it can bypass standard perimeter security controls such as web proxies and email gateways, which only check for suspicious attachments like EXE, ZIP, or DOCX.

Below is a graph showing the trend of emails delivered which were recognised as phishing emails.

Figure 1 depicts ‘recipients’ on left hand axis against the ‘chart time zone (UTC)’

The main purpose of this style of attack is to install malware code , Trojans, spyware etc. to gain access to an organisation’s environment.

HTML smuggling is a malicious technique used by threat actors to hide malware in an encoded script in a specially crafted HTML attachment or web page . The malicious script decodes and deploys the payload on the targeted device when the victim opens the HTML attachment. The HTML smuggling technique leverages legitimate HTML5 and JavaScript features to hide malicious payloads and evade security detections and generate malicious files behind the organisation’s firewall. Microsoft researchers stated this technique was observed in a spear-phishing campaign by the infamous NOBELIUM.

Figure 2. HTML Smuggling Overview – Microsoft

Specifically, HTML smuggling leverages the HTML5 “download” attribute for anchor tags , as well as the creation and use of a JavaScript Blob to put together the payload downloaded into an affected device.

HTML smuggling presents challenges to traditional security solutions. Effectively defending against this stealthy technique requires defence in depth. It is always better to thwart an attack early in the attack chain —at the email gateway and web filtering level. If the threat manages to fall through the cracks of perimeter security and is delivered to a host machine, then endpoint protection controls should be able to prevent execution.

It may not be straight forward to defend against this method of attack due to the wide use of JavaScript and the way it is utilised throughout an organisation’s environment. It is almost impossible to identify malicious JavaScript as it flows down the wire as the same JavaScript code which can be obfuscated in many different ways, and therefore content or signature matching will be challenging to do. In addition, many legitimate JavaScript frameworks make use of obfuscation techniques in order to minimise file sizes and improve the speed of web applications, so simply blocking obfuscated JavaScript is not really an option either.

Microsoft 365 Defender Threat Intelligence Team recommend that Endpoint security teams should be looking for:

JavaScript or VBScript from automatically running a downloaded executable file
running potentially obfuscated scripts
executable files from running “unless they meet a prevalence, age, or trusted list criterion”.

The SOC team suggested the following remediation steps to the organisation impacted (provided by Microsoft) to mitigate the risk of HTML smuggling:

If you would like to talk to our security experts or find out more how Methods could help you, please contact cyber@methods.co.uk .

Cyber signals: defending against cyber threats with the latest research, insights, and trends

Thu, 17 Feb 2022 12:43:30 GMT

Cyber signals: defending against cyber threats with the latest research, insights, and trends

At the start of the month Microsoft introduced Cyber Signals , a cyber threat intelligence brief informed by the latest Microsoft threat data and research. This content, to be released quarterly, offers an expert perspective into the current threat landscape, discussing trending tactics, techniques, and strategies used by the world’s most prolific threat actors.

As we have seen ourselves working with customers, cyber attacks by nation-state actors are on the rise and despite their vast resources, these adversaries often rely on simple tactics to steal passwords, not protected by MFA etc.

The recommendations made by Microsoft reinforce how effective the following controls can be:

Enable multi-factor authentication – to verify the authenticity of users and activities:
By doing so, organisations mitigate the risk of passwords falling into the wrong hands . Even better, eliminate passwords altogether by using passwordless MFA.

Audit account privileges:
Privileged-access accounts, if hijacked, become a powerful weapon attackers can use to gain greater access to networks and resources. Security teams should audit access privileges frequently, using the principle of least-privilege granted to enable employees to get jobs done.

Review, harden, and monitor all tenant administrator accounts:
Security teams should thoroughly review all tenant administrator users or accounts tied to delegated administrative privileges to verify the authenticity of users and activities.

Establish and enforce a security baseline to reduce Audit account privileges:
Nation-states play the long game and have the funding, will, and scale to develop new attack strategies and techniques. Every network-hardening initiative delayed due to bandwidth or bureaucracy works in their favour. Security teams should prioritise implementing zero-trust practices like MFA and passwordless upgrades.

You’ll find this article a worthy a read on the topic.

Are you looking to get a Threat Modelling Platform in place to prevent attacks from damaging your business?

If you would like to find out how Methods can help your organisation to implement Threat Modelling to protect your business, register for a consultation.

To protect against these risks, we:

deliver embedded threat modelling to improve the security of your organisation
assist in building your threat modelling capabilities
provide tools, training and ongoing access to key threat intelligence.

Framework: Cyber Security Services 3

Mon, 14 Feb 2022 15:40:46 GMT

Framework: Cyber Security Services 3

Description

This Dynamic Purchasing System offers an extensive variety of cyber security services from a range of pre-qualified suppliers. It is open to all UK public sector bodies for support in areas such as Consultancy and Advice, Penetration Testing and IT Health Check, Incident Management, Data Destruction, and Sanitation Services.

Methods can offer the following services on this DPS:

Consultancy and Advice

Including: Risk Management and Assessment, Security Architecture, Training and Policy Development.

Incident Management

Including: Cyber Incident Response, Disaster Recovery, Threat Intelligence, Business Continuity and Disaster Recovery.

Benefits

Consultancy and Advice

Including: Risk Management and Assessment, Security Architecture, Training and Policy Development.

Incident Management

Including: Cyber Incident Response, Disaster Recovery, Threat Intelligence, Business Continuity and Disaster Recovery.

How can you buy our services?

Suppliers can be selected via further competition. Please refer to the buyer’s guidance here .

Further information

To find out more information about Cyber Security services offered by Methods, please see here .
If you would like more information on how to procure through any of Method’s frameworks, please contact bidteam@methods.co.uk .

2021 trends show increased globalised threat of ransomware

Thu, 10 Feb 2022 14:27:38 GMT

2021 trends show increased globalised threat of ransomware

Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the National Cyber Security Centre (NCSC-UK) have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organisations in 2021.

This CSA provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.

CISA encourages users and administrators to review joint CSA: 2021 Trends Show Increased Globalized Threat of Ransomware and visit StopRansomware.gov for more information on protecting against and responding to ransomware attacks.

Press Release : Methods and IriusRisk partner to deliver automated threat modelling for public sector software

Wed, 19 Jan 2022 14:43:14 GMT

Press Release : Methods and IriusRisk partner to deliver automated threat modelling for public sector software

Our partnership will drive hybrid cloud transformation in software by enabling security as a continuous service.

19th January 2022 : Automated threat modelling company IriusRisk has partnered with Methods , the leading public sector digital transformation consultant to deliver embedded threat modelling to improve the security of public sector services. The partnership has already seen two out of the five top public sector bodies incorporating IriusRisk threat modelling capabilities into their service offerings.

The partnership allows Methods to offer threat modelling and DevOps for UK government and public sector applications. Continuous threat modelling of applications and Cloud Services means that security is upheld as a continuous service, vastly reducing the risk of software vulnerabilities that could be exploited. This includes architectural design, analysis and threat modelling consulting service capabilities based around the IriusRisk Threat Modelling Platform. With IriusRisk, public sector organisations are also able to investigate and quantify inherent legacy risks in existing software through automated threat modelling, driving and informing remedial security programs to update key public sector services.

Methods will also use IriusRisk as a basis for education and awareness programmes on cyber security threats, assisting public sector organisations in building their own threat modelling capabilities – including tools, training and ongoing access to key threat intelligence.

Methods will be making their threat modelling ‘portfolio’ available via the Crown Commercial Service – Tech Services 3 framework – enabling UK public sector organisations to procure through the approved government frameworks – thereby qualifying IriusRisk as a UK Government approved supplier.

Gareth Jones, Chief Information Security Officer at Methods said:

“Threat modelling has become an increasingly important part of our S-SDLC process as it is recognised as one of the most effective approaches to reduce cyberattacks and costly redevelopment. Our approach is tailored to each customer, supported by national and international standards that address systemic risks. The evolution of threat modelling has moved from being a manual time-consuming process to adopting automated tools which speeds up secure application development and release software faster.

Using IriusRisk helps enable the implementation of security into software design, without requiring DevOps engineers to completely re-train as security professionals. In practice, threat modelling has the potential to change the relationship between developers and security professionals and create the ultimate goal of DevSecOps, a truly cross-functional team.”

Commenting on the partnership CEO and co-founder of IriusRisk Stephen De Vries said:

“We are delighted to be partnering with Methods, who are a leader in public sector digital transformation. The public sector is acutely vulnerable to security risks and this partnership with Methods will mean that these organisations are able to feel confident not only in the security of their software products from the offset, but throughout their life cycles. We are excited to see our threat modelling services rolled out throughout the public sector, allowing threat modelling to become embedded in software design from the earliest stages”

About Methods

Since our establishment in 1990, Methods has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. We are passionate about the work we do and transforming services for citizens. We apply our skills in innovation and collaboration from across the Methods Group, to deliver end-to-end business and technical solutions that are people-centered, safe, and designed for the future.

About IriusRisk

IriusRisk is the industry’s leading threat modelling and secure design solution in Application Security. With enterprise clients including Fortune 500 banks, payments, and technology providers, it empowers security and development teams to ensure applications have security built-in from the start – using its powerful threat modelling platform.

Whether teams are implementing threat modelling from scratch, or scaling-up their existing operations, the IriusRisk approach results in improved speed-to-market, collaboration across security and development teams, and the avoidance of costly security flaws.