News & Events

Putting You In The Driver's Seat For Incident Response -- 25th May 2022 15:00PM GMT (11:00AM EST)

Incident Response Preparedness is designed to raise your organisation's resilience in the event of a breach to minimise the impact of an attack. Attackers are evolving tactics constantly and Incident Response Preparedness activities should be conducted every year to ensure you are ready for those perfect storms.

In this webinar we will discuss best practices for identifying, containing, and remediating security incidents.

• Reporting Incidents
• Identifying Critical Assets
• Typical Attack Scenarios
• What should be included in the Incident Response Plan

Worried about your pre-breach plan or don't have one? At the end of this webinar ZeroDayLab are offering a 50% discount code for a Capability Maturity Assessment *T&Cs apply*

This Assessment will provide you with a broad understanding of your current security posture.

Benefits:

• Understand your current information security posture
• Identify areas of risk to determine a focused and targeted approach to enhancing your maturity
• This assessment will provide a maturity benchmark for the current information security posture
• Highlight Security strengths and weaknesses through an external validation and verification exercise. This provides a snapshot of the organisation's security posture across various information security domains to give the business a balanced view of how it stands against increasing cyber threats

At the conclusion of the webinar, we will be happy to answer your questions and schedule one-on-one calls to discuss your organisation's IR needs.

3:00pm GMT (11:00am EST), Wednesday 25th May.

Speakers: Dan Wood Head of GRC & Steve Giachardi GRC Consultant & Declan Thorpe IT Security Analyst

Tickets available here: Register Now

How To Reduce Your Cyber Insurance Premium & Be Prepared For That Breach -- 23rd February 2022 14:00 GMT (09:00EST)

The world of Cyber Insurance has changed dramatically over the last 30 years, in this Webinar ZeroDayLab will explore the history of Cyber Insurance, how its evolved and some of the challenges organisations are facing today in obtaining and maintaining cyber insurance.

In a world that is continuously impacted by COVID-19, 2021 became a year adaptation as billions around the world learned to accept the status quo. Organisations continue to operate on a largely remote basis whilst dealing with an increased attack surface.

The result has been a sharp increase in attacks, with ransomware and supply chain attacks causing a significant impact. The cyber insurance sector - a field that covers a company's liability for a data breach or cyber-attack - has faced an unprecedented volume of claims as a result, with many establishing record costs stemming from such attacks.

The prerequisites and baseline entry requirement for those looking to renew or obtain cyber insurance coverage have dramatically increased in response unprecedented volume of claims of preventable cyber-attacks. It's not a matter of if you are attacked but when, in this Webinar ZeroDayLab offer both strategic and tactical expertise to enhance your cyber defence. 46% of all UK businesses identified at least one breach or attack in the last 12 months, now more than ever should you review your pre breach and incident response strategies. Learn best practices to ensure the safety of your organisation and how to keep that premium down.

In this webinar by ZeroDayLab you will learn about the following:

• The history of Cyber Insurance
• The current state of cyber insurance
• Achieving and Maintaining your Premium & being prepared for a breach
  • Incident Response Preparedness - Having the Plans & Playbooks in place
  • Training & Awareness - Educating the Responders & Board
  • Threat detection & Log monitoring - Threat identification technologies

If you have struggled with any of the topics in this webinar ZeroDayLab are offering a 50% discount code for a Capability Maturity Assessment *T&Cs apply*

We look forward to seeing you there.

2:00pm GMT (9:00am EST), Wednesday 23rd February. 45 mins session / 15 mins Q&A.

Speakers: Dan Wood Head of GRC & Kevin Swatridge IT Security Consultant & Declan Thorpe IT Security Analyst

Tickets available here: Register Now

How Does Effective GRC Enable Your Business? 24th November 2021 15:00 BST (10:00EST)

Join Dan and two lead GRC consultants Steve Giachardi and Kevin Swatridge to discuss

• How Does Effective GRC Enable Your Business?
• In our free virtual event, we will discuss some key questions that IT and Information Security Managers are challenged with in organisations when engaging with their Board or Senior Leadership Teams.
  1. GRC business enabler not blocker – gaining Board confidence and support
  2. The ROI on security – ensuring you have the budget to be successful
  3. How do you sell security to the Board?

Your time is valuable – so we will be offering a 50% discount on a Capability Maturity Assessment*. This assessment is comparable to a ‘mini-360°’ analysis of your GRC level on a standard maturity curve. The discount code will be given at the end of the webinar.

Many of our clients are actively seeking new ways to mature their information security and governance posture and already working with us to achieve this. To that end, the consulting team at ZeroDayLab encourages you and your security teams to engage with us here to discuss in detail how we can assist you to move along our GRC maturity curve where the processes of Governance, Risk and Compliance are improved, strengthened and made more resilient in the face of threat actors and ever-increasing compliance demands from government regulations, industry requirements and corporate reputation. Book you place today.

*Assessments are a key measurement of organisational maturity and risk looking at the current situation, highlighting vulnerabilities and provides recommendations for improvement. We will reveal a 50% discount code at the end of the webinar for a Capability Maturity Assessment for a maximum of 8 consulting days depending on the size and need of your business. Register your code by the 31st of December to secure your discount by contacting [email protected]. Delivery of your CMA will be in 2022 as our scheduling allows. This discount can not be used for any other purpose or service. This is a one time day rate and follow on projects will be charged at regular pricing.

Tickets available here: Register Now

Knowing Your Threat Landscape: 13th October 14:00 BST

Understanding Your Threat Landscape can inform your security needs and drive change within your organisation. How do we define our Threat Landscape and what tools can we use to gather threat intelligence? In this session, we will cover at a high level the tools and techniques used to define and understand a business's threat landscape.

Attend this seminar to

• Learn about the importance of defining your attack surface
• Understand the intelligence lifecycle, how to define threats, how to build intelligence and tools that can help automate this process
• Learn from leading expert Stuart Peck how powerful OSINT (Open-Source Intelligence), can be used to accelerate your threat hunting
• Listen to case studies and examples of threat modelling from our expert speakers
• Learn how to implement these techniques in a range of scenarios
• Apply the knowledge from the session in an interactive threat modelling exercise

Tickets Available here: Register Now

The Importance of Managed Detection & Response (MDR): 8th September 14:00 BST

Blind spots in detection capability can be punishing, this has been proven time and time again. Reducing your Mean Time to Detect (MTTD) and the Mean Time to Respond (MTTR) to attacks is vital if you are to keep your critical assets safe. One of the key elements is understanding why Managed Detection & Response can massively reduce the likelihood and impact of a serious incident occurring. In this interactive virtual seminar, our Subject Matter Experts are going to discuss what MDR is and what it is not, and ultimately why this capability can enhance your existing Information Security programme.

Attend this seminar to

• Learn why blind spots in detection can be painful, and how attackers leverage them
• Understand how to leverage detection frameworks such as MITRE ATT&CK
• Listen to case studies of deploying Managed Detection & Response capabilities from our Subject Matter Experts, including common mistakes, and quick wins
• Learn how to reduce the MTTD and MTTR- Strategies for Success
• Gain insights into the benefits of outsourcing Managed Detection & Response vs Building In-House SOC
• Applying the knowledge through an interactive scenario

Tickets Available here: Register Now

Social Engineering – Take Control of the Phishers: 26th August 14:00 BST

Social Engineering in the art of psychological manipulation. Social engineering is an incredibly effective technique used by attackers to gain access to sensitive information. This information can be used to launch a full-scale cyber-attack against businesses. In this seminar, we learn from Stuart Peck and Steve Giachardi what you can do to protect against social engineering attacks. Expect lots of social engineering war stories.

Attend this Interactive Seminar to:

• Learn from leading social engineering experts on the latest techniques that yield attackers big results.
• Understand why Phishing, Vishing and Smishing still work.
• Think like a Social Engineer to identify weaknesses and build cyber-resilience.
• How to develop effective social engineering assessments
• Listen to real life case studies and the lessons we can all learn from
• Strategies to combat social engineering

Tickets Available here: Register Now

Supplier Evaluation Risk Management 14th July

Suppliers are increasingly critical to your business and you’re expected to understand and safeguard your business against risks from every area. With constantly shifting supplier portfolio your supplier risk management needs to be secure, fast and robust. Join our experts so you can develop an effective supplier risk program, identify your critical suppliers and optimise your supplier risk processes.

Attend this seminar to:

• Understand the latest trends in combating supplier risk
• Kick start your Supplier Risk Management program
• Focus resources on your critical suppliers
• Effectively and efficiently evaluate your suppliers
• Spot the gotchas in the responses
• Expand your supplier risk program

Join us for our next Interactive Seminar - Security Training for Developers - 9th June | 14:00 BST

Security Training for Developers has a simple objective; educating software developers to reinforce security best practices when developing software to reduce the accidental introduction of security vulnerabilities. In this session, we will cover some of the key aspects of security training for developers and how to protect your business through education.

Attend this seminar to:

• Understand Web Application Hacking Methods & Tactics
• Learn about the most common and critical application vulnerabilities- overview of the Open Web Application Security Project (OWASP) top 10
• Increase cyber resilience by coding with a hacker mind-set
• Learn how to upskill developers through assessments, training, resources, etc...
• The importance of security skills within fast-paced development lifecycles, Agile, DevSecOps, etc...
• Develop metrics for success!
• All Attendees will receive an exclusive White Paper

ZeroDayLab presents ZeroDayLive, An Interactive Seminar Series.

Join us monthly for our highly interactive virtual seminar series. ZeroDayLive will place you at the forefront of the latest industry trends allowing you to take centre stage with your reactions and questions live with our expert presenters.

14:00 BST, Wednesday 12th May. 75 mins session / 15 mins Q&A.

Our first session will be - Incident Response Preparedness, hosted by Stuart Peck Director of Cyber Security Strategy at ZeroDayLab.

In this session you will:

• Understand the key elements of response preparedness
• Get to grips with The Incident Response lifecycle
• Draft Incident Policies, Response Plans and Runbooks
• Assess the gaps in your Incident Response capability
• Run realistic Incident Response desktop scenarios and attack simulations
• Experience a walkthrough of a real-life incident

Upcoming Seminars:

• Security Training for Developers | 9 June 14:00
• Supplier Evaluation Risk Management Masterclass | 14 July 14:00
• Social Engineering Masterclass – Take control of the Phishers | 11 August 14:00
• Why it’s important to have SOC – Security Operations Centre | 8 September 14:00
• Knowing Your Threat Landscape | 13 October 14:00

Our very own Stuart Peck was invited to speak at Sage's Security Champions' Conference 2021 this week.

Sage Security Champions’ Conference 2021: Shining a Spotlight on Security Matters Monday 8 – 12 March.

The conference is an annual internal conference for Sage’s network of over 200 Security Champions, the largest network in Sage and a force multiplier for the security team.

This year’s keynote speaker is Ciaran Martin. Ciaran was the founding Chief Executive of the National Cyber Security Centre and is now professor at the Blavatnik School of Government, part of Oxford University.

The event highlights the rapidly changing context for security and some of the exciting and sometimes challenging developments Sage face as a business and security team and what opportunities there are for improvement and learning.

Sage approached ZeroDayLab and invited Stuart to be part of the event as a leading expert in Social Engineering.

A bit more about Stuart:

Stuart Peck heads up Cyber Security Strategy at ZeroDayLab and runs the situational threat awareness program for executives and general employees. He has personally delivered threat briefings to many FTSE 100 and FTSE 250 board level executives and directors throughout the UK and Europe. Stuart has over 13 years’ experience in the information security industry, including delivering threat intelligence, social engineering, and incident response projects. He is also an expert on the dark web & Open Source Intelligence, and regularly is asked to deliver talks on the latest attacker trends facing organisations today.

Stuart has been featured in many leading news sites including Security Affairs, The State of Security, ZDnet, Bleeping Computer, The Daily Mail, and in the Tribe of Hackers Blue Team Book. He is the 3 times world champion of the TraceLabs global OSINT Search party competition for finding missing people and volunteers for the National Child Protection Task Force using his skills to find missing children and organised criminals globally.

Linkedin https://linkedin.com/in/itsecurity

Twitter https://twitter.com/cybersecstu

How to Secure your Cloud - Security Configuration Review Webinar hosted by ZeroDayLab

Join us on the 25th March 2021 at 10:30am GMT for an interactive and informative Webinar detailing the common security issues found within cloud environments and how you can identify and address them. There is no charge to attend this free webinar.

There is an assumption that cloud environments are secure by default, they are not!! In fact, many cloud environments are not appropriately configured to prevent unauthorised access to your sensitive information.

Find out how you can identify common security issues within cloud environments and how to address them. Join us for our interactive and informative webinar:

10:30am, Thursday 25th March. 45 mins session / 15 mins Q&A.

We see many instances where cloud environments have been compromised by attackers exploiting misconfiguration of Containers, WAF’s and Web Services run on platforms like Azure, AWS and GCP.

Our experts Kevin Jackson, Technical Services Senior Manager and Stuart Peck, Director of Cyber Security Strategy will take you through an introduction to Cloud Security Principles, including:

• Cloud Threat Modelling - Why it is important to understand the attack vectors and the threat actors that target cloud environments
• Cloud Security Controls - What controls are there within your cloud? How effective are these controls? What considerations should be made for new and existing environments?
• Cloud Misconfiguration - Why are cloud misconfiguration issues so common? How are attackers abusing these? What are the common indicators? How can you prevent these issues?
• Why organisations should undertake Cloud Security Configuration Reviews
• And more!

Given the heightened risk of cyber-attacks during the current pandemic, now is the perfect time to assess how your cloud environment might be exposed through a number of attack vectors.

10 Ways to Prevent or Beat a Phishing Attack.

Join us on the 22nd of July 2020 at 15:00hrs BST for an interactive and informative Webinar detailing ten ways to prevent or beat a phishing attack.

• Why Phishing still works, common and uncommon tactics
• How targets are selected
• Phishing attack lifecycle- know your adversary playbook
• Defensive tactics
• How to equip your users with the right tools/knowledge
• Phishing simulation – metrics that measure success
• 10 ways to prevent or beat a phishing attack

Information security is paramount for all businesses, and phishing attacks pose a serious and consistent threat. Phishing prevention has become essential as threat actors are enhancing their own tradecraft through evolving tactics to bypass authentication methods such as MFA. Given the right investment in time and reconnaissance by an attacker anyone can be phished, this is further enhanced by leveraging current news, global incidents, or even trust of a known party to trick victims into opening weaponised documents or URL’s, the more personalised the higher the likelihood of success. When phishing prevention fails, the emphasis is placed on your users to detect, react and report phishing email, in most cases a well-crafted phishing email will be successful, so how do you prevent this?

Across the web, phishing attacks have baited unsuspecting victims into handing over banking information, work credentials, personal identifiable information, and have led to many ransomware and malware attacks. It only takes one click to be the next victim! This webinar hosted by Stuart Peck – Director of Cyber Security Strategy, and Greg McGrath – Technical Sales Consultant will talk through the advanced techniques cyber criminals are utilising to perform reconnaissance, phishing pretext creation, tools used to create sophisticated emails, and what companies can do to reduce the impact of these attacks, through equipping users with the right information/tools.

How to Secure your Cloud - Security Configuration Review Webinar hosted by ZeroDayLab

Join us on the 17th of June 2020 at 15:00hrs BST for an interactive and informative Webinar detailing the common security issues found within cloud environments and how you can identify and address them. There is no charge to attend this free webinar.

Many cloud environments are not appropriately configured enough to prevent unauthorised access or using hardened images, there is an assumption that cloud environments are secure by default, they are not!! There have been many instances where cloud environments have been compromised by attackers exploiting misconfiguration on Containers, WAF’s and Web Services run on platforms like Azure, AWS and GCP to gain unauthorised access to your sensitive information.

Given the heightened risk of cyber-attacks during the current pandemic, now is the perfect time to assess how your cloud environment might be exposed through a number of attack vectors. The ZeroDayLab subject matter experts Kevin Jackson, Senior Information Security Consultant and Stuart Peck Director of Cyber Security Strategy will take you through many of the steps you can take to ensuring your cloud environments are secure, including the following:

• Introduction to Cloud Security Principles
• Cloud Threat Modelling - Why it is important to understand the attack vectors and the threat actors that target cloud environments
• Cloud Security Controls – What controls are there within your cloud? How effective are these controls? What considerations should be made for new and existing environments?
• Cloud misconfiguration - Why are cloud misconfiguration issues so common? How are attackers abusing these? What are the common indicators? How can you prevent these issues?
• Why organisations should undertake Cloud Security Configuration Reviews
• And more

Cyber Hygiene During COVID-19 Planning - Part II

Following our 1st update to our valued client base 2 weeks ago regarding the global COVID-19 pandemic, most businesses will hopefully now be working in accordance with their individual Business Continuity Plans.

ZeroDayLab continues to be here for all of our customers and we are fully available to help you maintain the highest Cyber-Security Resilience against pernicious multiple attacks from opportunist and professional Criminal Hackers whilst ensuring your Policies, Processes and Procedures are absolutely fit for purpose.

Our Latest top tips for things that you can do during these unprecedented times, is to ensure that the following security considerations are also being made:

• Working from home during this crisis provides additional challenges, with Cyber Criminals now more than ever are targeting employees, execs and IT staff trying to get on to corporate networks via VPN’s. Other attacks that have seen an increase are services like Zoom where researchers have found weaknesses in the security that attackers are exploiting in the wild. Be mindful of the fact that any third party service can be used as a valid attack vector to steal credentials or gain unauthorised access to a machine, or network. Ensure that the following is considered:
  • Penetration Testing via VPN to understand how an attacker with limited or no credentials could gain unauthorised access to network/domain services, and if they can pivot to critical assets.
  • Ensure that critical third party services such as Service Desk, conferencing services, and websites are tested during this time to ensure that attackers don’t take advantage.
  • Harden all services, and monitor for new threats, NCSC has good threat briefings on critical advisory vulnerabilities.
  • Monitor our Vulnerabilities feed for more information about weaknesses in the wild. https://www.zerodaylab.com/vulnerabilities/1/1.html
• COVID-19 specific cyberattacks are continuing in high volume and a prime example of cyber criminals leveraging the current global pandemic is seen with the creation of over 100,000 domains containing the word COVID-19 or coronavirus, the majority of these will be used to push fake intel or used for credentials phishing or distribution of malware. Always verify the email, then trust. Ensure that users are trained and constantly made aware of the risks during this heightened state of risk. Be extremely wary of Smishing (SMS phishing), and ensure that all users are aware of the risks.
• Ransomware is an extremely high risk at the moment with attackers looking to capitalise, again ensure exposed RDP/VPN services are hardened, ensure that monitoring is in place to detect malicious activity and make users aware of how to report any suspicious activity. Groups like REvil (Sodinokibi), Maze, and trojans like Emotet (usually used to distribute ransomware), are seeing massive spikes in activity so be on high alert.
• With this unprecedented environment that businesses are all currently operating in, the reliance and demand of workforces using video conferencing platforms is at an all time high. Given the recent high profile security issues faced by remote workers using Zoom video conferencing for example, the following 8 key steps / guidelines should be followed to create increased security for organisations, your clients, suppliers and your people.
  1. Be careful about sharing your meeting ID publicly
  2. Always use passcodes (this is now set as default after update, but make sure this isn’t disabled)
  3. Know your provider’s data privacy policy
  4. Keep watch on meeting joiners
  5. Master the controls
  6. Use live meeting controls for large meetings and events
  7. Use browser-based meetings to avoid download delays
  8. Practice basic security hygiene

ZeroDayLab is here to help each and every one of our valued clients.

We understand that during this troubled time where everyone is focusing on Availability, we are also ensuring we help you protect the Confidentiality and Integrity of your critical informational assets.

The dedicated and loyal team at ZeroDayLab are at the front line of defence. We understand the heightened risks that the current global crisis can pose, and have the expertise and experience to assist. We want to provide all our loyal clients with the very best technical and commercial support you need to protect your employees, suppliers, clients and overall business with focussed initiatives where you need them most in a time and budget that works for you.

All at ZeroDayLab hope you, your family and your colleagues stay safe. We will get through this together.

Cyber Hygiene During COVID-19 Planning

May I take this opportunity to inform you that during these troubled times we are here to help you maintain the highest Cyber-Security Resilience against pernicious multiple attacks from opportunist and professional Criminal Hackers whilst ensuring your Policies, Processes and Procedures are absolutely fit for purpose.

During this unprecedented pandemic, organisations are facing many challenges with the risks of COVID-19 disrupting business as usual activities, increasing pressure on more remote working, and the extra time needed in implementing Business Continuity Planning. All while still wondering how this situation will affect your overall business now and moving forward.

It is important that executing Business Continuity Plans are at their most effective. In the last 3 weeks, we have seen a massive increase in COVID 19 cyber-attacks. How well are you prepared to defend these successfully? Attackers will always leverage a crisis to deliver phishing attacks, ransomware, denial of service and attempt to gain unauthorised access. As the Chinese word for Crisis means danger and opportunity respectively, wherever there is danger there are those that will seek to benefit.

There are things that you can do now to ensure that whilst you are executing your business continuity planning so that security considerations are also being made:

• Educate users on the risks of the numerous COVID-19 phishing attacks. Don’t click on any links or open attachments that report to be from WHO ( The World Health Organisation), HMRC, of your Government without first verifying this is from them. Better still, only trust information from verified sources such as news outlets or government information pages.
• Check VPN’s have no known vulnerabilities and ensure these have been security tested to ensure an attacker cannot bypass the controls and gain unauthorised access.
• Ensure that MFA (Multi-Factor Authentication), has been enabled for all remote users, to reduce the likelihood of credentials phishing/stuffing.
• RDP (remote desktop protocol) should not be exposed to the Internet, but if in these circumstances it is, ensure those services are fully patched and that MFA is enabled, and enhanced monitoring and controls should be enabled.
• Messaging should be provided to all users about reporting incidents and the urgency of doing this. Information should include who and how to report these, including what information to share.
• Incident response plans should be tested against a remote situation, especially if attacks like ransomware and denial of service are executed against an organisation.
• Penetration testing should be conducted as well as any other critical information security exercises to ensure any open doors or vulnerabilities are addressed. Ideally internal network testing should be conducted via a VPN to test what an attacker could do if they were able to gain access through the VPN.

ZeroDayLab is here to help. We understand that during this time where everyone is focusing on Availability, we are also ensuring we help you protect the Confidentiality and Integrity of your critical informational assets.

The dedicated and loyal team at ZeroDayLab are at the front line of defence and want to ensure you, we are agile and experienced in Incident Management. We want to provide all our loyal clients with the very best technical and commercial support you need to protect your employees, suppliers, clients and overall business with focussed initiatives where you need them most.

Social Engineering Masterclass – Manchester: Stopping Psychological Cyber Crime

Cyber criminals continually evolve to stay one step ahead of those looking to protect against cyber attacks. Social engineering has evolved quickly to be one of, if not the most effective tools in a cyber criminal’s toolbox. Is your business truly prepared to protect against this ever-evolving threat?

The Solution: How to Prevent Social Engineering Attacks

Delve into the mind of an attacker at this interactive half-day training event, including real world examples, leading industry insight, panel discussions, and actionable output that you can embed back at the office. Join us on 4th July 2019 to learn how you can implement effective strategies that protect your business.

Key Themes Include:

• Knowing Your Enemy – Why social engineering has become increasingly popular with attackers, why it is so successful, and how to identify risk
• External Attacks in Operation – Learn how social engineers plan and carry out attacks, including examples of common approaches, existing coping strategies and why on their own, these are no longer enough
• Social Engineering in Practice - Real world demonstrations showing how attackers gain information with ease, that can be used to leverage a successful attack.
• Combatting The Threat - How to introduce a strategy that effectively identifies, plans, implements and manages against the threat from social engineers; including assessment strategies, resilience programs, policies and procedures, driving cultural change, education and training, and new technology.

Social Engineering Masterclass: Stopping Psychological Cyber Crime

Cyber criminals continually evolve to stay one step ahead of those looking to protect against cyber attacks. Social engineering has evolved quickly to be one of, if not the most effective tools in a cyber criminal’s toolbox. Is your business truly prepared to protect against this ever-evolving threat?

The Solution: How to Prevent Social Engineering Attacks

Delve into the mind of an attacker at this interactive half-day training event, including real world examples, leading industry insight, panel discussions, and actionable output that you can embed back at the office. Join us on 3rd April 2019 to learn how you can implement effective strategies that protect your business.

Key Themes Include:

• Knowing Your Enemy – Why social engineering has become increasingly popular with attackers, why it is so successful, and how to identify risk
• External Attacks in Operation – Learn how social engineers plan and carry out attacks, including examples of common approaches, existing coping strategies and why on their own, these are no longer enough
• Social Engineering in Practice - Real world demonstrations showing how attackers gain information with ease, that can be used to leverage a successful attack.
• Combatting The Threat - How to introduce a strategy that effectively identifies, plans, implements and manages against the threat from social engineers; including assessment strategies, resilience programs, policies and procedures, driving cultural change, education and training, and new technology.

ZeroDayLive: Episode 1 - Photobox - When Stu met Stuart

We are delighted to announce the launch of ZeroDayLab’s new video podcast series, ZeroDayLive. In episode one we meet Stu Hirst, Head of Security Engineering & Cloud Security at Photobox. Stu shares his views on Defcon, reducing human error, how to run effective Cyber Security alongside Agile, GDPR and PCI challenges in internet businesses, the merits of AWS and much more.

Ever wondered what gets Stu out of bed in the morning? What happens in Vegas and ‘stays’ in Vegas? And how many exabytes make up all words ever spoken?

Watch ‘When Stu met Stuart’ to find out now

EU GDPR: Practical steps when doing business in Europe

Friday 16th November, 10am EST (3pm GMT)

We have created our latest webinar because we’ve found that many of our global clients still require much greater focus to embed EU GDPR into their business, meet their regulatory obligations, and avoid potential fines for non-compliancy. With legal action already being taken against US businesses, now is the time to act. Organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (Nearly $23 Million), whichever is greater.

How is my business impacted by EU GDPR?

There is still a common misconception that EU GDPR only applies to European companies. The truth is that even though you may not have offices, staff or even customers in the EU, you may still need to comply with EU GDPR. Do you collect or process EU Citizen data? If the answer is yes, then your business must comply with EU GDPR

Without these crucial elements you will be liable to fines, reputational damage and loss of revenue

If you are not already complying with EU GDPR then you need to act fast. Our webinar will teach you which initial projects will make an immediate impact and the practical steps that you need to take to comply with the primary elements of EU GDPR.

But I thought we were already compliant?

You may have already focused on important aspects such as understanding data, establishing the lawful basis for processing and covering data subject rights. If you have, well done for laying the foundations. Now the hard work really starts. Without continuous monitoring then vulnerabilities are likely to increase, alongside your business’ risk of reputational damage and loss of revenue.

Now is the time to focus on ongoing management, monitoring and maintenance.

As Data Protection and IT Security Consultants, we believe the best way to achieve this is by truly imbedding data protection and security as a continuous activity and part of business culture, rather than just a point in time exercise. Our webinar will give you confidence that you have the business standards, frameworks and methodologies in place to remain compliant.

The Emergence of a New Social Engineer

Cyber criminals remain a very real and active threat to organisations and are continually evolving their methods to stay ahead of those looking to protect against cyber attack. One of the most effective tools in a cyber criminal’s toolbox is social engineering, where attackers use psychology and predictable human behaviour to manipulate individuals, either to carry out actions or to divulge information that can be leveraged in a successful cyber attack. As long as there have been humans, there have been people ready to exploit predictable human responses for personal gain, but as our lives become increasingly digital and evermore connected, this has given birth to a new breed of cyber-criminal, The New Social Engineer. Join us on 11th October and learn how The New Social Engineer’s psychological activities increase the likelihood of an attack on your business being successful, understand how to identify common characteristics of attack and how to prevent your business from falling foul of The New Social Engineer.

Key themes will include:

• NextGen Social Engineering in Society and Information Security
• Insider Threats: Where Psychology Meets Technology - Behavioural Issues and Opportunities
• Social Engineering Strategies to Protect Your Business
• Countering Social Engineering Attacks During Business Operations Abroad

Attendees will learn:

• The origins of social engineering, and how this has developed over time
• How the digital world can make you more susceptible to attack
• The emerging trends in attacks and how this impacts your business
• A deeper understanding of the psychology behind social engineering
• How to identify and protect your business from insider threats
• How to effectively protect your business from such an attack
• How to minimise the risk of social engineering when doing business abroad

Webinar: Manual Pen Testing: The Human Touch

Wednesday 5th September, 3:00pm GMT

A security breach can result in loss of data and intellectual property, disruption to operations, reputational damage, and substantial financial losses. In fact the average cost of a breach in the UK is an eye-watering £2.69m, a figure that has increased by 8.9% in the last year alone.* Information Security continues to be a hot topic for customers too, with 86% saying they were ‘not at all likely’ to return to a brand that had suffered a breach where financial details were compromised.**

How can you prevent your business from suffering such an attack?

Testing your networks and web applications will help to prevent such catastrophic events from damaging your business, not to mention your obligation for regular testing under PCI DSS and GDPR. Not all methods of testing are equal though, so in this webinar we’ll cover the pros and cons of both skilled manual penetration testing and automated scanning, and why we believe manual testing, performed by a skilled Ethical Hacker is best for your business.

You will learn:

• The different types of penetration testing
• The benefits of each type to your business
• Our approach to manual penetration testing
• What we’ll achieve for your business by performing tests
• What we’re looking to find during a penetration test
• Common methods of entry we might find

Sources:

* http://www.cityam.com/289041/cost-major-data-breach-businesses-hits-gbp263m-almost
** https://semafone.com/gb/press-releases-gb/86-customers-shun-brands-following-data-breach/

Webinar: Securing the Human, Wednesday 27th June

There were 957 data security incidents reported to the Information Commissioner’s Office (ICO) in the UK, in the last quarter of 2017 alone (that’s not to mention the thousands that go unreported). Of those, 4 of the 5 leading causes were as a result of human error, so it’s no surprise that for many clients we speak to, human error remains their greatest threat. If you think about it, it’s probably yours too!

That’s why we’ve decided to focus our next webinar on this important topic, to help you reduce the risk of human error in your business.

Join us on 27th June to learn how to secure your greatest threat and turn it into your greatest asset.

The webinar will focus on how you can implement an effective error management system, which can help your organisation secure what is commonly referred to as the weakest link – your users. We will cover topics like social engineering, whether we can completely secure users and the limitations of wetware and how building a positive security culture can help secure the human element of your security model.

You will learn:

• How to make staff aware of possible threats, and how to recognise them.
• How to reduce the risk of human error, therefore reducing the risk of a data breach.
• How to protect your business and customer data.
• How to prevent damage to your business operations, finances and reputation.

Source: https://ico.org.uk/action-weve-taken/data-security-incident-trends/

EU GDPR Action Academy: Wednesday 2nd May, London

Wouldn't it be great to know that you are really securing your data not just ticking a compliance box?

As Data Protection and Information Security Consultants, we believe the real opportunity lies when you view GDPR holistically as a business issue, as an opportunity to elevate your security posture and as a chance to reduce your risk. Makes sense, doesn't it?

Our GDPR Action Academy (at the prestigious Lansdowne Club), will not only recommend where you focus your efforts ahead of the deadline, we'll dispel some of the myths that have become commonplace and go much further by introducing methodologies, standards and frameworks that you can use to embed GDPR into your businesses DNA.

We'll focus on how you can manage, monitor, and maintain going forward (and much more), long after the deadline. Get these things right and you can start to elevate your security posture, make efficiencies and leverage GDPR to your security benefit.

Delegates will learn:

• Background and primary elements to the GDPR
• The rules affecting data types
• Common misconceptions about the regulation
• The initial projects that can be completed now with immediate impact
• Data Protection Impact Assessments – When to use and what to check
• The role of your Compliance, Information Security teams and the Data Protection Officer post 25th May 2018
• No privacy without security: Best practice frameworks for information privacy and security (BS 10012:2017, ISO27001:2013)
• How to form a governance framework and reduce risk
• The essential checks that should be undertaken on a regular basis

ZeroDayLab Joins Leading Cyber Companies for ECS in London this September

Silver sponsors ZeroDayLab, join the leading UK cyber companies for ECS 2017 at the Victoria Plaza, London to help hundreds of UK cyber security professionals with its broad range of Information Security Services.

“We’re delighted to be involved with ECS 2017. Unlike many other events, ECS is looking at all aspects of cyber security for business. This ties in with our own 360° approach to cyber security, working with businesses small and global on improving their security strategy across the board, whether it is Ethical Hacking, Education & Training, Managed Services or Governance, Risk and Compliance. We’re looking forward to an event that evokes the best in thought-leadership in the sector.”

Come and meet ZeroDayLab at ECS, London’s Victoria Plaza on the 28th September 2017.

REGISTER NOW

Vote Today! ZeroDayLab Announced as Finalists in 4 Categories – CS Awards 2017

ZeroDayLab is proud to announce that they have been nominated as finalists in the CS Awards 2017.

Not only is this for the fourth year running, the company has achieved nominations in four key categories.

Kevin Roberts, Managing Director, ZeroDayLab commented; “We are ecstatic to have been nominated for a fourth year for awards that are nominated by the industry. I am proud of ZeroDayLab"s team who have striven to consistently deliver beyond expectations for our clients. The fact that we have been nominated in categories that we won last year; Education & Training and Security Service Provider of the Year, is even more exciting.”

The company has been nominated in the following four categories:

Education & Training Provider

Security Service Provider of the Year

The Compliance Award

Security Company of the Year

Voting for ZeroDayLab in any of these categories is easy. Simply vote on the CS Awards 2017 Website here

EU GDPR Action Academy Helps Prepare Business for May 2018 Deadline

With just 9 months to go to align to EU GDPR requirements the pressure is now on to make the internal changes required. With that in mind, ZeroDayLab’s second EU GDPR Action Academy takes place on the 19th September in central London at One Aldwych.

Designed to arm security and risk professionals with the knowledge they need to prepare and implement EU GDPR assessments and policy alignment, the event combines interactive sessions with presentations where delegates will learn:

• Knowing Your Data - Classes of Data and the Differing Rules
• Common Areas of Risk including the 'Right­ to be Forgotten'
• Technology, Enforcement & Controls - PLUS Monitoring Data Outside Your Control
• The Role of the Data Protection Officer & Achieving Education & Engagement for the Wider Business
• Data Privacy Impact Assessments: What They Are, Why You Should Have Them & How to Scope
• Maintaining Compliance: Continuous Monitoring to Raise Standards, Ensure Compliance and Reduce Risk

Places are limited to ensure maximum participation and benefit for everyone. Delegates will receive an EU GDPR Action Pack to take away that includes outlines of key EU GDPR alignment projects with descriptions, content, durations and budgetary guidelines.

WEBINAR: How Good Governance Can Help You Reap Benefits in Security as well as Compliance
– September 12, 2017

In the first of our North American Webinar series, we ask is alignment to corporate governance policies a necessary evil or can it reap wider benefits and greater resilience for your organization?

Hosted by ZeroDayLab’s Senior GRC Consultant, Joe Donohue you discover how aligning your security posture to governance requirements such as Title 23, NIST, ISO27001, SSAE16 -SOC2 and EU-GDPR can reduce the impact of a breach on your business, enabling you to be back to business-as-usual faster. For full information on this webinar go to the landing page below and register free of charge:

REGISTER NOW

Urgent Threat Update to Advice on Petya

Please be alerted that a new strain of ransomware is spreading fast based upon Petya which renders servers and machines useless. Comments on VirusTotal indicate the usage of the EternalBlue exploit but this has not yet been confirmed but is the likely entry point. The ransomware clears the windows event log using Wevtutil, writes a message to the raw disk partition and shuts down the machine.

Further companies have been affected today and advice has now been amended. Please see the advisory below, point 3 is of particular importance.

Until further information is available we urge all our clients to:

1. Test for back-ups today
2. Make sure all patches have been deployed fully. See below for the advice given by Microsoft in May regarding Wannacry and check that it has been implemented:
   https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
3. If affected, Customers are now advised to unplug the machines from the network and power down if infected.
   Do Not switch the power back on as files may be recoverable if the encryption process has not yet begun.
   Attempting to pay the ransom does not work as the decryption process does not start. The payment email address has been disabled.
4. Advise all users to be extra vigilant for phishing attacks.
5. Call ZeroDayLab if they have any further concerns.

As ever, you can contact us on the following numbers in the event you have any concerns:
UK: 0207 979 2067
Manchester: 0161 883 2660
Ireland: +353 153 14575
Benelux: +31 208 085136
North America: 1-302-498-8322

WEBINAR: Internet of Things - A Genuine Threat to Business, or More Fear, Uncertainty and Doubt?

14th June – 3pm (GMT)

Join ZeroDayLab on a journey of discovery into all "things" internet-enabled, where our Head of Cyber Security Strategy Stuart Peck, will demystify the hype and provide practical advice on how to deal with the real threats to business from the Internet of Things (IoT).

The 45 minute webinar will cover the following:

1. The unavoidable growth of the Internet of Things (IoT)
2. IoT- the threat landscape, and is my internet enabled toaster really a threat vector?
3. Common attack vectors and the rise of IoT botnets, including:
   • Bring Your Own (IoT), Device
   • Example Vulnerabilities in Smart Devices- TV’s, Lightbulbs, Industrial Dishwashers etc.
   • Malware, and the much hyped Mirai botnet
   • Trends and predictions
4. IoT in the workplace, what’s the worst that could happen?
5. What can businesses do to limit the risk of IoT?
6. Summary, demystifying the hype.

REGISTER FOR FREE HERE

From a background of threat intelligence, social engineering and incident response, Stuart Peck heads up Cyber Security Strategy for ZeroDayLab. Stuart regularly delivers threat briefings to FTSE-level executives and directors throughout the UK and Europe. Passionate about educating organisations on the latest attacker trends facing business today and how to combat them, Stuart's key areas of expertise include: the dark web, social engineering, malware and ransomware analysis & trends, threat hunting, OSINT, HUMINT and attacker recon techniques.

ZeroDayLab to Brief Critical Infrastructure Conference on OSINT & Outfoxing Adversaries

As a part of ZeroDayLab’s role on the Advisory Board for the ‘Cyber Security Protecting Critical Infrastructure’ conference, Head of Cyber Security Strategy, Stuart Peck will explore OSINT and current threats in his presentation, ‘OSINT, threat hunting and connecting the dots’.

The session takes place on the 17th May at 1.30pm and will explore:

• How to maximise OSINT and intel-sharing in order to outfox adversaries
• Beyond the ‘Indicators of Compromise’
• Why reconnaissance through the ‘eyes of an attacker’ can strengthen your defensive position.

In addition, Stuart will join the Panel Session on the 17th May at 11.00am on the top of CNI – Is it time to re-think? Key topics for discussion will be the threat of the industrial Internet of things, Secure-by-Default and safety versus security and the major challenges in protecting CNI.

To register for the conference on the 16th/17th May click here

ZeroDayLab Joins Advisory Board for Critical Infrastructure Conference

ZeroDayLab is delighted to be a member of the Advisory Board for the forthcoming ; Cyber Security Protecting Critical Infrastructure Conference on the 16th-17th May.

Hosted in London, the Cybersecurity Protecting Critical Infrastructure Conference will provide the ideal platform to bring together government, companies and organisations from the private and public sectors to discuss and share the latest content on Cybersecurity Solutions and Critical National Infrastructure. (CNI)

The 2-day conference will provide an insight into current and emerging challenges and threats, best practices, policy updates, solutions and case studies.

The conference is designed for CISOs, Heads of IT, CTOs, Chief Security Officers, Cyber Architects, Thought leaders, Academics and Senior Cyber leaders from Critical National Infrastructure (CNI) and Cybersecurity Solution Providers.

ZeroDayLab joins a group of 14 advisors from organisations such as Yorkshire Water, National Grid, Imperial College and the University of Warwick.

To attend the event click here

ZeroDayLab Launches the EU GDPR Action Academy

With a little over a year to align to EU GDPR requirements the pressure is now on to make the internal changes required. With that in mind, ZeroDayLab has launched the EU GDPR Action Academy designed to arm security and risk professionals with the knowledge they need to prepare and implement EU GDPR assessments and policy alignment.

This unique training opportunity takes place on the 27th April 2017 at One Whitehall Place at The Royal Horseguards Hotel in Central London.

In order for delegates to gain maximum value from this training session, places are limited. Through a series of interactive sessions and presentations, delegates will learn:

• Knowing Your Data - Classes of Data and the Differing Rules
• Common Areas of Risk including the 'Right­ to be Forgotten'
• Technology, Enforcement & Controls - PLUS Monitoring Data Outside Your Control
• The Role of the Data Protection Officer & Achieving Education & Engagement for the Wider Business
• Data Privacy Impact Assessments: What They Are, Why You Should Have Them & How to Scope
• Maintaining Compliance: Continuous Monitoring to Raise Standards, Ensure Compliance and Reduce Risk

Delegates also receive an EU GDPR Action Pack to take away. This includes outlines of key EU GDPR alignment projects with descriptions, content, durations and budgetary guidelines.

The ticket price includes afternoon tea and early evening networking with your industry peers over drinks and canapes.

Key Speakers

AirMic Conference 2017: Cyber Breach – Not If, But When

With the news filled with bank hacks, extortion demands and intellectual property thefts, this workshop addresses the likelihood of a breach, ransomware-associated operational risk and insider and outsider threat; reviewing how businesses can help themselves to identify and reduce cyber risk using their existing capabilities and an anatomy of a breach and breach response.

This participative workshop will discuss why discovering a cyber breach needn’t be all bad news and delegates will benefit from an increased understanding regarding what a breach event can look like before one is suffered and how insurance can be used to support risk mitigation.

The workshop is aimed at all risk managers, IT staff, and CISOs, and is suitable for all levels.

Panel:

Peter Hawley, Cyber Underwriter, HDI Global SE

Nick Andrews, Head of Insurance Risk, E D & F Man

Hans Allnutt, Partner, DAC Beachcroft

Stuart Peck, Cyber Security Strategist, ZeroDayLab

Click Here To Attend

WEBINAR: 22nd March, 2pm How to Monitor, Measure & Manage Supplier Cyber Risk

Presented by: Nick Prescot, Senior Information Security Manager

40% of insider threats emanate from third party contractors, partners, consultants and suppliers and the incoming EU GDPR legislation ups the stakes in terms of data security and corporate fines.

How do you establish a comprehensive view of supplier risk to your organisation?
How frequently is business able to test your suppliers' policies, procedures and cyber risk?
How do you assess the supplier's risk across your business functions and to the organisation as a whole?
Are your current processes time and labour-intensive?

In this webinar you will discover how:

• You can mitigate the risk of supply chain breaches
• How to audit more suppliers, more quickly
• Gain improved visibility of suppliers and their level of risk
• Manage increased numbers of suppliers according to risk factors
• Deliver reporting and risk analysis across multiple business units for improved transparency.

This webinar will be in English.

ZerodayLab® To Discuss Advanced Security Training with Infosecurity Magazine

ZeroDayLab’s cyber security strategist, Stuart Peck, joins a panel of speakers for a webinar to discuss the latest in advanced security training on the 23rd February.

Hosted by infosecurity magazine with panelists from Cyberbit and the ISACA this webinar will give participants the latest thought on:

• How to train incident response teams to respond to ransomware attacks
• Understand the key elements of an effective training programme
• Find out how to accelerate incident response by using advanced training approaches
• Understand how to improve cyber security staff retention and accelerate their certification process by using advanced training tools.

Register now

ZeroDayLab Nominated for Best Service Provider Award in the Network Computing Awards 2017

ZeroDayLab is delighted to announce that they have been nominated for the Best Service Provider Award for this annual ceremony.

The category is hotly contested with eight contenders.

We would love your vote. Vote by the closing date of the 22nd March.

Click here to vote today!

Don’t Let a Cyber Attack Kill Your Start-up

ZeroDayLab’s Cyber Security Strategist, Stuart Peck, speaks at Bristol FinTech 2016

The Fintech revolution is happening and businesses in the SouthWest are some of its finest agitators. With that in mind, Bristol FinTech 2016 brings together both start-ups and companies with a global profile to bring them legal, financial and industry experts for their sector.

Run by partners, Barclays, Clarke Wilmott, Deepbridge Capital, Hargreaves Lansdown and PWC, ZeroDayLab joins the event hosting a focused breakout session focusing on the current threat landscape and how that makes fintech companies lucrative targets. In this session, participants will learn the threats, risks and common tactics used by cyber criminals, what the dark web is and the steps they can take to protect their business.

Bristol Fintech 2016 takes place in Bristol on the 23rd November. To register for this event go to: www.bristolfintech.com

Date: Friday 23rd November 2016

CREST Membership Puts Cherry on Top of Expansive Year for ZeroDayLab

Rapidly expanding European IT Security consultancy, ZeroDayLab added to its 2016 successes by achieving CREST accreditation for Penetration Testing.

The last twelve months have seen rapid growth for ZeroDayLab both in the UK and abroad. Increased demand in Advanced Penetration Testing, GRC services, Incident Management and Training, in particular, have seen consultants travelling the globe.

In The Netherlands, on the back of a growing team and a new dedicated Business Development team for Benelux and Scandinavia, drove the move to larger offices in Amsterdam.

Then in Ireland, the company opened new offices in Dublin to support continued growth in the region and is well-placed as the demand for a trusted advisor, 360° approach to Information Security gathers pace.

Kevin Roberts, Managing Director for ZeroDayLab, commented: “The past twelve months have been proof-in-the-pudding that ZeroDayLab’s ethos of Continuous Security Improvement across our 4 Cornerstone portfolio delivers exactly what forward-thinking organisations across the UK and EMEA demand for honing their information security strategies to move up the security maturity curve. We are proud to be their trusted advisors and I look forward to working with more leading organisations in the UK and beyond."

Date: 29th September 2016

National Security, Law Enforcement, Personal Data Privacy, Apples & Pears – What is on the Horizon? LawTech Europe 2016

ZeroDayLab’s Senior Information Security Manager, Nick Prescot, joins the panel debate on national security, law enforcement and personal data privacy at LawTech Europe on the 7th -8th November 2016.

Nick will sit alongside panelists from HEXONET GmbH, C3 Initiative, IdTopIQ and Bird & Bird. The panel will look at the problems that digital communications bring to public security versus individual liberties regarding personal data.

This two-day conference is held in Brussels on the 7th and 8th November 2016. Register today at www.lawtecheuropecongress.com

Date: 7th and 8th November 2016

ZeroDayLab® Scoops Two Awards & a Runner Up at the CS Awards 2016!

European Information Security Consultancy, ZeroDayLab celebrating a run of awards at the Computing Security Awards 2016. The awards are the result of a rigorous nomination and voting process over a couple of months across the information security sector.

Having been nominated for a total of five awards this year, which is the most nominations the company has ever received, ZeroDayLab® were delighted to receive wins for the Education & Training Provider of the Year and Security Services Provider of the Year and were runners up in the Fraud Prevention Award.

This is the second year that ZeroDayLab has come to the fore in these awards, last year winning the Fraud Prevention Award and a runner up in Reseller of the Year and Security Service Provider of the Year.

Kevin Roberts, Managing Director, ZeroDayLab® commented:

“I cannot tell you how delighted we are as a team to have won these awards tonight. A huge thanks goes to everyone who voted and we will continue work hard every day to ensure our clients continue to be delighted by the level of service we deliver.

However these awards really are down to the hard work of everyone at ZeroDayLab. In particular, the team who have driven so many developments and innovation in our Education & Training services this year which has not only resulted in great results for our clients. We’re aiming for even bigger and better in 2017!”

Nominations Are Open for the Computing Security Awards 2016!

The past 12 months have been an exciting time at ZeroDayLab with a huge increase in diversity of clients and projects both here in the UK, our expanding base in Benelux and internationally.

We are passionate about the work we deliver to help keep your businesses secure. Last year, we were delighted to win the Security Service Provider of the Year Award and be runners up in the Security Re-seller category. If you are happy with the work that we do for you and you feel it's appropriate, please nominate us in one (or more!) of the categories below today!

We would really appreciate your nomination this year - it's quick and easy, simply follow the link below:

Thank you for your support, it's been a pleasure to work with you this year.

With best wishes
Kevin Roberts and the ZeroDayLab Team.

How to Help Your Staff Stop Phishing Attacks Netting Your Assets

With cyber attacks on the rise, research shows that 78% of attacks are conducted through email attachments putting your staff on the front line.

This webinar looks at the current threats, common tactics, how to assess your employees and how phishing resilience programmes and security awareness training can mobilise your workforce to be your first line of defence.

This webinar features a client case study illustrating how assessment and training delivered real change in their organisation.

ZeroDayLab Nominated for Consultancy Practice of the Year 2016

For the second year running, ZeroDayLab, the European IT Security Consultancy, has been nominated for one of the top awards at the Cyber Security Awards. The security company was honoured as a finalist in the Consulting Practice of the Year category following shortlisting by a panel of 10 expert judges from across the cyber industry.

Judge, Karla Jobling, COO Beecher Madden & Tatius Group said; “To be nominated as a finalist is a great achievement as the competition this year is tough. As always, the judges are looking to reward high achievers within our industry and are looking for those who demonstrate passion and innovation, within cyber security.”

Competition is stiff for the Consultancy Practice category and will see ZeroDayLab contest the prize with 8 other firms including the likes of Accenture, KPMG and Kroll. The winners will be announced and celebrated during the awards dinner and presentation on June 23rd 2016 at the Chelsea Harbour Hotel. The ceremony will be attended by the finalists, industry leaders, judges and sponsors.

ZeroDayLab’s Managing Director, Kevin Roberts commented; “We are absolutely delighted to be finalists for Best Consulting Practice for the Cyber Security Awards 2016. This is the second year running we have been nominated and this achievement is down to the hard work and dedication of our team. As a consulting company, we are passionate about the need to not only deliver individual projects to an excellent standard, but ideally becoming a key, strategic Security Partner of choice to each of our clients to ensure they are achieving Continuous Security Improvement at all levels due to the rich portfolio of services and solutions we have to offer.”

About ZeroDayLab
One of Europe’s leading and most respected IT Consultancies, ZeroDayLab takes a unique 360° approach to Total Security Management helping make our clients’ infrastructure, applications and data more secure in the face of continually evolving Advanced Persistent Threats.

We apply world-class expertise via our 4 Cornerstone approach of Ethical Hacking; Consultancy; Governance, Risk & Compliance and Education & Training; alongside leading-edge security technologies. From penetration testing to next generation SOC and dark web analysis to incident response we enable our clients to implement an effective Total IT Security Strategy. Our broad range of clients includes some of Europe’s leading organisations across many verticals including Retail, Telecommunications, BFSI, E-commerce, Travel and Defence.

About the Cyber Security Awards
The Cyber Security Awards is a leading awards event for the cyber security industry. The event consisted of reception drinks, a 4 course meal and entertainment. The Cyber Security Awards is the ideal event to gain recognition for your success and to reward individuals or teams within the business. At the awards, you can network with leading industry professionals from consultancies, technology firms, defence businesses, FTSE250’s and public sector bodies.

The 2016 Judges:
Malcolm Brooke – Managing Director Head of Shared Services Operations Risk, Business Continuity and Technology Risk, Credit Suisse
Mark Brown – Executive Director Cyber Security & Resilience, EY
Karl DiMascio – Managing Partner, Executive Risk Magazine
Duncan Hine – Senior Research Fellow, University of Warwick
Karla Jobling – COO, BeecherMadden & Tatius Group
Neira Jones – FBCS, MSc, Chairman Global Advisory Board, Centre for Strategic Cybercrime & Security Science
Adrian Leppard – Commissioner, City of London Police
Talal Rajab – Programme Manager – Cyber, Justice and Emergency Services and National Security, techUK
Malcolm Tuck – Director Strategic Alliances Europe & Board Member, Kaspersky Lab

Cyber Presentation & Drinks, Avoiding Post-Breach Disaster: How to Prepare to Protect Your Reputation & Bottom Line

The estimated costs so far for TalkTalk's recent breach now run into £60m, with an initial drop in the share price of 13% (now 7%). Then, consider Target, breached in 2013 with the last reported costs at $162m and still counting.

Going forward, we are in the advent of the new EU Data Protection rules. The potential negative impacts of a breach seem almost limitless; combine the logistical and costly nightmare of losing your prize asset, data; its impact on the day-to-day business and revenues; the potential PR nightmare affecting your brand and future business, then simply add the new EUDPR fines which could be up to 4% of your profits. So, how do you prepare to reduce the impact of an attack?

This free executive seminar will address:

• How to identify your key risks and the fundamental steps for an effective incident response plan.
• The Good, The Bad and The Ugly - the importance of integrating communications for cyber disaster aversion.

Your Speakers:

• Nick Prescot, Senior Information Security Manager, ZerodayLab
• Angela Yore, Founder, SkyParlour
• Kimberley Waldron, Founder, SkyParlour

Venue: The Lansdowne Club, Mayfair, London
Time: 26th April 2016
Registration: 4.00 - 4.30pm
Presentations: 4.30pm to 6.00pm
Reception: 6.00pm to 8.00pm - drinks, canapes and networking.

Places are limited. Click here to book your free place today.

Webinar – Cyber Defence & EU General Data Protection Reform – Are You Ready?

ZeroDayLab’s Senior Information Security Manager, Nick Prescot, joins the leaders in digital forensics, LGC for a webinar discussing the incoming EU GDPR and the preparing your organisation for the inevitable cyber breach. The speakers will discuss:

• The imminent European Union General Data Protection Regulation (EU GDPR)
• Its origins and coverage related to the growing scale of threats from cyber crime
• The importance of being thoroughly prepared for cyber breach and incident response

Date: Friday 12th February 2016
Time: 2.00 – 2.45pm

Glasswall Solutions and ZeroDayLab join forces to launch unique cyber-security offering

London UK, 25th January 2016: Glasswall Solutions, the acclaimed UK cyber security company, has cemented its partnership with expert cyber security consultancy group, ZeroDayLab.

ZeroDayLab will be utilising Glasswall’s unique “known good” approach to cyber security, which breaks in-bound files down to byte level to match them against manufacturers’ standard, in order to provide their clients with absolute security. Glasswall Solutions fits into ZeroDayLab’s 360° approach to IT security, providing best of breed technologies and award winning consultancy to offer total security management.

Kevin Roberts, managing director at ZeroDayLab said: “In recent times we have seen threats to cyber security increase at an alarming rate, and many businesses have found themselves unprepared and vulnerable to attacks. Having initially been commissioned to conduct an independent penetration test of the Glasswall software and email platform, which it passed with flying colours, we immediately saw the potential benefits Glasswall would provide our customers. Our partnership with Glasswall will cover every angle to provide a uniquely holistic approach to managing risks, which makes this an exciting and beneficial relationship.”

“Glasswall Solutions has developed a highly innovative answer to solve the single biggest cyber threat facing organisations around the world, presented by the corruption of email-bound documents. This threat is currently responsible for 94% of successful attacks, but with Glasswall’s technology and ZeroDayLab’s 360° IT security plan, these attacks are stopped at source. This unique partnership will bring something really special to our clients to provide complete protection,” added Roberts.

Due to the uniqueness of Glasswall’s technology, its addition represents an entirely new string to ZeroDayLab’s portfolio. ZeroDayLab plans on utilising Glasswall Solutions in order to close this gap in security for UK businesses.

ZeroDayLab’s client portfolio includes some of Europe’s leading firms in markets such as BFSI (banking, financial services and insurance), retail, telco, e-commerce, travel & logistics and defence.

“This partnership will address some of the biggest challenges businesses are expected to face in the coming year and beyond,” said Chris Dye, VP of Alliances at Glasswall Solutions. “With new EU regulation imminently coming into effect, companies must prove their compliance and protection, or risk facing fines of up to 5% of global revenue.”

“We have been looking for a partner who can support the implementation of our technology as part of organisations’ holistic IT security strategy. This partnership with ZeroDayLab offers an exciting prospect to combine our game changing technology – recently applauded by Chancellor George Osborne in his speech on renewed cyber security investment – with consultancy led expertise and relationships offered by ZeroDayLab. The partnership spells an exciting time for both companies,” concludes Dye.

Executive Seminar: Limitless? Avoiding Post-Breach Disaster How to Prepare to Protect Your Reputation & Bottom Line

The estimated costs so far for TalkTalk's recent breach now run into £35m (with 157,500 records lost at £222 per breach), with an initial drop in the share price of 13% (now 7%). Then, consider Target, breached in 2013 with the last reported costs at $162m and still counting.

Going forward, January 2016 sees the birth of the new EU Data Protection rules. The potential negative impacts of a breach seem almost limitless; combine the logistical and costly nightmare of losing your prize asset, data; its impact on the day-to-day business and revenues; the potential PR nightmare affecting your brand and future business, then simply add the new EUDPR fines which could be up to 5% of your profits. So, how do you prepare to reduce the impact of an attack?

This free executive seminar will address:

• How to identify your key risks and the fundamental steps for an effective incident response plan.
• The Good, The Bad and The Ugly - the importance of integrating communications for cyber disaster aversion.

Venue: The Lord Mayor's Parlour, The Town Hall, Manchester
Time: 10th February 2016
Registration: 4.00 - 4.30pm
Presentations: 4.30pm to 6.00pm
Reception: 6.00pm to 8.00pm - drinks, canapes and networking.

Places are limited. Click here to book your free place today.

ZeroDayLab Eyes Market-Changing, Enhanced Security and Strong Growth with GlassWall Partnership

As ZeroDayLab partner, GlassWall Solutions, launches its unique patented technology to the market and announces the recruitment of former GCHQ chief Sir Iain Lobban to its advisory council; ZeroDayLab clients drive increasing demand for the enhanced security it offers.

Passionate advocates of a 360°ree; approach to IT Security, ZeroDayLab were early adopters of Glasswall, quickly seeing the tremendous value the solution would bring to its client-base due to its simple premise of allowing only the ‘known good’ into an organisation’s networks.

ZeroDayLab Managing Director, Kevin Roberts, comments: “We are delighted to support GlassWall in their full market launch this week and the addition of Sir Iain Lobban to their advisory panel. The combination of this unique, ground-breaking technology and such an eminent and talented Information Security advisory team behind them, underlines our belief in this unique, UK, security technology. We are proud to be working with so many of our clients on the implementation of this solution because quite simply it gives organisations back the control they currently lack in the now infinite battle to keep up with the cyber criminals’ latest threats.”

GlassWall’s game-changing solution defeats all in-bound, file-based cyber threats by adopting a unique approach. Instead of searching for malware and viruses, Glasswall breaks down every file to byte level, searching only for “known good” and matching the files against manufacturers’ standards. A fully-compliant, completely clean file is re-generated in real-time, giving businesses total confidence in security. Glasswall puts organisations back in control of files and documents through the ability to apply policy at a granular level ensuring best practice, audit and compliance requirements are adhered to and delivering absolutely safe files to the user without impacting business continuity.

Its solution is wholly effective in any organisation receiving files, typically via email, over which the vast majority of documents bearing malevolent macros are delivered. In Glasswall’s world, viruses and malware do not exist.

Mr Roberts continues: “In an environment where nearly 50% of employees open emails and click on phishing links and attachments within the first hour alone; GlassWall helps answer many of the frustrations our clients have. How do they keep up with persistent threats and how do they manage their weakest front (employees and email) where AV and Firewalls fail to deliver?”

The Cyber Minority Report: Female Perspectives

ZeroDayLab consultant, Cecilia McGuire has been invited to speak at the ISACA London Chapter’s event in central London on the 19th November. Cecilia will be addressing the hot topic of gender with a philosophical analysis of her journey in the cyber security world. Tickets are still available to both members and non- members (£20) and further details of the event are outlined below

The Event: The Cyber Minority Report: Female Perspectives

We are witnessing an accelerated stream of failures in Information security controls, processes, technology and a lack of awareness dominates our current state of affairs. Everyone agrees we need a change, yet our profession fails to deliver one. Could it be that the under-represented minority, women, have the answer to our quest for a more secure world?

Confirmed speakers and panel members:

• Karen Lawrence Öqvist
• Sarah Clarke
• Cecilia McGuire
• Karla Joblin
• Eh’den Biber

• 17:30: Registration
• 18:00: Introduction, chapter notifications
• 18:15: Cyber Security Gender Affairs – Eh’den Biber
• 18:35: The Box – Karen Lawrence Öqvist
• 18:55: Gender Identity – Cecilia McGuire
• 19:15: Short break
• 19:25: Interactive panel discussion
• 19:55: Closing words
• 20:15: Social session, refreshments

Date: Thursday 19th November 2015
Time: Registration starts at 17:30, event starts at 18:00
Location: ING Bank, 60 London Wall, London, EC2M 5TQ

Twice the Success as ZeroDayLab Wins Top Industry Award 2 Years Running!

The Computing Security Awards 2015 delivered a double joy for ZeroDayLab as they scooped one of the top awards for the second year running. Voted Security Service Provider of the Year 2015, the company was also named runner up in the Security Reseller of the Year category.

Nominated and voted for by the readers of Computing Security Magazine and industry professionals, the awards represent the hard work and the real benefit of the end product or service delivered.

This is the second year that ZeroDayLab has come to the fore in these awards, last year winning the Fraud Prevention Award and a runner up in Reseller of the Year and Security Service Provider of the Year.

These awards come not only on the back of last year’s successes but also two other awards where ZeroDayLab was named as a finalist earlier this year: The Network Security Awards and the Cyber Security Awards.

Managing Director, Kevin Roberts commented:

“We are delighted about this year’s win at the Computing Security Awards. Not least because this award really reflects the passion and energy the team puts in to ensure we deliver the best possible service for our clients that delivers actionable intelligence and effective strategies for our client`s cyber security.”

WEBINAR, 360° Threat Intelligence: Understanding & Managing the Impact of Zero Day Attacks

21st October – 2pm – 3.00pm

It is no secret that cyber attacks are increasing and their strategies persistently evolving putting significant pressure on limited internal resources, expertise and security budgets.

Technology, whilst vital, is now only a part of a successful Information Security strategy. The current threat environment now demands a 360° approach.

Detect – Investigate – Respond

Join ZeroDayLab and FireEye at 2pm on the 21st October 2015 for this free, exclusive executive webinar to discover how 360° Threat Intelligence takes organisations a step beyond solution-orientated defence tactics.

Learn more about:

• The current threat environment: What is changing and what are the challenges for the CISO?
• How Protective Monitoring and a SOC provide effective analysis and deliver a fast, agile threat response.
• Incident Management: how an embedded approach to breach response planning significantly controls and mitigates the impact of a breach.

Your speakers:

• Kevin Roberts, Managing Director, ZeroDayLab
• Darren Gale, EMEA Lead, Mandiant Consulting Services, FireEye Inc
• Stuart Peck, Pre-Sales Manager, ZeroDayLab
• Nick Prescot, Senior Information Security Manager, ZeroDayLab

Vote for ZeroDayLab in the Computing Security Awards 2015

ZeroDayLab is delighted to announce that they have been nominated in an incredible 4 categories for the Computing Security Awards 2015. This is the second year running the company has been nominated. In 2014 the company was the winner of the Fraud Prevention Award category and a runner up in the Security Company of the Year and Security Reseller of the Year categories.

On hearing the news of this year’s nominations in the categories of Security Company of the Year, Security Reseller of the Year, Security Service Provider of the Year and the Fraud Prevention Award; Managing Director, Kevin Roberts, commented: “We are over-the-moon to be finalists for the second year running. What is special about these awards is that they are voted for by the security professionals themselves and therefore really reflect how companies are viewed on their capacity to deliver what they promise which is what we strive to do; On Time, Every Time and In Budget.

The CS Awards take place on the 8th October at the Russell Hotel in London.

Please vote for ZeroDayLab for this year’s awards in the following categories:

360° Threat Intelligence - Understanding & Managing the Impact of Zero Day Attacks

City of London Club, London, 23rd June 2015

CISOs from across London and the South East joined us for our first 360° Insight Event, in partnership with FireEye, on the 23rd June at the beautiful City of London Club.

Produced in response to the queries being raised by our clients across the sectors, this 360° Threat Intelligence event took a look at how the threat environment is changing and the challenges it presents for the CISO in the face of zero day attacks.

Kevin Roberts, ZeroDayLab's® Managing Director welcomed attendees and opened the event, introducing FireEye's Global Technical Lead, Simon Mullis who set the scene on the changing face of cyber threats and the challenges they pose for the CISO.

Stuart Peck, ZeroDayLab's Pre-Sales Manager followed with a presentation on protective monitoring and how a SOC strategy approach provides an organisation with a far more robust defence strategy in the face of increasingly sophisticated APTs and Advanced Malware.

The key theme of the event was the concept of 360° Threat Protection and moving an organisation forward to be able to develop a proactive rather than reactive defence strategy. ZeroDayLab's Nick Prescot drew from his extensive GRC and incident management experience to outline a breach response cycle that can be developed with the implementation of effective protective monitoring with the benefit of faster remediation and reduced financial and operational impact on an organisation.

Webinar - Supply Chain Risk: Defending Business Continuity & Improving Cyber Security

Led by ZeroDayLab’s Managing Director, Kevin Roberts (left) and Pre-Sales Manager, Stuart Peck (right); the webinar was hot on the heels of the latest supplier breach suffered by TalkTalk, and looked at supply chains, breaches and how you can get better visibility and management over your risk.

A level of trust is often assumed when working with contractors, partners and suppliers but with over 40% of insider threats emanating from these third parties, how can a business track and manage this risk organisation-wide?

Examining the threat environment, a new 360° approach to Supplier Evaluation Risk Management and a demonstration and case study of how one leading investment organisation’s collaborative approach to Supplier Risk not only helps identify the suppliers that could risk a breach to their network but is in addition, providing greater corporate transparency, reporting and risk analysis across multiple functions with the added benefit of eliminating labour-intensive spread-sheets; all in less time, more cost-effectively and that provides significant return on investment

ZeroDayLab Announces Partnership with Falanx Group for the Delivery of SOC Services

ZeroDayLab is delighted to announce its partnership with Falanx Group for the delivery of SOC Services. The launch of ZeroDayLab’s Next Generation SOC further extends the company’s comprehensive set of cyber security solutions aimed at providing its clients with a 360 approach to IT Security Management.

John Blamire, CEO of Falanx Group, commented:

"We are pleased with the progress we have made towards becoming a major player in the Cyber Defence field over the last six months. Interest in our new service has continued to mount and we are optimistic about our future as a significant global provider of advanced Cyber Defence solutions.

We are very proud to be associated with organisations such as Principia Underwriting and ZeroDayLab, who share our ambition to change the Cyber Security landscape for the benefit of the UK and our global clients."

Kevin Roberts, Managing Director of ZeroDayLab commented:

"We're delighted to be partnering with Falanx Assuria for our Next Generation SOC service providing 360 degree Threat Intelligence. An effective SOC is a vital component of an effective security strategy and this collaboration enables us to deliver a world-class SOC service for our clients which combined with our market-leading security consulting services, will deliver an unrivalled, comprehensive approach to security strategy that is needed in today's constantly changing threat environment."

Industry Clicks with ZeroDayLab as Consultancy Named Finalists in Three Categories for Network Computing Awards

ZeroDayLab® is delighted to announce that they have been announced as finalists in three categories for the Network Computing Awards 2015: Company of the Year, Reseller of the Year and Service Provider of the Year.

Nominated and voted for by the readership of Network Computing Magazine, the annual awards are the second industry awards ZeroDayLab® has been voted for in as little as four months following a successful hat-trick of a win and two runner-up awards at the Computing Security Awards in October 2014.

Managing Director, Kevin Roberts commented: “We are ecstatic to be finalists for the Network Computing Awards. The nominations are testament to our team’s hard work and total commitment to Customer Satisfaction and the belief that our 360⁰ approach to Total Security Management is truly the best way to ensure our clients have the best defences against today’s increasingly fast-moving threats.”