The recent ransomware attack on Amey rattled nerves in the construction industry. Amey’s response to the breach was seemingly responsible, but when all is said and done...

DPO appointed? Tick. Data Protection Impact Assessments conducted? Tick. Subject Access Request process operational? Tick. You’re in good shape, right? Well, in a narrow GDPR sense, you might just be. But beware the data protection illusion...

Hands up all those who think they have a great cyber risk assessment capability in place. You know, one that is embedded within the organisation, produces consistent and trustworthy results...

When you think about cyber security, you generally don’t tend to think about people, and you certainly don’t think about the neurodiversity of people. The profession has been battling a skills gap...

CRMG recently featured in a special cyber security report by the ISF in partnership with The European...

Not long ago, life seemed comfortable – or at least, I had convinced myself that that was the situation. You see, I thought I was naturally fit. I did not need to exercise or watch what I ate...

For most organisations, particularly those that are small to mid-size, budget and resources for cyber security may not be sufficient to effectively protect their organisation...

The emergence and rapid growth of online retail is a great example of how businesses can move most of their operations online. Even businesses that don’t sell their products or services online are now benefiting...

The construction industry is notorious for its reliance on complex supply chains. Entire ecosystems of partners and suppliers collaborate to produce the urban landscapes of tomorrow...

The pace and scale at which we create and share data is greater than ever before. With such an abundance of information, data ownership is a real challenge...

The Cyber Risk Management Group (CRMG) welcomes Dan Rycroft to the team as Delivery Director. Dan brings with him a wealth of experience from various IT Management and Cyber security management roles...

We sat down with Simon Lacey, former Information Security Policy Manager at the Bank of England, and current Principal Consultant at CRMG. Simon is an expert...

Since the outbreak of COVID-19, there has been a period of major transition and organisations have had to quickly adapt to weather the storm. Many have managed to remain operational...

We don't need to tell you that effectively reducing risk and increasing resilience requires a carefully constructed multi-faceted plan, and most importantly the support of your people...

A key principle that organisations must adopt when responding to a cyber attack is transparency. There are plenty of cautionary tales...

Much earlier in my career, I presented a seminar on the importance of business continuity. Perhaps it was naïve of me to expect the message to be greeted...

Developing an effective cyber security policy is a fundamental stepping stone when creating a comprehensive cyber security plan. Like any other corporate policy, they are a roadmap that defines what...

Thinking back to when the lockdown was announced on the 23rd March, it now feels surreal that my family and I have managed to make what was unusual circumstances, the norm...

In a recent article ‘Basic Cyber Security Hygiene: 5 Inalienable Truths’ we highlighted the importance of strong baseline cyber security disciplines to any organisation, irrespective of size or maturity. In essence, we contended that...

As a senior member of the CRMG Management Team, I thought it might be useful to share my own perspective on effective strategies for managing the effects of the current lockdown...

In the wake of the COVID-19 pandemic, many organisations find themselves scrambling to meet the sudden spike in Virtual Private Network (VPN) traffic, as most employees are now working from home....

Embarking on a risk-based approach in cyber security is a significant undertaking. However, we at CRMG believe it is the right approach to take in order to protect your organisation, your clients, and your employees...

When the pandemic started to hit South East Asia, there was a lot of mixed information being shared among different communities and the media. I currently live and work for CRMG in Bali, Indonesia – which is one of the world’s...

With the COVID-19 outbreak in the UK, I was struck by a sense of anxiety, like many were. I was concerned about how this would impact my career, how my family would cope, whether we would become ill...

It all got a little more serious after Boris’s latest announcement didn’t it?... but it probably just confirmed what we already knew was going to happen. I have to say the Prime Minister is looking exhausted...

With offices and schools now closed to non-essential workers, most of us are now operating remotely from our homes, often using personally-owned computers and laptops. We’re also relying on online services...

When Nick Frost and I set up CRMG back at the beginning of 2018, I don’t think either of us would have imagined the business circumstances we now find ourselves in...

We find ourselves in unchartered waters and an uncertain time with the Coronavirus (COVID-19) outbreak which is having a global reach and touching every one of us. Our businesses, our work life...

At CRMG we don’t have an aversion to the array of highly impressive products and services that compete for the modern CISO’s budget. As an example, the role that artificial intelligence (AI) can play in speeding up an organisation’s targeted...

So, Boris has officially announced what we all predicted and that the schools are closed for the foreseeable future. 20 minutes after this announcement we received emails with the kids’ homework for the next 2 weeks...

This is a personal account from the CRMG team about our experiences managing and coping with the current Coronavirus pandemic. We are real people trying to get through this tough time, and we want to emphasise that we are here to support...

Do you have a cyber security programme that needs beefing up? Or are you involved in a startup that’s still in the planning stages of information and cyber security? Either way, it may not be clear what is needed and where to start...

2019 was an extremely successful year for ransomware, rife with attacks and many high-profile victims. Of all the cyber threats, ransomware was proven to be the most devastating. In the UK, it was reported by the government’s Cyber Security Breach Survey...

Many organisations are cottoning on to the benefits of a Security Operations Center (SOC) when it comes to achieving effective enterprise-wide systems monitoring, incident detection and response...

One of the biggest challenges facing cyber security staff is dealing with the misconceptions held by senior managers within an organisation. Many business managers have a misguided picture of information security and the possible consequences...

In today’s hyper-connected digital age, it’s not unusual for medium to large-sized companies to have hundreds, or even thousands, of third-party suppliers. This can range from product suppliers, to billing processors, to cloud providers, and a variety of different services...

CIISec are delighted to welcome Cyber Risk Management Group (CRMG) as Corporate Members. CRMG is a leading provider of cyber security and information risk consultancy services and training courses...

We constantly hear “senior management ‘get it’” – but do they really? Senior management's awareness of information security and cyber threats is essential if security teams are to effectively mitigate against them...

In 2020, increased digital innovation is going to expand the threat landscape drastically, with the acceleration of technologies such as 5G, cloud and Internet of Things (IoT). This will lead to increased data creation, sharing and storage at a pace that is difficult for security teams to keep up with...

In this episode, I interview Nick Frost. Nick is the Co-Founder of CRMG and has been involved in Cyber Security for over 20 years. Prior to starting his own business, he has held leadership roles at PWC and other similar companies. He started his first company in 2015 and just started CRMG in 2018 with a colleague...

Going into 2020, businesses are expected to continue the transition from on-premise to cloud.  Many are increasingly adopting a cloud-first strategy, where if possible, they will run their services on a cloud platform vs keeping them in a data center.  And why not? The benefits of moving to the cloud are enormous and the list is long...

The Cyber Risk Management Group (CRMG) welcomes Neil Ackerley to the team as Principal Consultant. Neil will be working across multiple services from information risk management and risk assessments, to cyber security governance and CISO staff placements...

Not so long ago, the idea of outsourcing critical business functions or IT systems to a third party supplier would have been off limits for many organisations because of the level of risk involved. However today, the use of third party suppliers has increased exponentially...

‘Cyber resilience’ seems to be something of a buzz phrase right now, with social media and vendor  promotional material often mentioning the importance of resilience. Many conversations about resilience focus on the importance of strong, robust defences, however are robust and strong defences really signs of resilience?...

In the last 30 years, the risk landscape has transformed significantly for retailers. Think back to the early 1980s.  There was no internet then. Every retailer had only on-site equipment, some of which would be in their own data centers or in a rack in a small room in their office buildings...

Organisations are facing new types of advanced persistent threat scenarios that current risk management programmes cannot defend against. To effectively counter threats, business leaders must have a...

You can't avoid risk management. It's just as fundamental to our business as it is to our lives. From checking an email address before sending sensitive documents, to looking left and right before crossing a road...

HBO’s recent ‘Chernobyl’ series, which re-told the story of the nuclear accident that threatened much of Europe in 1986, made for compelling viewing. The accident was said to have helped prompt the fall of the Eastern block and bring about a fundamental shift in global politics....

HBO’s recent ‘Chernobyl’ series, which re-told the story of the nuclear accident that threatened much of Europe in 1986, made for compelling viewing. The accident was said to have helped prompt the fall of the Eastern block and bring about a fundamental shift in global politics...

Imagine this scenario: A CISO leading a cyber security department receives an urgent request from a senior executive.  The senior executive is getting ready to close a big deal with a third party...

As a CISO, you’re likely to have put forward many plans to improve the security posture for the users of your organisation.  Much of the time, you get Executive sign off and roll out whatever initiative it might be...

On more than one occasion, I have stood before senior management and posed the question “what are your information assets?” – and in each case, they didn’t know...

We live in a new world where cybercrime is bigger business than the global drugs trade. Cybercriminals can be both targeted and indiscriminate. It’s a $2 trillion business. Worrying stuff.