Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
We’d like to start this post by saying that our thoughts are with everyone that is affected by the ongoing conflict in Ukraine. As widely reported in the news, we are also actively monitoring the increased level of malicious cyber activity related to the situation.
Businesses should be under no illusions: the cyber security shock waves from the Ukraine crisis will extend across the world. It’s therefore important to stay informed and act quickly so that your business is protected.
With that in mind, this post aims to provide information and insights about the current situation based on our own research and offer advice on how to defend your business against potential cyber attacks.
Our Security Operations Centre (SOC) is actively monitoring all activity from customer logs via our Security Information Event Management (SIEM) technology and wider threat intelligence sources. Our team remains on high alert for any deviations and is monitoring for suspicious activity. This includes, but is in no means limited to, the following:
Our SOC team encourages all organisations to put extra measures in place to actively monitor environments for suspicious activity. One of the most proactive steps you can take is to ensure that logs are being sent from all necessary areas of your network so that you can maintain an accurate, detailed overview of your entire attack surface.
Where possible, we are conducting further investigations for our clients with a particular focus on organisations operating in financial services, infrastructure and public sectors. This precaution comes as a result of our own research, which has shown increased activity since 20th January 2022 targeting the financial and insurance industries in particular.
Generally, we suspect the threat to the UK may increase in these sectors specifically. If this is the case, the attacks will likely have destruction and espionage motives against larger organisations, though we cannot rule out the case of malicious opportunist hackers who may present a higher risk to smaller businesses.
On social media there has been an increase in activity amongst bug bounty hunters and members of the community that are actively discussing using the cloud to conduct DNS reflection attacks. Some of these discussions include an ‘attack list’ of target IP addresses, which all seemingly originate in the East.
At this time we are not aware of the HermeticWiper malware affecting UK organisations. The indicator of compromise (IOC) has been included as part of our additional detection queries which our SOC are monitoring in real-time. We will be doing our part to assess the situation regularly and disclose any information that suggests it has changed.
It is tough to pinpoint exactly what types of attacks could target UK businesses. For this reason, we highly recommend applying the usual IT hygiene and security best practice.
Our recent research shows that 83% of all cyber attacks are phishing attacks. For this reason, we would encourage organisations to be extra vigilant against this attack vector, including watering hole and ‘vishing’ attacks, due to their ease of entry.
From a technical stance, we recommend all businesses ensure up-to-date system security patches are applied without delay across firmware, client devices and servers. Additionally, customers should update their anti-virus, IPS/IDS, and EDR solutions. These are fundamental steps in cyber security and are now even more important given the current, escalated threat landscape.
Our research also showed that 28% of businesses have critical vulnerabilities that could be immediately exploited as part of a cyber attack. It is therefore vitally important to identify and remediate vulnerabilities on an ongoing basis to avoid opportunistic attacks.
Nation state actors are much more likely to find zero-day vulnerabilities due to the resources available to them, and other hacking groups will quickly take advantage of these exploits once they become common knowledge. So on a final note, ensure you keep informed about the latest developments in the news, regularly monitor your organisation’s environments for suspicious activity and make sure that you are patching systems as quickly as possible.
While we can’t predict exactly what the cyber risk to UK organisations will be as a result of the Ukraine crisis, history tells us that the majority of attacks are successful due to poor cyber security practice and a lack of awareness. It’s therefore important to take action in order to reduce risk and prevent opportunistic attacks.
Information security wizard, evangelist, and guru – not to mention co-founder of Bulletproof. Oli’s always sharing deeply interesting and insightful things on this blog and on his LinkedIn. With many years’ of experience in understanding information security and innovation, Oli’s blogs are always a highlight.
Our team of experts can help you protect your business and stay ahead of hackers.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.