Emerging threats
Your trusted Cyber Advisors
PGI has officially been recognised as an Assured Cyber Advisor by the UK’s most trusted cyber security body, the National Cyber Security Centre (NCSC).
A decisive decade for digital resilience in the Indo-Pacific
“The question is not whether AI will influence international peace and security, but how we will shape that influence.
Using digital intelligence to shape ethical and pro-social design
Content moderation, a key tool in the Trust & Safety arsenal, is designed on a set of policy principles, but in practice it often evolves as a reaction to incoming harms.
The importance of a whole-of-society approach to cybersecurity
The world continues to face a significant cybersecurity workforce shortage - the (ISC)² 2024 Global Cybersecurity Workforce Gap report estimates it to be 4.
Top digital challenges facing companies in 2025
In the rapidly evolving digital landscape of 2025, every organisation faces a huge range of challenges that extend far beyond traditional cyber threats.
MEDIA RELEASE: Groundbreaking CREST CAMP Training launched in Kenya
The delivery of training within the CREST CAMP programme was officially launched on 20 January at Strathmore University in Kenya.
From predictions to reality: Digital safety in a year of change
We began this year knowing it was going to be a significant year for digital risk and digital safety. An unprecedented number of elections, brand new online safety legislation under implementation – all taking place against a backdrop of both existing and new conflict and war.
Trust & Safety: A look ahead to 2025
Working within the Trust and Safety industry, 2024 has been PGI’s busiest year to date, both in our work with clients and our participation in key conversations, particularly around the future of regulation, the human-AI interface, and child safety.
Lies, damned lies, and AI - Digital Threat Digest
At their core, artificial systems are a series of relationships between intelligence, truth, and decision making.
A pointless digital jigsaw - Digital Threat Digest
Feeding the name of a new criminal to the online OSINT community is like waving a red rag to a bull. There’s an immediate scramble to be the first to find every piece of information out there on the target, and present it back in a nice network graph (bonus points if you’re using your own network graph product and the whole thing is a thinly veiled advert for why your Ghunt code wrap with its purple-backlit-round-edged-dynamic-element CSS is better than everyone else’s).
Arrested development - Digital Threat Digest
I am firmly of the opinion that if Google had fired all their feature developers around 2013 then their 2024 offering would be far superior to the unfortunate guff it has become today.
The 'oligarchisation' of politics online - Digital Threat Digest
Everything that I have learned about the US elections this year has been against my will. Don't get me wrong, I am well aware that whoever controls the White House has significant impact around the world, and I will admit that keeping up with American politics makes me a better analyst.
Threat Intelligence and the Hydra of decentralised Extreme Right-Wing organisations
Digital threat intelligence helps us respond to harmful entities and their activities online. As our professional investigation capability evolves, so do the online tactics of threat actors themselves, in something of a perpetual cat and mouse game.
Weather seeding and FEMA patrols: Conspiracy to armed action - Digital Threat Digest
I don’t think many people have escaped the devastating news about the recent hurricanes that have hit the US in recent weeks.
Hippo-critical behaviour - Digital Threat Digest
Last week, my social media feeds were filled with news of Israel's synchronised attacks in Lebanon, ranging from news updates and victim testimonies to Hezbollah memes and edgy tankie shitposting.
PGI joins WeProtect Global Alliance to strengthen the child safety online ecosystem
Protection Group International (PGI) is pleased to announce that it has joined WeProtect Global Alliance to support the creation of a safer online environment for children.
Politics of the absurd - Digital Threat Digest
“As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic insect”, is how Franz Kafka opens his absurdist short story The Metamorphosis.
The importance of Business as Usual PCI DSS compliance
Achieving PCI DSS compliance is a significant milestone for any entity that handles cardholder data. But! Maintaining that compliance is just as important, because lapsing into non-compliance can lead to substantial financial penalties, increased fees, and a higher risk of data breaches.
The revolution won't be televised, but we could livestream the insurgency? - Digital Threat Digest
Good things come in threes, unless you’re Mali, Burkina Faso, and Niger, enjoying successive coups in 2021, 2022, and 2023 respectively.
Digital futures - Digital Threat Digest
While my experience of parenting has been limited to trying to ‘school’ my younger siblings (classic older child behaviour), I have recently started thinking about how we should explain digital threats to children and the next generation – i.
Unlocking potential: How women can shape Southeast Asia’s digital security landscape
PGI, in collaboration with project management partner Development Alternatives Incorporated (DAI), recently completed a study under the USAID and International Telecommunication Union (ITU) initiative aimed at promoting gender equity and inclusion in cybersecurity across Asia and the Pacific.
Telegrammer in the (Tele)slammer - Digital Threat Digest
In 1858, The New York Times called the telegraph (the thingy that sends individual telegrams) “trivial and paltry”, and also “superficial, sudden, unsifted, too fast for the truth”.
Patterns and Satan - Digital Threat Digest
"If I had a nickel for every time an Autonomy billionaire sued by HP has died in a mysterious circumstance in the last week, I’d have two nickels which isn’t a lot, but it’s weird that it’s happened twice…" says one Tweeter trying to make a somewhat insensitive joke tweet about a recent tragedy, “OR IS IT” chimes in @GaryQCh3mTra1ls911 who is tweeting from a porch in the middle of the Nevada desert, wearing a tinfoil hat, looking up at the plane flying overhead thinking that the thin white streak coming out the back of it is capturing the minds of innocent citizens to be controlled by the World Economic Forum.
Journalistic integrity and over-vigilance
A lot has happened in the UK political landscape over the past few months; a landslide election with a significant transition of power, and sweeping waves of riots and political violence.
Ten-foot-tall threat actors - Digital Threat Digest
‘Perception Hacking’ is a cool concept. If I want to reduce trust in institutional integrity—during an election for example—I have two options: One, I can spend some serious cash, run some sophisticated campaigns, and slowly but surely push people towards distrust.
Irresponsible disclosure - Digital Threat Digest
Fachwissenfrustheißeluftzorn - a German compound noun for the anger you feel when you see crap hot takes on a slightly niche topic that you know quite a lot about.
Disinfo takes Gold - Digital Threat Digest
The 2024 Paris Olympics are in full swing, and fans (like yours truly) are eager to enjoy this year's Games in the City of Lights.
Crowdstruck - Digital Threat Digest
As I waited for my flight to be rescheduled during last week’s IT outage, I listened to fellow passengers wonder aloud how a company whose name has never hit their radar could have such an impact on such a spectrum of day-to-day matters.
TradWife takeover - Digital Threat Digest
If you don’t know who Nara Smith is, I’m sorry to say you may just be living under a rock. Nara Smith has simply taken over my Instagram and TikTok feed with her ‘what I cooked for my husband today’, ‘what my toddlers ate today’ or my favourite video format, ‘my husband was craving [insert insane request] so I made it from scratch’.
Supply chain assurance and effective Business Continuity
Explaining how digital incidents severely impact the real world can be difficult, but we are increasingly seeing cyber incidents that illustrate how malicious actors can impact our daily lives.
Should it be coming home? - Digital Threat Digest
On Sunday, England will take on Spain in the final of the 2024 European Championship in Berlin; the culmination of a month-long party of football.
Constellations - Digital Threat Digest
To avoid contributing to the flood of election takes that will undoubtably come today in the UK, I want to move far away.
Hot election summer - Digital Threat Digest
With the summer solstice behind us, we have officially entered hot election summer. Mexico, the European Parliament, Belgium, Bulgaria, France, the United Kingdom, Rwanda, one after the other.
Leave your ego at the door - Digital Threat Digest
This week, I've had the pleasure of attending the Terrorism and Social Media conference in Swansea; meeting and engaging with over 200 of the world’s foremost extremism and counter terrorism researchers and practitioners.
Electoral Integrity 2024: Reviewing the analysis
“2024 is set to be a monumental year for democracy”. We’re just hitting the 2024 election cycle halfway mark and the first sentence of PGI’s 2024 Digital Threat Forecast already feels modest.
Understanding the PCI DSS v4.0 Customised Approach
PCI DSS v4. 0 became the only authorised standard on 31 March 2024.
Do conspiracy theories ever truly die? - Digital Threat Digest
This week, Dr Anthony Fauci, the former Chief Medical Advisor to President Biden during the COVID-19 pandemic, gave testimony in front of a Congressional subcommittee.
Are you prepared for a cyber attack?
Cyber attacks continue to make headline news; every organisation should have considered how they would respond to a major cyber incident.
Ensh*ttification - Digital Threat Digest
Google’s new AI product, AI Overviews, defines 'ensh*ttification' as a 2006 Action/Thriller in which Jason Statham has to take a laxative every 12 hours otherwise his colon stops and he dies - because it’s not just a bad feature so much as a Machiavellian digital poltergeist actively trying to be as problematic as possible.
PCI DSS compliance: What is a Third Party Service Provider?
Navigating the complexities of PCI DSS compliance can be challenging, especially when it comes to understanding the role of Third Party Service Providers (TPSPs).
Let them repost cake - Digital Threat Digest
I must confess that I am an avid follower of TikTok drama, especially when it involves politically or societally sensitive issues.
Digital appropriation - Digital Threat Digest
Cultural appropriation is defined as when 'members of a majority group adopt cultural elements of a minority group'.
On India's first 'AI election' - Digital Threat Digest
India is currently in the middle of its 44-day general election, which is divided into seven phases and ends on 1 June.
Four Cardinal Virtues of good open source research - Digital Threat Digest
Last week, Bellingcat released their ‘Seven Deadly Sins of Bad Open Source Research’. The article lays out the glaring errors they’ve observed by practitioners online, especially regarding the conflicts in Gaza and Ukraine.
Brazilian Darth Vader - Digital Threat Digest
April 2024 marks the 40th anniversary of the Diretas Já civil movement in Brazil, a mass movement demanding direct presidential elections and a return to democracy after two decades of military dictatorship.
Fake news games - Digital Threat Digest
Last week, British comedian, Joe Lycett revealed he had successfully seeded four fake stories within the British press.
Safeguarding critical infrastructure: SCADA testing
The world would be a very different place without industrial automation and Supervisory Control and Data Acquisition (SCADA) systems serve as the backbone.
Regulating the piranhas - Digital Threat Digest
On 1 April 2024, the UN Office of the Secretary-General's Envoy on Technology published the zero draft of the Global Digital Compact (GDC).
Disincentivise the manosphere - Digital Threat Digest
As we approach Mental Health Awareness Month, it is paramount that, as digital investigators, we reflect on how information environments can be conducive spaces for constructive conversations around mental health and hygiene.
Costly distractions - Digital Threat Digest
Cost imposition—the idea that you try and make life as difficult as you can for your adversary—is common across cyber security, counterespionage, and increasingly considered in the detection and mitigation of influence operations.
Ok, Boomer - Digital Threat Digest
According to the Oxford Institute of Population Ageing (because of course there’s an Oxford Institute of Population Ageing), 70% of voters in the 2019 European Union parliamentary elections were 40 years old or above.
Domestic offline threats, international online action - Digital Threat Digest
I would need more than ten fingers to count the number of times I’ve personally concluded a digest by explaining that online threats such as disinformation and conspiracy need offline solutions; mainly through policies that better educate the public in digital resilience.
The era of speculation - Digital Threat Digest
I’m always curious about who starts conspiracy theories. Is it just one random person in their dark room on a computer with a light bulb moment and the power of the internet? How does it catch on? And are we all just engineered to speculate? The latest conspiracy theory to rock our world is around the House of Windsor, and more specifically – Kate Middleton and the conspiracy theories over her health on social media.
How to spot a pseudo-media outlet
Online influence campaigns are becoming increasingly common as political parties and state actors around the world seek to manipulate public opinion.
The three constraints on Influence Operations - Digital Threat Digest
To most people, online influence operations involve competing ideologies battling it out in the public sphere.
The narrative laundromat - Digital Threat Digest
Last week, Russian President Vladimir Putin complained that former Fox News anchor Tucker Carlson had been too soft; saying Carlson avoided “sharp questions” during their interview on 06 February.
Filling the void - Digital Threat Digest
Over the past few weeks, thousands of farmers across Europe have taken to the streets to voice their anger over government policies which they claim are destroying agriculture and making the industry nonviable.
The 'pop-op' - Digital Threat Digest
Taylor Swift is the latest target of a far-right conspiracy theory that claims her and NFL boyfriend, Travis Kelce, are part of a ‘psyop’ (psychological operation).
How to get buy-in for ISO 27001
Cyber security; when everything is going well, it’s easy for non-tech and non-risk people to underestimate the value of the services they’re paying for and the controls that have been put in place.
Has everything changed? - Digital Threat Digest
Metricising harm often boils down to looking at two things: intent and capability. What is your threat actor trying to do, and how good are they at doing it.
Anonymity on the internet - Digital Threat Digest
The other day, my friends and I were discussing how truly difficult it is to stay anonymous online. As digital investigators who rely on open-source intelligence to gain information, we’ve come to realise how much of our personal lives are floating around for anyone to come find.
2024 Elections – Digital threat forecast
2024 is set to be a monumental year for democracy; with over two billion people across 50 countries going to the polls to elect representatives at local, national, and intra-continental levels.
Impose cost - Digital Threat Digest
The concept of cost imposition sits at the core of plenty a cybersecurity strategy. The idea is that you make life as operationally, financially, or existentially difficult for your adversary as you can.
The future of "Open-Source" intelligence - Digital Threat Digest
Open-source intelligence (OSINT) has always been a precarious concept: gathering freely accessible data from open sources, often using free or inexpensive tools.
Big Brother is watching - Digital Threat Digest
For our last digest, my colleague wrote about how difficult it is for digital investigations analysts and OSINT researchers to ‘switch off’ during the holidays, especially knowing that there’s no similar break for online threat actors.
No rest for the wicked - Digital Threat Digest
Happy Holidays everyone – I’m sure all of us are ready to check out or have already, so you probably won’t read this, but for those still chugging along, this one’s for you.
Leave the world behind - Digital Threat Digest
Being a huge Julia Roberts fan, I recently watched her new film, ‘Leave The World Behind’. The movie follows a family who go on a last-minute vacation to get out of New York.
Added context on Community Notes I thought you might want to know - Digital Threat Digest
If, like me, you still can’t escape The Platform Formerly Known as Twitter you may have noticed the roll out of ‘Community Notes’.
The canary in the coal mine - Digital Threat Digest
In one of the latest Digital Threat Digests, my colleague urged readers to rethink the way we approach digital investigations to catch up with threat actors.
Playing by the rules - Digital Threat Digest
The most serious argument I’ve ever had with a very good friend came when they challenged me to a game of Crash Team Racing, a spinoff from the Crash Bandicoot universe in which you race characters in go-karts.
Clickbait and crises: The rise of crisis-driven misinformation - Digital Threat Digest
On 02 December, a 7. 6 magnitude earthquake struck the Philippines; and almost immediately after, my X (formerly Twitter) feed was filled with posts about it.
What is an IT Health Check?
An IT Health Check is an annual assessment required for public sector organisations using the government’s Public Services Network (PSN).
Forgotten wars and the duality of digital spaces - Digital Threat Digest
Amid the ongoing war in Sudan, positive news is hard to come by. The Economist has labelled the situation in Sudan as the ‘forgotten war’ with the international community focused on other regions.
Let the Games begin! - Digital Threat Digest
If you’re anything like me, you’re excited for the upcoming 2024 Olympic Games held in Paris, especially since the last Games in 2021 were largely restricted due to the pandemic.
AI Regulation: The dangers of the fine print - Digital Threat Digest
The tech world is currently dominated by headlines around OpenAI’s dramatic leadership challenges that have taken place over the last week.
In re-defence of history - Digital Threat Digest
Over the past few months, I have been closely monitoring the Argentine elections. On Sunday, voters decidedly chose to elect radical libertarian and political outsider Javier Milei as Argentina’s thirteenth president since the country’s transition to democracy.
Lights, camera, authentic imagery - Digital Threat Digest
Last week, world-renowned camera company, Leica announced the release of its first ‘Encryption Verification’ camera with content credentials built in.
Why do I need an information security gap analysis?
If you’re responsible for or involved with Information Security in your organisation, when you’re planning for the year ahead, your risk and compliance activities likely have a prominent space on your to do list.
Tackling the new reality - Digital Threat Digest
This weekend a digitally generated audio of London Mayor Sadiq Khan circulated online. The ‘deepfake’ Khan makes dismissive comments about Remembrance weekend commemorations and calls for a ‘million-man’ march in support of Palestine.
Accelerate to failure - Digital Threat Digest
In a recent article, Le Monde outlined how Moldovan individuals with links to Russian pseudo-media outlets are reportedly responsible for the Star of David graffiti that has been cropping up in Paris, amid the war in Gaza.
States, non-states, proxies - Digital Threat Digest
Don’t worry, this isn’t going to be about International Relations theory because I had those lectures at 9am on Fridays in 2014.
Are you on track for ISO 27001:2022?
On 31 October 2025 the 2022 edition of ISO 27001 will supersede the previous versions and you’ll need to prove your compliance to the updated Standard.
AI-Listers - Digital Threat Digest
If you’ve been keeping up with the latest AI developments, you’ve probably heard of a fairly new chatbot service called ‘Character.
Do your digital security measures evolve with technology?
In a recent conversation with colleagues, we were celebrating (and lamenting) the technology available to us in 2023.
The One Where We Lost A Friend - Digital Threat Digest
Anyone that knows me well enough will know that I am a MASSIVE fan of Friends – its not a unique thing, actually probably quite basic but just to say that I was truly saddened by the death of Matthew Perry over the weekend.
Attention war - Digital Threat Digest
On Sunday, I came across an article in the Financial Times discussing the impact of the Israel-Palestine conflict on the war in Ukraine.
Supply chain: Is your security entirely in your hands?
In short, the answer is no. There’s a reason Verizon coined the term, ‘supply chainpocalypse’ in their 2022 Data Breach Investigations Report.
Phishing on Microsoft Teams: What you need to know
There has been a recent uptick in the number of phishing campaigns happening over Microsoft Teams. Though there is a lack of publicly available information on attempts that have happened in the UK, Microsoft has issued an urgent alert warning of a highly sophisticated phishing campaign attributed to the well-known threat actor group Storm-0324.
Quantum Leap - Digital Threat Digest
A couple of days ago, the New York Times published an article about the encryption ramifications of “Q-day”, which is shorthand for the day quantum computers become more powerful than traditional ones.
Move fast and break news - Digital Threat Digest
Responsibility for the tragedy at the al-Ahli hospital in Gaza remains unclear. Over the past day or so, mainstream news publications have analysed open-source data but have been unable to judge conclusively whether Palestinian militants or the Israeli Defence Forces (IDF) are to blame.
Information overload - Digital Threat Digest
It has only been in the past year or so that I have heard ‘burnout’ and ‘fatigue’ used in reference to social media, information and the news.
La Peste - Digital Threat Digest
I recently came back from a trip to northern France where I enjoyed la belle vie – watching rugby, eating good food, and drinking wine.
Forgive and forget - Digital Threat Digest
In Italian slang, people often say that God forgives but your mother does not. Tough love aside, as an atheist, I often find myself wondering if God really does forgive, especially in the digital age, where forgetting has become almost impossible.
How can I defend my organisation against Ransomware?
Over the past year, there has been a 13% rise in ransomware attacks (according to Mimecast’s The State of Email Security Report 2023); an increase which equates to the number of attacks in the the previous five years combined.
The China-Taiwan information war - Digital Threat Digest
On 13 January 2024, Taiwan will hold its presidential elections to select its new leadership. The unification versus independence issue continues to be the main point of contention, particularly during these upcoming elections.
Countering conspiracy - Digital Threat Digest
On Saturday, Liverpool played Tottenham in the English Premier League. The game saw one of biggest errors of the televised sporting era, in which a goal from Luis Diaz was wrongly disallowed despite the support of technology and the Video Assistant Referee (VAR).
Hacks and libel - Digital Threat Digest
On 26 September, Semafor published a lengthy article written by Jay Solomon claiming that a series of Iranian-American analysts and advisors to the Biden administration had been compromised as part of a long-running Iranian influence operation.
How to manage the digital frontier? - Digital Threat Digest
These days, there seems to be a variety of digital technologies on the horizon that are poised to disrupt the way we live our everyday lives.
The conspiratorial delusion - Digital Threat Digest
On Saturday night, Channel 4’s Dispatches aired an investigation into Russell Brand, presenting allegations of sexual and emotional abuse towards multiple women between 2006 and 2013.
Decoding the dialect: The AI translational paradox - Digital Threat Digest
The other day, I came across this article from the Guardian on the use of AI translation in asylum applications.
Phishing assessment services: Tailored vs off-the-shelf
Not a week goes by that we don’t see a headline in the press that mentions something along the lines of “sophisticated phishing attack” or “new phishing attack approach”.
Covid-19, conspiracies and the CIA - Digital Threat Digest
In a manner horrifyingly reminiscent of March 2020, my week started with discourse on Covid-19, specifically of new variants.
Mitigating the risks of public IP addresses
You’ve heard of IP Addresses, you might even know what they are, but if you need to get a penetration test for your website or web application, why is your cyber security consultant asking about these as well? When it comes to penetration testing your web applications, it’s important to include your public IP addresses in the scope and here’s why.
Craving legitimate information - Digital Threat Digest
I’ve noticed I’ve been consuming increasing amounts of breaking news content from accounts named ‘Pop Crave’ and ‘Pop Base’.
Stemming the tide - Digital Threat Digest
The potential of AI-generated disinformation and influence operations is picking up fast. An anonymous software engineer called ‘Neapaw’ recently showcased ‘CounterCloud’, a Large Language Model (LLM) project designed to automate a pro-US, anti-Russia, pro-Biden, anti-Trump influence operation in its entirety.
Breaking down the cost of a cyber attack
We’re all used to articles citing eye-watering figures on what a data breach or ransomware attack can cost an organisation; typically figures ranging from thousands through to millions.
Gotcha - Digital Threat Digest
Media, politics, debate, and general human interaction increasingly revolve around ‘gotcha’ moments. The desperate and infinite pursuit of being able to catch out the person who disagreed with you online and parade them in front of the digital crowd as a stupid dumb idiot.
Testing, testing, 1, 2, 3... - Digital Threat Digest
When it comes to research in the digital threat space, it's often the reports focusing on Western targets that are afforded the limelight (we are a Western country after all): Russian influence in the US 2016 election, Chinese bot farms fanning the political flames of the 2020 Black Lives Matter movement, Iran's 'PressTV' operation in the UK.
Digital armies - Digital Threat Digest
With wars no longer just fought on the ground but online, traditional peacemaking and mediation tactics have had to shift.
Where is your data?
The past few years have seen a rise in flexible working, with many of us now in remote and hybrid roles.
The online narco state - Digital Threat Digest
As a dedicated Latin Americanist, I was naturally following Ecuador’s snap presidential election on Sunday – triggered two years ahead of schedule by President Guillermo Lasso to avoid impeachment proceedings.
What is password hygiene and why is it important?
Back in 2019, the National Cyber Security Centre shared some of the alarming password practices that came out of research they did into cyber security in the UK.
AI and the prisoner’s dilemma of regulation - Digital Threat Digest
When it comes to regulating something at an international level, navigating the geopolitical interests of different states is a difficult task.
Azaadi Mahotsav: Digital hate, polarisation and mobilisation in India - Digital Threat Digest
Today is India's 77th Independence Day. Growing up, the day always felt joyful – characterised by kite flying, flag hoisting and the celebration of our collective azaadi (freedom) as a people.
Behind the curtain - Digital Threat Digest
On 8 August, Ohio voters rejected a Republican-backed referendum ballot known as Issue 1. Had it passed it would have changed the Ohio State Constitution to require 60% approval for any constitutional amendment, as opposed to a simple majority.
5 benefits of exercising your cyber Incident Response plan
In an ideal world, the security controls you put in place are enough and threat actors have no interest in looking for new vulnerabilities to exploit or developing new approaches to access your systems.
The importance of being anonymous - Digital Threat Digest
Recently, I’ve been reading about Worldcoin, an initiative co-founded by OpenAI chief executive Sam Altman.
The democratisation of information - Digital Threat Digest
Capitalism has destroyed the internet, and the decentralisation of debate was a mistake. I’ve subscribed to my fair share of platforms and apps over the last 15 years, but the only two I’ve ever paid money for were OSRS and PokémonGo.
What is Infrastructure Testing?
Infrastructure Testing is an aspect of penetration testing that is often overlooked by organisations who are looking at improving their cyber security.
The Russian disinformation campaign against former French colonies - Digital Threat Digest
Almost a year and a half after it started, the war still rages on between Russia and Ukraine. Russia continues to spread disinformation about its need to eradicate Nazism in Ukraine, target NATO and advocate for an ‘anti-Western’ ideology.
Deals and disasters - Digital Threat Digest
In March, we wrote a digest on the uptick of xenophobic rhetoric centred on the perceived increase of sub-Saharan migration in Tunisia and the ‘secret’ project to change Tunisia’s demographic that was first inspired by the once relatively unknown Tunisian National Party and amplified by no other than President Kais Saied himself.
Oppenheimer vs Hinton? - Digital Threat Digest
I’m sure that I don’t need to provide context for this digest, but yesterday I found out that one of my colleagues had no idea what the Barbie movie was, so just in case you missed it as well - two of the biggest films of the year, Oppenheimer (a biopic about Robert Oppenheimer, the creation and use of the atomic bomb) and Barbie (a hard-hitting piece of cinematic mastery about the complex lives of plastic dolls) were released last Friday.
Barbie and the memetic politics of the spectacle - Digital Threat Digest
A few days ago, the official TikTok account of the Presidency of Colombia posted a video in celebration of the 20 July Independence Day.
AI Agents: Destroyers of the world? Or more of the same? - Digital Threat Digest
After the public release of ChatGPT, it has been hard to avoid the explosion of promises around the potential uses of AI.
Digital India - Digital Threat Digest
Over the past week, I’ve been focused on the concept of digital regulation – largely inspired by the Indian government's new Digital India Bill.
Hanging by a Thread(s) - Digital Threat Digest
Last week Meta debuted their new platform Threads, designed to compete with Twitter. Since its launch, over 100 million users have signed up making it the fastest growing app – even overtaking ChatGPT.
Riot Games - Digital Threat Digest
Today world events play out twice; first as real-world tragedies and then as online farces. These processes occur at the same time, with one reinforcing the other.
Butlerian Jihad - Digital Threat Digest
The thing that interests me the most about the Dune universe is its depiction of a world which has banned, destroyed, and evolved beyond technology that can think for humans.
Press X to doubt - Digital Threat Digest
Last week, my colleague wrote a piece about the illusion of choice – how everything that hits our Netflix and Amazon Prime follows the same basic structure, even if the main characters and settings change.
The veil of ignorance and proxy wars - Digital Threat Digest
The last time I wrote about the conflict in Sudan it had been twelve days since the fighting had begun, today it is just over two months since it started – 73 days to be exact.
The illusion of choice - Digital Threat Digest
As much of the Netflix account-owning world, I spent the last week watching the new series of Black Mirror.
AI threats follow the rules, too - Digital Threat Digest
The hyperfocus on AI continues to generate an incredible number of predictions around its future uses, for good and for ill.
High Threat-worth Individuals - Digital Threat Digest
The gig seems to be up for Boris Johnson and Donald Trump. Both men have been politically sidelined for a while now, but with Johnson about to found guilty of lying to the Commons and Trump facing potential jail time for mishandling classified documents, it is looking unlikely that the Teflon Bros.
Hellscape - Digital Threat Digest
It was been difficult to miss media coverage on last Wednesday’s apocalyptic scenes in New York. The whole city was engulfed in a dystopian, eerie orange smog because of wildfires in Canada.
The Facts and the Furious - Digital Threat Digest
Indian social media is currently abuzz with talk around the film ‘The Kerala Story’, which was released last month.
Isolated reality - Digital Threat Digest
Much as Apple managed to do some serious damage to the phone market post-2007, so the AR/VR/XR wars have begun as of June 2023.
Unique signals - Digital Threat Digest
Like the rest of the UK, I spent the bank holiday Monday outside, having a barbecue, stubbornly refusing to put on sunscreen.
US2024: The Culture War - Digital Threat Digest
Over the past few weeks, I’ve become more and more convinced that the US presidential election next year is going to come down to a battle of cultures, rather than politics.
Catgirl psyops - Digital Threat Digest
Someone told me recently that they can tell which of these entries I write. I think this can be interpreted in both a positive and a negative way.
PCI DSS v4.0: What you need to know
In March 2022, the PCI DSS Security Standards Council launched the long-awaited update to the standard, with Version 4.
Default settings: Why configuring your systems correctly is crucial
When there’s a cyber security incident, technology is often the first to take the blame, but it’s important to know that many weaknesses manifest in networks, systems, devices and software because they haven’t been deployed and configured correctly, or in some cases, they are still set to a default configuration.
5 things to consider when choosing the right technology for your business
There was a time when procuring new software to streamline a process was fairly straightforward – identify a gap or problem, find a software solution, pay for it, install it (and maybe teach people how to use it).
How to mitigate third-party digital risk
Every organisation is facing a myriad of third-party digital risks; whether that’s criminal-led (the most common), state-led, hacktivists or commercial espionage driven.
Helping nations build cyber security capability: Jamaica
In March 2022, the Government of Jamaica’s Office of the National Security Advisor (ONSA) published the Caribbean Regional Cybersecurity Training Needs Analysis (TNA), which was designed and delivered by Protection Group International (PGI) and funded by the Foreign, Commonwealth and Development Office of the United Kingdom.
What Is ISO 27002 and why does your business need to know about it?
The International Organization for Standardization (ISO) recently released an update to the ISO/IEC 27002 originally published in 2013.
Young Omani cybersecurity talents honoured at awards ceremony
Muscat—On 28 March 2022, 24 Omanis who participated in the CyberSafe Incident Response competition were honoured with awards at a UK Oman Digital Hub Event.
What is zero trust?
Three years ago, the UK’s National Cyber Security Centre recommended that, in new IT deployments especially those with connections to the cloud, a zero trust approach should be adopted.
The role of an Incident Response team when an organisation is under attack
Cyber security is now such a threat that, in the early part of 2022, the Government launched a nationwide Cyber Security Strategy.
Digital information threat forecast: 2022
Growing hybrid extremism There will be continued challenges in the detection and removal of extremism and disinformation on social media.
Why choose ISO 27001 over other information security frameworks?
ISO 27001 is one of the best known and most recognised internationally agreed set of standards for the specification of information security management systems (ISMS).
‘Tis the season that we’re all more vulnerable to cyber attacks
It’s that glorious time of year; we’re spending time with loved ones, going to parties, exchanging gifts and probably taking some time off work.
When is a good time to do a cyber maturity assessment?
Most of us love data, especially when it gives us a sense of progress. I say this as a confirmed FitBit tragic who lives for yet another point on my ‘cardio fitness’ score.
The evolution of climate change disinformation
With the UN Climate Change Conference (COP26) due to take place in Glasgow from 31 October – 12 November 2022, the PGI Digital Investigations team examined the evolution that climate change disinformation has undergone in recent years, from outright denial of the existence of climate change to partisan politicised manipulation.
What’s the point of a cyber security maturity assessment?
At worst, information assurance consultancy can risk feeling like paying somebody merely to tell you what you already really know; or even performing work that, at least theoretically, you could do yourself.
Gulf women in cyber lead work to address GCC’s cybersecurity skills gap
In collaboration with Ipsos and Protection Group International (PGI), the 2020-2021 cohort of the UK-Gulf Women in Cybersecurity Fellowship Programme has released a report from the first phase of research into cyber skills in the Gulf region, Addressing Cybersecurity Skill Shortages in the GCC Region.
The importance of hands-on experience and industry support in cyber security skills development
Skills development is about so much more than attending classroom sessions. To ensure students and trainees are prepared for careers in cyber security, PGI recommends that a mix of practical placements, hands-on labs and mentoring should supplement classroom learning to build the cyber security workforce of the future.
The evolving use of social media by militant Islamist groups
Militant Islamist organisations have always manipulated the media, whether to publicise their cause, spread their ideology and aims, or recruit new members.
Cyber security as risk management
Many of our first conversations with our clients involve our cyber security consultants aiming to simplify things a bit.
Inauthentic behaviour on social media is fanning the flames of disinformation about Christian Eriksen’s cardiac arrest
In the aftermath of Christian Eriksen’s collapse and subsequent cardiac arrest, PGI uncovered coordinated efforts on social media to amplify false claims that the incident was caused by a COVID-19 vaccine.
Is my organisation doing cyber security correctly?
A question we often hear from our clients is, “are we on the right track?” Of course, when it comes to digital/cyber risk there is no simple answer for this, there never is.
How much data is your organisation leaking without realising it?
Have your friends and colleagues had their COVID-19 vaccine jab yet? Well, don’t worry about waiting for them to tell you because you can find out from the NHS Digital booking website directly…sort of.
Troll well for less: Analysing the racist trolling of the Sainsbury’s Christmas advert
Racism on social media is a pervasive issue and while organic statements of prejudice are commonly expressed on platforms like Twitter, some groups and individuals are leveraging the algorithmic architecture of social media to amplify their hostile beliefs.
Incident Response: The aftermath of a digital incident
In general, we try not to be too negative when it comes to the likelihood of an organisation, of any size, being hit by a cyber-attack, but for the sake of our clients, we also need to be realistic.
Protection Group International (PGI) teams up with the South West Cyber Resilience Centre
As a private sector partner of SWCRC, PGI’s cyber security experts will be recommended to members if they would like to attain the Cyber Essentials certification or should they come up against a cyber security problem outside the scope of the CRC’s mandate.
Malign trolling: Tarnishing reputations and influencing media narratives
The recent online response from inauthentic social media accounts to the events at the Sarah Everard vigil highlights the ongoing and increasing danger of malign trolling activities and their ability to tarnish the reputation of public figures and leverage topical political issues to further conspiratorial and extremist narratives.
PGI Cyber Academy announces CREST-Approved training
In response to increasing demand from its clients—that mandatory training should be aligned with industry recognised certifications—the PGI Cyber Academy has been awarded ‘CREST-Approved’ status for three of its Cyber Threat Intelligence (CTI) training courses, which are aligned to CREST’s CTI exams.
Immunity CANVAS leak: What you need to know - 2020
In 2020, Immunity’s CANVAS exploit platform was leaked to the VirusTotal database; making the usually cost-prohibitive tool available to a much wider audience.
5 ISO 27001 myths that make the Standard seem expensive and difficult
ISO 27001, the gold standard of information security management best practice, or a royal pain in the neck? Let’s be honest; more often than not, organisations don’t implement ISO 27001 for fun, it’s because they don’t have a choice.
The man behind Trump’s Twitter account
Have you ever heard of Dan Scavino? Well, if it makes you feel any better, neither had I until I dived deep into Trump’s now extinct twitter feed.
Parler isn’t the problem: Why de-platforming won’t stop the spread of far-right ideologies in the US
In brief Apple and Google have recently pulled the social networking site Parler from their App stores, stating that the app failed to comply with content moderation requirements.
IMO’s 2021 Cyber Security Regulations are dead ahead
Malicious cyber activity targeting or affecting the maritime sector has soared in 2020 and, with the end of the year fast approaching, so too is the impending deadline for compliance with the International Maritime Organisation’s (IMO) cyber security regulations.
Phishing and operational resilience? Old words, new environment
‘Operational resilience’ has left the world of management buzzwords and is now firmly embedded in operational reality.
Double-extortion ransomware: Two different considerations
Double-extortion ransomware reflects the inevitable evolution of the digital version of kidnap and ransom.
The challenges of PCI DSS compliance
We were already steadily moving towards a cashless society, even before the COVID-19 pandemic hit; banks made it easier for us to use our cards while we are out and about, with contactless payments, and we are certainly spending more time and money doing our shopping online.
AGH and PGI announce next stage of cyber academy partnership
KRAKOW—Earlier this week, the AGH University of Science and Technology in Krakow and British cyber security company, PGI (Protection Group International Ltd) announced that PGI’s UK Government certified role-based cyber security training will now available to Polish clients, including MSPO attendees, at AGH’s state-of-the-art laboratories and technical training facilities.
Cyber security in the healthcare sector
The UK Healthcare sector is currently regarded as the most at-risk sector to cyber attacks. This follows a report by data security provider Clearswift which revealed that last year in the UK, 67% of healthcare organisations experienced a cyber security incident.
Are lack of tech upgrades really a digital security problem?
We recently read an article on lack of tech upgrades contributing to the risk of data breaches. It got us thinking: While we all love the latest and greatest hardware, what’s the real risk? There was a time when hardware ‘usability’ was defined by the requirement for a modern, secure operating system supported appropriately by vendors.
The importance of Identity and Access Management
When we help our clients with their cyber and information security, one area that we sometimes find neglected is identity and access management (IAM).
The continued rise of Business Email Compromise
Back in July 2020, a pair of well-known Instagram users—one of whom had 2. 4 million followers—were extradited to the US to face charges of conspiracy to commit wire fraud and laundering hundreds of millions of dollars obtained from online crimes.
The cost-effective way to address cyber security skills and diversity gaps
The global cyber security workforce gap is estimated to be 4. 07 million with 35% of organisations unable to fill open cyber security jobs to protect their assets.
Ransomware attacks continue – as do ransom payments
Not a month goes by that we don’t see that another organisation has suffered a ransomware attack. In fact, in the last month we’ve even seen global car manufacturer Honda become a victim, along with several lesser-publicised organisations, including the city of Florence, Alabama in the US.
Unregulated Social Media: Havens for hate?
Unregulated social media – in brief Stricter regulations on large social media platforms are driving some extremists to smaller, unregulated networks.
What is the difference between misinformation and disinformation?
The terms misinformation and disinformation are often used interchangeably, but they do differ in nuance.
Keeping an eye on COVID-19 cyber security risks
As the world deals with the COVID-19 pandemic, cyber security issues may have taken a backseat for both individuals and companies.
Cyber security and remote working
Hybrid working or full remote working arrangements are the norm now, so here are some suggestions for keeping your organisation running smoothly.
Two years of GDPR: Clarifying personal data [Infographic]
The 25th May 2020 will mark the two-year anniversary of the implementation of the General Data Protection Regulation, also known as the GDPR (and sometimes referred to as the bane of your DPO’s existence).
Cyber breaches: People in glass houses shouldn’t throw stones
One of the issues highlighted by the Travelex incident—and the reaction to it—is the extraordinarily high level of culpability and scorn that continues to be attached to corporate victims of cyberattacks.
Changes to the Data Security and Protection Toolkit (DSPT) for 2019/2020
Keeping data safe is an ongoing process—once a regulation or process is in place, the body responsible for monitoring compliance will always be looking into ways to improve the measures.
The importance of checking Firewall Rules and PCI DSS
Requirement 1 in the Payment Card Industry Data Security Standard (PCI DSS) is largely concerned with firewalls and how they are such a critical protection mechanism for network security.
UK Oman Digital Hub launches with PGI Cyber Security Training
The UK Oman Digital Hub was launched this month. It aims to enhance collaboration in technology and education between the United Kingdom and the Sultanate of Oman.
What’s the difference between a vulnerability assessment and a penetration test?
We often get enquiries asking for a penetration test, but really the enquirer wants a vulnerability assessment (also referred to as a vulnerability scan).
PGI partners with Qatar University to develop cyber training capability
Protection Group International yesterday signed a Memorandum of Understanding with Qatar University College of Engineering (QU-CENG) KINDI Center for Computing Research to partner on developing a Cyber Academy at Qatar University.
How your IT department can get the most out of penetration testing
When arriving on site to undertake penetration testing, one very quickly gets a sense of how the local IT staff work.
Is your limited cyber budget invested to maximum effect?
All businesses are at risk of a cyber-attack, so we won’t bore you with a lengthy introduction on how around 30% of businesses will be breached in the coming year, how more than 60% are not adequately prepared and average cost per breach etc.
Cyber security training and combating the same old recruitment problems
Let’s face it, the security industry is confusing. On one hand, we‘re telling organisations to educate staff better, secure systems, create useful policies, and employ more staff with skills and knowledge to protect data and operational systems.
Cyber education for your workforce: Where to start
Governments, corporates and SMEs all need increased protection to counter the ever-present and changing cyber threat.
Understanding the NIS Directive (NISD) and how to be compliant [Video]
In this video, PGI’s CEO, Brian Lord discusses the basics of the NIS Directive (NISD), the concerns and risks, and how to begin the process of becoming compliant without reinventing the wheel or implementing an unnecessary or expensive framework.
Information security: The choice between Cyber Essentials and ISO 27001
We know information security is a complex world – there are a lot of initialisms and controls and, often, knowing where to start is the hardest part.
Common mistakes when engaging a penetration testing consultant
FACT: In 9 out of 10 internal penetration tests we undertake, we are able to achieve a complete compromise of the network due to simple configuration mistakes.
5 reasons your organisation needs a cyber Incident Response plan
Because so many of our business processes depend on technology, most organisations rely heavily on their IT team to keep networks running smoothly and revenue generating activity operating consistently.
What is NISD and how it impacts the OES community
In the 21st Century, many of our essential services—health, transport, energy, water and digital infrastructure in particular—have become heavily reliant on networks, technology and internet connected service delivery.
How a hacker will access your network
It has become rather cliché to say that data is now more valuable than oil, but for many organisations, it’s absolutely true.
The Data Protection Act: What is personal data?
You may have seen in the news recently that the pregnancy and parenting club, Bounty have been fined £400,000 by the Information Commissioner’s Office (ICO) for illegally sharing 34.
Cyber security: Human risk – a car crash waiting to happen
In every Corporate Cyber Security Maturity Model that we conduct across all varieties of corporate clients, two categories repeatedly always score lowest – one of those is ‘Staff Training and Education’ (the other is supply chain management’, but that’s for another blog post).
To hack back or not to hack back
Discussions around ‘hacking back’ are increasing proportionately with the rate and scale of disruptive hostile cyber action on large corporate organisations.
Why organisations can’t afford to forget about data protection and GDPR
You probably can’t believe we’re saying it because it feels like only yesterday that we had GDPR fatigue – constant reminders from every publication, a little fearmongering here and there, and generally an overload of information.
6 things you will learn about your organisation from a penetration test
A penetration test will help you understand your technical vulnerabilities. But, that’s not all.
What is whaling?
More than 90% of breaches start with a phishing attack. Hackers are adaptive and opportunistic, so it’s no surprise that some have adapted their phishing attempts so they can land the biggest fish—CEOs and executives—using a technique known as ‘whaling’.
What is a Red Team?
‘Red team’ activities are concerned with offensive security exercises e. g.
What is Social Engineering?
With the wealth of information about business and people available online, it is little wonder that criminals can and do use it for malicious purposes.
Filling the cyber security knowledge gap in your organisation
Every year, businesses of all sizes lose money to increasingly innovative cyber criminals. To exacerbate this problem, there are too few cyber security professionals globally to complete all the work required to protect and defend critical systems; the estimated gap is at least 1 million.
Defending against cyber threats while on the road
What would we do without the internet while we’re abroad? Whether it’s looking up directions to the next meeting or trying to find the best place to stop for lunch, we’re always connected.
Fake news and trusted sources
In the age of fake news, as individuals we are being encouraged to check the sources of information that we use.
What is the difference between cyber crime and traditional crime?
Simply put, cyber crime is a crime committed using technology and the internet. Although cyber crime is often discussed as a separate entity to traditional crime, it is carried out by the same types of criminals for the same type of reasons.
PGI Cyber Academy courses available in Southeast Asia
PGI Cyber Academy courses available in Southeast Asia PGI has partnered with the Malaysia Digital Economy Corporation (MDEC) and Asia Pacific University (APU) to train 72 Malaysians as Cyber Security Incident Responders.
Cyber Career Conversion Programme: Armed Forces to cyber
Joseph Chmiel, Cyber Career Conversion Programme participant Prior to the Cyber Career Conversion Programme I served as a Captain in the British Army’s Intelligence Corps.
Diversity deficient cyber security industry: Skills gap made worse
The cyber gap, the difference between the demand for cyber security professionals and their supply, is projected to reach 1.
Information security and the supply chain
As best practice, being able to address security requirements with your critical service providers is consistently included in all of the major cyber security standards.
Jordan Design and Development Bureau (JODDB) launches a cyber security academy with UK Cyber training specialists PGI
The Jordan Design and Development Bureau (formerly, the King Abdullah II Design and Development Bureau) announced the launch of its Cyber Security Academy at the Special Operations Forces Exhibition and Conference (SOFEX).
Managing Cyber Security Risk – Brian Lord’s chapter
Managing Cyber Security Risk – Brian Lord’s chapter Cyber security invasion is an ever-growing threat and should be a source of daily concern for all organisations.
PCI DSS: A terminology and acronym minefield
We’ve all been there; you’re talking to someone who throws an acronym at you that you’ve never heard before, or worse, you have heard it, but it means something totally different in the context of your conversation (or you’ve forgotten).
PCI DSS: Ensuring ongoing compliance
Once a status of compliance has been successfully achieved, the last thing an organisation wants is to drop its guard and lapse into a state of non-compliance the following year.
PGI chosen to build cyber security skills in Malaysia
Malaysia Digital Economy Corp (MDEC) has partnered with Protection Group International to build a cyber training academy at APU (Asia Pacific University), to protect and enhance Malaysia’s digital economy and build cyber security training capability across the Asia-Pacific region.
PGI presents methodology for developing national cyber security skills at 1st AFCEA Jordan Cyber Security Conference
Sebastian Madden, Chief Corporate Development Officer, PGI The AFCEA Jordan chapter hosted its first annual cyber security conference ‘Secure the Future through Cyber Protection’ on 11-13 December.
PGI and AGH University to build a cyber academy in Poland
Protection Group International and Jerzy Lis, Vice-Chancellor for Cooperation for AGH University of Science and Technology signed an agreement in Krakow, Poland on 18 October declaring their intent to work together to deliver cyber security training and develop a cyber academy to build professional skills in cyber security.
PGI’s Cyber Academy hosts the UK’s first boot camp to reform teenage hackers
PGI and The National Crime Agency has started the UK’s first ‘rehab’ course for hackers. As one hard-hitting headline after another details the targeting of our public and financial services, it is becoming painfully clear that cyber insecurity is one of the greatest threats we face as a nation.