Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
There’s no doubt that the internet has made almost every element of our lives easier. Virtually everything now has an online presence, from multi-national social media goliaths to your local bakery. Though this has its advantages, it also creates risk. Convenience comes at a cost, and all too often consumers and businesses alike don’t pay enough attention to cyber security until it’s too late. Even those who are security minded often don’t get a say in what happens to their data, as the recent mega-hacks from the likes of easyJet and SolarWinds have proved. Cyber attacks can result in data breaches, regulatory fines for non compliance, legal costs, and a ruined reputation. So let’s take a look at the biggest cyber attacks of 2020 and see what we can learn. For those who are new to the subject, have a look at our humorous take on explaining cyber-attacks in this video:
The WHO is a noble international institution that was taking a leading stance in combatting the COVID-19 pandemic. Unfortunately this moral high ground that doesn’t mean it’s above the attention of cyber criminals. As a result of a series of cyber attacks in Spring 2020, a gigantic data leak took place, with more than 20,000 email addresses and passwords being released to the public. What was the modus operandi of the criminals behind those cyber attacks?
It turns out that the cyber criminals obtained confidential data thanks to social engineering, or to be more precise – phishing attacks. The sheer number of people employed in large organisation such as the WHO, along with the fact that it only takes a single individual responding to a suspicious email to let the hackers in, means that phishing must be considered a constant threat. After the leak, the WHO officials claimed that the 2020 cyber attacks were successful due to the outdated information infrastructure. Which is tech-speak for ‘we didn’t patch our security flaws’. Lack of resource to run proper patching schemes is one of the challenges we highlighted in our 2021 Annual Cyber Security Report. To avoid a similar data breach in the future, they have implemented a secure authentication system. Which might sound like ‘too little too late’ until you realise that phising attacks happen all the time. This will happen to the WHO again, and this time they’ll be a little more prepared.
The lesson for businesses here is to proactively test your defences against phishing attacks, hold regular security training, and have an internal penetration test to know what damage a hack could do if your defences are breached. The necessity for employee remote working has made phishing attacks more successful, something we looked at in our blog and webinar on secure remote working on securing remote working.
Most of the people you know have accounts on at several social media platforms. There are over 330 million monthly active users on Twitter alone, so it’s no wonder that cyber attacks directed at those platforms are not rare, as gaining access to personal data of millions of people could be insanely profitable. However, the Twitter cyber attacks of 2020 that we want to mention were no mere data leaks.
As a result of the phishing campaign, cyber criminals gained access to accounts of several senior Twitter employees. This privileged access meant the miscreants could tweet from the profiles of world leaders and industry titans, including Bill Gates, Jeff Bezos and Elon Musk with scam to gain Bitcoin.
It wasn't a threat – quite the contrary, a proposal of a business deal seemingly from the likes of Elon Musk, in which they promised that they would send them twice this number of Bitcoin later on. Although this attempt might seem silly, those cyber attacks were at least moderately successful, as they managed to obtain Bitcoin exceeding $100,000. Though it certainly wasn't one of the biggest cyber security attacks in 2020, the relatively low extent of damages aside, it was troubling primarily because it showed that even the largest organisations that handle the personal data of hundreds of millions or billions users are not immune from external threats.
The Twitter hack highlighted the influence that social media has in our everyday lives, and if the hackers had been motivated by politics rather than finance it could’ve been a very different (and disastrous) outcome. The lessons learnt from the Twitter hack can also apply to your business. Just as you shouldn’t trust Bill Gates’ account offering you a Bitcoin deal, you also shouldn’t trust an email from your CFO pressuring you to make an unexpected payment. Email and messenger accounts can be compromised, and you need to make sure that everyone in your business is prepared for it and knows how to respond. Simple security training is a great place to start.
Though video conferencing is nothing new, the arrival of the COVID-19 pandemic was a true game-changer. Instead of being a feature that made the functioning of businesses around the world easier, video calls became something without which conducting day-to-day operations wouldn't be possible with the lockdown in place. Because of that, in a matter of weeks, Zoom became an insanely popular brand.
However, even though its number of customers has skyrocketed almost overnight, it doesn't mean that it hasn't had any security issues. Despite best-practice (and common sense) advice, many people re-use credentials across different online locations. So if one company has a data leak (which you might not even be aware of), your credentials fall into the hands of cyber criminals. Instead of being able to access your only the one breached account, the hackers can now access a variety of your online accounts thanks to your security complacency.
That's what happened in this situation. Thanks to a method of cyber attacks called "credential stuffing," hackers were able to gain access to hundreds of thousands of Zoom accounts, which were then sold for profit. The hackers gained access from getting credentials from existing data breaches and trying them on Zoom.
Creating different passwords for each platform might be a nuisance, but it's a necessary step if you want to avoid serious cybersecurity threats. Businesses can use two-factor authentication (2FA), which is a great defence against credential re-use at the expense of a slightly longer logon process. You’ll be used to 2FA from things like mobile banking. With the increasing popularity of cloud tools and single-sign-on for businesses (such as Azure Active Directory), organisations need to ensure that a data breach in one area, such as an employee’s private life, doesn’t impact corporate cyber defences.
Most readers will have heard of ransomware: where hackers encrypt your computer, charging you a fee to unlock it and recover your data. There’s no guarantee that they’ll hand over the unlock code after you pay, and no guarantee that they haven’t grabbed a secret copy of your sensitive data. If ransomware to your home PC it could be heartbreaking to lose personal memories such as photos. If it happened to your business IT it could devastate your entire business in one go. But what happens when ransomware attacks healthcare?
Magellan Health, a healthcare insurance provider, found out the hard way in 2020 when private information of more than 350,000 individuals was stolen. Once again, the cyber criminals’ methods involved social engineering, and while impersonating Magellan Health's clients, they managed to install malware on the company's system. Once they obtained logins and passwords of the employees, they managed to access a database that contained information such as the address, Taxpayer Identification number but also Social Security number of around 350,000 patients. The cyber criminals exfiltrated (and presumably sold) this highly lucrative data, whilst the ransomware also provided another revenue stream and also helped hide the hacker’s attack.
The lesson for businesses is that, even in the times of the global pandemic, cyber criminals have no qualms about attacking companies that attempt to save lives. As our revealing ‘Cyber Stats for 2021’ infographic shows, this proves to businesses that everyone is a target, from UK SME to global multi-national. Hackers have few morals and will pursue every avenue to make money. Often a business can be breached not because they were a direct target, but simply because they were collateral damage from another attack. Take the threat of cyber security seriously and start with the basics, such as Cyber Essentials or ISO 27001 certification.
Social media, email and IM apps may rule the roost of modern communications, but humble voice telephony is still a valuable data source for hackers. Cosmote, Greece’s largest mobile network operator, found out to its cost in September 2020 when it suffered a colossal data breach.
Apart from intercepting millions – that’s millions – of phone calls, cyber criminals also stole valuable contextual data about the calls – time/date, duration, telephone numbers, age, and gender. Greek newspapers noted that even the calls of Greece's prime minister and other members of the government were intercepted, which may have been the real motivation.
According to the company officials, even though this attempt succeeded, Cosmote typically has to repel around half a million cyber security attacks each month – that’s about 700 per day. If we consider the fact that Cosmote is handling personal data of millions of its users, it is no wonder that they are an attractive target for cyber criminals. However, we must remember that the largest corporations on the planet deal with data of billions of internet users, in which case the frequency of cyber attacks is even more stunning.
Your personal and corporate data exists everywhere, in your business and outside it. Your suppliers, such as telecoms or cloud tools providers, need to play their part in safeguarding your data, and you in turn need to do your part to safeguard the data of your customers. Good cyber security should be part of a chain of trust.
Cyber attacks are not by any means a rare occurrence and, as we covered in our blog ‘4 Things Hackers Don’t Want You to Know’, they have many tricks up their sleeves. In the information era, data breaches, fines and reputation damage can be extremely harmful to organisations big and small. Whilst investing in cyber defences must be commensurate with organisation size, every business must be doing the basics. Cyber attacks are often a numbers game – hackers will fire out simple attacks en masse, and if your business is doing the basics right, there’s a good chance you can avoid being hacked. Phishing is an extremely effective tactic for cyber criminals and is one of the biggest security risks to business of all sizes – but with regular engaging security training and simple best-practice security defences, it can be one of the easiest risks to treat. Mid-market and enterprise organisations have the additional challenge of fighting for a cyber security budget to match their attack profile – something we explored in our blog, 'How to get board-buy-in'.
Joe is a blogger and security evangelist who’s been raising the profile of cyber security for a decade. He writes about a variety of cyber and compliance topics, with a keen eye on translating events and data into valuable customer insights. Never boring, sometimes controversial, always insightful.
Getting the basics right can go a long way to keeping hackers out of your systems. Download our free 10-point checklist to get started today.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.