Author: Farayi Dzichauya

A penetration test, commonly called a pentest, is an authorised, simulated cyberattack on a computer system designed to assess its security. This testing method assures the system’s defences by attempting to bypass its security controls, using the same tools and techniques that a potential attacker would employ. Purpose and Scope This document is an all-inclusive…

The advent of quantum computing represents a paradigm shift not only in computational power but also in the field of cryptography. The unique capabilities of quantum computing, which leverages the principles of quantum mechanics, promise to solve problems intractable for classical computers. What does that mean for us all – particularly those in cryptography? Cryptography…

A cybersecurity strategy is a high-level plan for how your organisation or country will secure its assets during the next three to five years. The rapid change in technology means that these days you end up revising it due to the dynamic nature of threats and technology. One example of a public strategy is the UK cyber…

We are in a new year and it’s a good time to review of your online security practices and the measures you have in place to protect your data and privacy. It’s like giving your online life a bit of a  checkup to identify any vulnerabilities and areas for improvement. It’s always good to have…

We are going to see improvements in the exploration of generative AI and large language models by criminals in phishing, sms, and various social engineering attacks. These technologies will allow attackers to increase the scale of their operations which leaves victims talking to bots. We are likely to see automated phishing Campaigns – AI can…

In the digital age, securing your online presence is paramount. The internet, while a hub of information and connectivity, can also be a playground for cyber threats. This guide explores twelve key strategies to fortify your digital life against potential vulnerabilities, offering a blend of convenience without compromising security. Understanding the Importance of Online Security…

I often get asked by my friends and family how to stay safe online so I have decided to put something together. There is always friction between convenience and security – as a rule of thumb, the more secure something is the less convenient it is. There are obvious exceptions though. Here are some tips…

Ransomware has been with us for a while and initially was mostly focused on encrypting individual devices. In 2013, CryptoLocker, a ransomware attack by the GameOverZeus organised crime group, combined strong public key encryption with cryptocurrency payments, making it a profitable business model. Attackers began to target large organisations instead of small businesses or individuals,…

Principle-based assurance (PBA) is an approach to cybersecurity assurance that focuses on the underlying principles of a system or process, rather than on specific controls or procedures. This approach is based on the idea that if the underlying principles of a system or process are sound, then the system or process is likely to be…

Software engineers typically make hundreds of decisions every day and in my experience no one sets out to write insecure code, so everyone is well meaning however in those decisions some have a bearing on security outcomes and some don’t. It is vital that developers spot security-relevant decisions as they are encountered, and have a clear…