Fresh Security Blog

Cybersecurity is a cost of doing business. Zero-based budgets control costs while ensuring you have all the protection you need.

Fresh Thoughts #144: Life Hack or AI-Powered Attack?

November 12, 2024

Travelling by train or plane, it is tempting to use the time productively. But people rarely consider who is sitting behind their shoulder - reading their screen.

Fresh Thoughts #142: Recalling an Uncomfortable History

October 29, 2024

Microsoft dreamt of introducing a photographic memory of everything you do on your PC... "and now we have it".

Fresh Thoughts #141: The Traditions of Vulnerability Management

October 22, 2024

It is a tradition for young security enthusiasts to learn their skills on the wrong side of the law... and that taints our understanding of vulnerability management.

Fresh Thoughts #140: Managing Generative AI

October 15, 2024

In a way - different generative AI models appear to have personalities. At the risk of anthropomorphising AI - let me explain.

Fresh Thoughts #139: Generative AI Threats - Part 2

October 10, 2024

What are the unique threats you face when using generative AI?

Fresh Thoughts #138: Generative AI Threats - Part 1

October 1, 2024

What are the common business threats you face when using generative AI?

Fresh Thoughts #137: AI's Productivity Denial of Service

September 24, 2024

It took 68 seconds to create a business case, set of operating procedures, and launch plan... and 20 minutes to review. We have a denial of service problem.

Fresh Thoughts #136: We're Not in Kansas Anymore

September 17, 2024

Is the o1 model artificial general intelligence (AGI)? I don't know, and I'm not sure I care. What is absolutely clear is... "Toto, I have a feeling we're not in Kansas anymore."

Fresh Thoughts #135: Listen for the Tiny Details That Matter

September 10, 2024

ChatGPT moved to a different web development framework. So what? Does it matter?

Fresh Thoughts #134: Spring/Summer Directory 2024

September 3, 2024

The Spring/Summer 2024 Fresh Thoughts directory.

Fresh Thoughts #132: Red Teaming AI

August 20, 2024

Is there a missing piece in the Red Teaming AI story?

extension cord plugged into a rats nest of cables

Fresh Thoughts #131: New Isn't Always Better

August 13, 2024

When working towards ISO-27001, a customer found the new automated platforms aren't always the answer.

juniper tree blown over in the sea breeze

Fresh Thoughts #129: Plan B: Resilient Operations - Lessons Learnt

July 30, 2024

What lessons can we learn from the CrowdStrike outage?

Fresh Thoughts #128: "Special Features" Causing Problems

July 23, 2024

Was the CrowdStrike outage caused by a testing failure or being a little too smart? Let's consider the options...

Fresh Thoughts #127: Bug Bounties and Beg Bounties

July 16, 2024

I've found a vulnerability... now what?

screwed up pieces of paper while writing an essay

Fresh Thoughts #126: It's a Journey

July 9, 2024

"Have you ever gone back and read a university or high school essay? Terrible, isn't it..."

Fresh Thoughts #125: A Recent Security Conversation...

July 2, 2024

We're thinking about doing proactive threat hunting. What do you think?

Fresh Thoughts #124: Consistency

June 25, 2024

Progress and success aren't the result of a one-time action...

Fresh Thoughts #123: What is Security Culture?

June 18, 2024

Everyone needs to build a "security culture"... But what is a "security culture"?

Fresh Thoughts #122: Our Office is a Destination

June 11, 2024

For us, "the office" becomes a destination - like a favourite cafe or venue. Somewhere worth making an effort to attend.

Fresh Thoughts #121: Why Security Policies Keep Getting Longer and How to Stop it

June 4, 2024

How do we constrain the unrestricted growth of policies?

Fresh Thoughts #119: Is Your Service Provider Treating You as a Pet? Or Cattle?

May 21, 2024

With cloud computing, everything is replaceable. There is no tending or hand-feeding...

Fresh Thoughts #118: The Importance of Practical Experience

May 14, 2024

Experience is only gained by doing. Something that sounds easy can be quite challenging...

Fresh Thoughts #116: Trust, But Verify

April 30, 2024

As optimistic creatures, we will have a tendency to trust. But when was the last time you checked a crucial linchpin detail?

Fresh Thoughts #115: Follow the Data

April 23, 2024

When I lead discovery workshops for M365 Conditional Access reviews, I use the "follow the data" approach.

Fresh Thoughts #114: Concept Squatting: The New Challenge of Deceptive Domains

April 16, 2024

In new research, we found over 2,000,000 business name combinations for a single company. This makes the challenge of deceptive domains a vast problem.

Fresh Thoughts #113: Do You Know Where Your Data Is?

April 9, 2024

The challenge is not about who has access to sensitive data. The crux of the problem is - how to stop sensitive data from leaking outside of company control.

Fresh Thoughts #111: Do You Trust What AI Says?

March 26, 2024

So how can it be possible that AI would be suitable to speak to your customers - on your behalf - without supervision?

Fresh Thoughts #110: Which Human? Part 2

March 19, 2024

From working with law enforcement, I know it is tricky to deal with cybercrime. It is obvious that a crime was committed, but by who?

Fresh Thoughts #109: Are You Human? Part 1

March 12, 2024

From a cybersecurity view - proof of human is not new. Although it is framed more broadly than the Worldcoin perspective.

Fresh Thoughts #108: Using AI: Over Confident & Over Generalised

March 5, 2024

It is essential to remember and fully understand that ChatGPT is doing nothing more than predicting the next few characters in a sentence.

Fresh Thoughts #107: Trouble Ahead From AI Cyber Threats

February 27, 2024

So, now we must assume that every phishing link will be clicked. And defend our schools, businesses and data on that basis.

Fresh Thoughts #106: Swarming Drones and Emerging Behaviours

February 20, 2024

This emergent behaviour idea is critical to AI Prompt Engineering and cybersecurity. A sharp contrast to traditional computer programming.

Fresh Thoughts #105: Integrity and Control in the Age of AI Agents

February 13, 2024

AI agents are trained using a technique called Prompt Engineering. This new discipline explains how the agent should operate using natural language.

Woman enjoying reading a book on a sunny day

Fresh Thoughts #104: The Fight to Keep It "Real"

February 6, 2024

The AI tribes are forming. Are you for or against AI?

Fresh Thoughts #103: Authoritarian Firewalls & Conditional Access Coaches

January 30, 2024

Conditional Access takes a layered, emergent approach. Combining all access rules to get a final “intent” for each individual.

Fresh Thoughts #102: Operations or Innovation

January 23, 2024

Unless you're in a company expecting to fail, it's all about operations. Doing what you say you are going to do. Each time. Every time.

Fresh Thoughts #101: Context Changes Everything

January 16, 2024

Is it ok to shout in a library? Well... it depends on the context.

Fresh Thoughts #100: Everyday Resilience

January 9, 2024

Floods and power cuts can't stop a resilient community.

Fresh Thoughts #97: Autumn/Winter 2024 Fresh Thoughts Directory

December 19, 2023

The Autumn/Winter 2024 Fresh Thoughts directory.

Fresh Thoughts #96: Robust or Resilient?

December 12, 2023

Robust. Resilient. Words sprinkled into IT presentations and marketing, but what do they actually mean?

Fresh Thoughts #95: Secure Access for Microsoft 365 & Google Workspace

December 5, 2023

Identity. Context-based access decisions. Device management. Can we ever have all three - from a single platform?

Fresh Thoughts #94: What is Secure Access?

November 28, 2023

Sufficiency and "good enough" are essential to business conversations about IT and cybersecurity.

Fresh Thoughts #93: OpenAI has a big Social Engineering Problem

November 21, 2023

Reports of AI replacing jobs has an implicit assumption. AI takes the strengths of being human and none of the frailties. But is that true?

Fresh Thoughts #92: The Legacy Game: How Tech Vendors Are Missing the Mark

November 14, 2023

Do vendors know what game they are really playing? We should learn from history, and AWS emergence as a $20B+ business.

Fresh Thoughts #91: Buying IT

November 7, 2023

People become incredibly passionate about their choice of commodity and utility tech. But should they?

Fresh Thoughts #90: Impromptu Chats Around a Cyber Campfire

October 31, 2023

Where can you ask questions? Without a place to gather, there isn't a place to foster friendships and meet new people. So we decided to do something.

Fresh Thoughts #89: Market Dynamics and Malware Detection

October 24, 2023

All business practices, knowledge and activities evolve... and that impacts markets and what we should expect from our purchases.

Fresh Thoughts #88: Doublespeak

October 23, 2023

Doublespeak is a necessary evil to answer oversimplified, large-scale, closed questions. But at a small, specific scale... it just creates problems.

Fresh Thoughts #87: IT is Disposable... In a Good Way

October 16, 2023

In IT - craft is bad. Craft is the first step to technical debt and inertia...

Fresh Thoughts #86: Beware Sprinkles of AI

October 9, 2023

Generative AI is not creative. It doesn't know how to play with context - or challenge preconceptions.

Fresh Thoughts #85: In Pursuit of Novel and New

October 2, 2023

Today's novel and new is cyber threat hunting. But as a business leader - I wonder... What does it achieve? And at what cost?

Fresh Thoughts #84: Inertia Creeps

September 25, 2023

When it's mishandled, inertia kills any decision, project or progress. I've seen companies fail... But in this case - I was wrong.

Fresh Thoughts #83: How To Find A Fossil (in the UK)

September 18, 2023

Fossil hunting inspired the question - should we build it ourselves, buy it or partner when thinking about Cybersecurity?

Fresh Thoughts #82: We're Going On A Fossil Hunt

September 11, 2023

10 Minutes Read

Fossil hunting with my son...

Fresh Thoughts #81: Spring/Summer Directory 2023

September 4, 2023

Before we head into the last third of 2023 - it's time for another directory.

Fresh Thoughts #80: Cybersecurity is an Infinite Game

August 22, 2023

New cybercrime groups will form and become notorious. There is no stopping it. The only goal is to be in business - so you can play tomorrow.

Fresh Thoughts #79: There's a Time and Place for Detail

August 14, 2023

This week, the idea of tuning out the detail popped into my head while reviewing Microsoft 365 Conditional Access policies...

Dice with letters on showing the word GAME.

Fresh Thoughts #78: The Password Game

August 7, 2023

Cybersecurity isn't great with empathy. Choosing correct over compassionate. Here's how you explain this to cybersecurity pros...

Chess board about to be attacked by a cat

Fresh Thoughts #77: Three Days in the Desert

August 1, 2023

Whether you follow the teachings of Sun Tzu or Rage Against The Machine - we are told “know your enemy”...

Fresh Thoughts #76: How a Service Provider's Claims Made Me Go on a Diet

July 25, 2023

Personal training and security are about doing - not about talking and what could be done.

Fresh Thoughts #75: Your Policy is a Collection of Experiences

July 18, 2023

What decides your risk tolerance? Your risk assessment, policies, and processes? Or the actions of your staff?

Fresh Thoughts #74: We built Fresh Security on a Foundation of Sustainability

July 11, 2023

Once set, automation can sustain - until it's stopped. But people. People need breaks.

Grown up robot figure and child robot figure.

Fresh Thoughts #73: Deep Fakes - The End of the World is Nigh...

July 4, 2023

Are voice-based AI deep fakes real? The news say - Yes! ...but when you trace the origin of the story, the answer isn't clear.

Fresh Thoughts #72: Are We Under Attack From Voice AI Scams?

June 27, 2023

If you read the media, the answer will almost certainly be "Yes..." - but things are not quite as clear as they seem.

Fresh Thoughts #71: Responsible Disclosure

June 20, 2023

Even with the best testing in the world - there will be faults and security vulnerabilities. That's why we have responsible disclosure...

Fresh Thoughts #70: 250,000 False Positives?

June 13, 2023

Saying there are 250,000 security vulnerabilities means there are 250,000 ways that assist or enable a hacker to break into that business...

Fresh Thoughts #69: Bypassing Multi-Factor Authentication

June 6, 2023

Our blind spots are the risks we accept tacitly - because we don't know any different. One of those blindspots is likely how hackers are currently bypassing multi-factor authentication (MFA).

Fresh Thoughts #68: Do Nothing Until the Risk Becomes Unbearable

May 30, 2023

That wall is starting to feel like an unacceptable risk. Maybe it's time to schedule some preventative maintenance. Is it time for your executives to review the risks they currently accept in your IT systems?

Paper boats going in a line until they hit a drop.

Fresh Thoughts #67: Monitoring - Executive Needs

May 23, 2023

Last week I started a mini-series on automating audits. This week - how can monitoring help us understand what executives and IT administrators need from audits?

Fresh Thoughts #66: Automating Audit

May 16, 2023

For cybersecurity - the thinking of point-in-time audits and fixes is almost a decade out of date... "Microsoft's Patch Tuesday leads to Exploit Wednesday".

Fresh Thoughts #65: How to Spring Clean Your Data

May 9, 2023

Last week we looked at spring cleaning your network. This week - it's all about organising your business information.

Fresh Thoughts #64: How to Spring Clean Your Network

May 2, 2023

Spring is in the air. As most cybersecurity projects start by tidying an existing environment before making improvements - spring cleaning came to mind. This week - it's all about your network.

Fresh Thoughts #63: The Power of Experiences

April 25, 2023

"Please, can you pass me that soldering iron?". He picked up the wrong end. At that moment, I recognised the difference between book knowledge and experience...

Fresh Thoughts #62: Scattered Secrets: How Lockdowns Changed IT and the Way We Think About Security

April 18, 2023

The last vestiges of the pandemic are playing out, and returning to pre-pandemic policies. But one area I have already seen a substantial change is in business IT...

Fresh Thoughts #60: The Truth About Incident Response

April 4, 2023

Responding to cybersecurity incidents doesn't always get to the "truth", and that's why you must prepare beforehand...

Fresh Thoughts #59: What Do Soft Play Centres, Top Secret Government Bases and Your Supply Chain Have in Common?

March 28, 2023

Spending most of my time looking and thinking about security issues in customers' supply chains - I found an unconventional yet fitting comparison...

Fresh Thoughts #58: Vulnerability Scans or Pen Tests?

March 21, 2023

I was helping prepare a cyber insurance questionnaire, and a thorny question arose - What's the difference between a vulnerability scan and a penetration test?

One match next to the other and now also

Fresh Thoughts #57: Backup and Disaster Recovery Are Very Different Things

March 14, 2023

Working in the computer storage industry I learnt a valuable lesson - which many knowledgeable, technical people still don't recognise...

Fresh Thoughts #56: We Made a Mistake

March 7, 2023

Mistakes will happen. But how can you minimise the number of mistakes - and systematically learn from them when they occur?

Fresh Thoughts #55: A Great Security Experience

February 28, 2023

It's hard to see the value of security until it's needed. It can feel like a waste. But security is the cosiest feeling when the chips are down.

Fresh Thoughts #54: What Can a Stolen Handbag Teach Us About Threats?

February 21, 2023

The latest version of ISO 27001 has a new control - Threat Intelligence. What is it? And how can a recent theft help us understand more?

Fresh Thoughts #53: Asset Management - Done Differently

February 14, 2023

If you don't know what devices connect to your network, how can they be secured? Are they patched and configured correctly? Let's talk asset management.

Fresh Thoughts #52: Should You Pay a Ransom?

February 7, 2023

Ransomware payments - I thought I knew the answer. But researching the topic ready for this newsletter, I found a much more complicated situation.

Fresh Thoughts #51: Autumn/Winter Directory 2023

January 31, 2023

Next week it will be one year since I started writing Fresh Thoughts. Time to reflect on the stories we've covered in the past year...

Fresh Thoughts #50: The 10 Immutable Laws of Security Administration

January 24, 2023

This hard-to-find blog post from 2000 lays out ten fundamental truths of cyber security. 23 years on... it's still insightfully brilliant.

Fresh Thoughts #49: How Do You Respond? OODA

January 17, 2023

This is the model I use to respond to all types of cybersecurity and business situations... OODA.

Fresh Thoughts #48: Are Cyber Attacks "Uninsurable"?

January 10, 2023

The headlines say, "Cyber attacks set to become 'uninsurable', says Zurich chief"... But is this real or clickbait?

Fresh Thoughts #47: Situation Normal. The End of the World Is Nigh.

January 3, 2023

As is tradition the conclusion of the LastPass data breach was spun into "the end of the world is nigh" scaremongering. But what does it actually mean?

Fresh Thoughts #46: The People Perimeter

December 20, 2022

No amount of cybersecurity technology can provide perfect protection. At some point, your people will need to form a defensive perimeter...

Fresh Thoughts #45: Can ISO-27001 Solve Our Siloed Comms Problem?

December 13, 2022

ISO 27001 isn't just a security certification - it can also help your team communicate effectively.

Fresh Thoughts #44: Let Technology and People Play to Their Strengths

December 5, 2022

Do people and technology both have the same strengths in cybersecurity?

Fresh Thoughts #43: Who Do You Trust More - People or Tech?

November 29, 2022

It can be challenging to decide which is better... Buying more security tech or taking a human-centric approach? Here are some points you should consider...

Fresh Thoughts #42: My Security Is Like Swiss Cheese

November 22, 2022

Your security is like Swiss cheese. Is that an insult or a good thing?

Fresh Thoughts #41: Are You Ready to SOAR?

November 15, 2022

Are you ready to auto-magically respond to every other incident with SOAR... 🤔

Fresh Thoughts #40: Think Like a Hacker

November 8, 2022

What motivates a hacker to infect a computer? Let's use the recent EMOTET outbreak as an example...

Fresh Thoughts #39: The #1 Reason Cyber Insurers Don't Pay

November 1, 2022

Why do cyber insurers refuse claims? It turns out there's one main reason...

Person standing alone in a field of wheat

Fresh Thoughts #38: “You're on your own.”

October 25, 2022

Sandip Patel KC tells us - "The government and law enforcement are not going to save you from cybercrime."

Fresh Thoughts #37: What Does It Take to Get ISO27001:2022?

October 18, 2022

You're thinking about ISO 27001:2022… So what does it take to achieve the certification?

Fresh Thoughts #36: Get Security Certified! Why Should We?

October 11, 2022

Why do we do cybersecurity? It's a question we regularly ask at Fresh Security and the answers are pretty predictable...

Fresh Thoughts #35: Who Represents Your Business?

October 4, 2022

Every new Fresh Security customer receives a handwritten Thank You note. It's a small token saying - we appreciate your trust...

Fresh Thoughts #34: Are We Asking Too Much of IT Admins?

September 27, 2022

"When I started, it was common to have 6-9 months to figure out a new technology... Now my team has 2 days."

Fresh Thoughts #33: The Show Must Go On

September 20, 2022

After every shock or atrocity, there is a time of recoil. This pause happens whether it's an event of world significance, a purely personal one...

Fresh Thoughts #32: The Queen's Wit

September 13, 2022

10 Minutes Read

My mum's Irish. And like many old societies, the Irish have strong opinions about death. If you've been to an Irish wake, you'll know...

Fresh Thoughts #31: The State of Cyber Insurance - September 2022

September 6, 2022

In March we made predictions about the cyber insurance industry. Were we right?

Fresh Thoughts #30: Spring/Summer Directory 2022

August 30, 2022

With 29 issues of Fresh Thoughts under our belts, it's time to pause and reflect. Here are the themes we have touched on...

motion blur of people walking in an underground station

Fresh Thoughts #29: Security Should Be Shaker, Not Silk

August 23, 2022

The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.

Fresh Thoughts #28: Resilience: What Are My Options?

August 16, 2022

There should never be a budget for unnecessary. But when spending gets tight - resilience can start to look increasingly unnecessary.

Fresh Thoughts #27: Resilience: Keeping the Lights On and the Business Moving

August 9, 2022

"Never say - redundant. It implies unnecessary. And there's no budget for unnecessary." I was told this 3 days into my cybersecurity career.

Fresh Thoughts #26: How to Right-Size Accountability

August 2, 2022

Being held accountable but having no control. It's one of the worst feelings I know. Unfortunately, it's all too common in cybersecurity...

Fresh Thoughts #25: The Revolutionary Advance of Three Random Words

July 26, 2022

Passwords have always been a problem. But in 2016, the NCSC rejected the legacy password rules and published a new, revolutionary idea...

Fresh Thoughts #24: The Evolution of Cybersecurity: Antivirus

July 19, 2022

"Cybersecurity tech is constantly changing". Erm… not in my experience. Most of the cybersecurity tech is evolutionary.

Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back

July 13, 2022

In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?

Fresh Thoughts #22: Incident Response: What Most Companies Do & How To Respond

July 5, 2022

Once the shock of a data breach or ransomware attack subsides, everyone starts asking the question… What do most companies do in this position?

Fresh Thoughts #21: The "I've got a policy you can use..." Insult

June 28, 2022

Cybersecurity policies have a bad reputation. It's well deserved, but it doesn't have to be this way.

Fresh Thoughts #20: Brown M&Ms & Trusting Your Team

June 21, 2022

Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones. While easily dismissed as rockstars being picky - it was anything but.

Fresh Thoughts #19: Tiny Changes, Significant Impact & Board Briefing Packs

June 13, 2022

At Fresh Security, we help our customers make small, tiny changes to the way they work. But those tiny changes create significant impacts.

Fresh Thoughts #18: Policies, Plans and Bad Weather

June 7, 2022

In business, there's a plan. But unlike a boat with a rudder and propulsion, there isn't a mechanical way to translate the plan into action. In business, we use policies.

Fresh Thoughts #17: Foundations and First Principles

May 31, 2022

Cybersecurity doesn't need to be complicated. Here are 2 models to ask questions and find gaps.

Fresh Thoughts #16: Risk Is Part of Business & Why Certification Is Not the Goal

May 24, 2022

Here are the 4 ways to deal with the risk of business and everyday life... And why security certifications are a goal....

Fresh Thoughts #15: Vulnerability Zero Is A Terrible Idea & Consistent Secure Configuration

May 17, 2022

Vulnerability Zero is the idea that you should fix every vulnerability. Vulnerability Zero is a terrible idea. Here are seven reasons why...

Fresh Thoughts #14: The Emotional Rollercoaster of a Vulnerability Scan

May 10, 2022

Where else in life would you ask for a list of perceived flaws in excruciating detail? But that's precisely what a vulnerability scan is designed to do...

Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities

May 3, 2022

Some servers are like football supporters on a Saturday afternoon... And security certificates communicate information... quickly.

Fresh Thoughts #12: Lies. Statistics. Risk Transfer & Cyber Insurance.

April 26, 2022

Are you a hacker - by mistake? And watching an insurance underwriter decide if they will take on risk reminded me recently of being a new manager...

Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?

April 19, 2022

The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...

Fresh Thoughts #10: Risk is Not Unique & A Rotten Analogy

April 12, 2022

For some reason, cybersecurity folks seem to think they have a unique view of risk. But any business owner, investor or accountant knows - there are many types of risks we see...

Fresh Thoughts #9: Keeping on Top of Common Threats & Wasted Training?

April 5, 2022

Why use security awareness training when 90% is forgotten within 1 week? Security awareness training is about creating triggers. To cause people to "feel something isn't quite right".

radio antenna on a hill side picking up signals

Fresh Thoughts #8: Seeing Signals & Why Some Bugs are Unpatchable

March 29, 2022

Security awareness training teaches your team how to spot the signals used in scams. Once they see it...

Fresh Thoughts #7: The State of Cybersecurity Sales in 2022

March 22, 2022

Cybersecurity conferences are feeling nostalgic. Like it's 2010... but for some reason, no one is talking about the solution to ransomware. So we are...

Fresh Thoughts #6.5: Trust is Earned (Sometimes)

March 18, 2022

Trust should be simple. Trust is doing what you say you will - over time. Unless you're in cybersecurity, then...

Fresh Thoughts #6: Please. No More Security Soundbites

March 15, 2022

When you distil an idea too much, all meaning is lost. Security soundbites are contradictory and confusing. Time for a new project...

Fresh Thoughts #5: Password Managers Are Becoming Collateral Damage

March 8, 2022

Password managers are fundamental to better security practices. But since Christmas, LastPass and Chrome have been working to block each other. Why?

Fresh Thoughts #4: The Price of Cyber Insurance & Know Your Perimeter

March 1, 2022

The eye-watering price of cyber insurance renewals may be coming as a surprise... Let's have a look at why it's happening.

Fresh Thoughts #3: When Cyber Threats Are “Imminent” What Do You Do?

February 22, 2022

Doom! Doom! I say. What should you actually do when a cyber attack is imminent?

Fresh Thoughts #2: Zero Trust & Leading Indicators

February 15, 2022

Zero Trust is everywhere... but is it just another buzzword? And the trouble with looking at the wrong indicators.

Fresh Thoughts #1: Trouble Ahead for Cyber Essentials?

February 7, 2022

Are the new Cyber Essentials v3 cloud requirements possible for small & mid-sized businesses? Let's discuss.

Why is IT Asset Inventory Management Critical?

January 18, 2022

IT asset inventory management is one of the foremost security control measures. It increases the company's accountability and protects its assets.

Why it’s important to track what hardware you use?

December 13, 2021

You need to know what to protect before you can start creating cybersecurity processes and procedures.

How To Stop Hackers Getting In Your Business

November 11, 2021

Over the last two months, four businesses have approached me for support in managing their security breaches...

Planning meeting with group around a table looking at a woman working with post it notes on a whiteboard.

Top 10 Cyber Security Frameworks

October 11, 2021

An overview of the Top 10 cyber security frameworks - covering the UK's Cyber Essentials, CIS Security framework, ISO27001, NIST's Cybersecurity Framework and more.

It’s 2021 and We Still Don’t Know How to Give Password Advice

August 20, 2021

It’s 2021 and we still don’t know how to give password advice. If you look for password advice in 2021, you will get 2 very different sets of guidance.

Say What We're Not...

June 11, 2021

This Fresh Security Founder Friday we explore that sometimes it is easier to define what Fresh Security is not than what we are...

When Hackers Leak Data: Trik Spam Botnet, 2018

May 20, 2021

In June 2018, a threat intelligence analyst from Vertek Corporation unearthed a huge database. It contained 43 million email addresses. The analyst discovered the leak on a server of what’s known as the Trik spam botnet.

Account Takeovers Follow LinkedIn Data Breach, 2012 & 2016

April 14, 2021

On June 6th, 2012, LinkedIn responded to a seemingly harmless data breach that had occurred the day before...

Hacker Brags About Data Breach: Canva (2019)

February 11, 2021

On the 24th of May 2019, the Australian design platform Canva intercepted an attack as it was happening, but 139 million accounts were breached. Strangely, the hackers "gnosticplayers" bragged to the media and claimed responsibility within hours of being intercepted. But why?

Top cybersecurity threats and challenges of 2021 - Tonya Hall Show

December 17, 2020

15 Minutes Read

Fresh Security CEO - Jason Hart - stopped by the Tonya Hall Show for an end-of-year review and to share some ideas for 2021...

Competitive advantage of a red paper plane

Cyber security is a cost of doing business

November 6, 2020

Is security strategic or just a cost of doing business? While many talk about "investing in security", the reality is...

Jason Hart - Fresh Security CEO - speaking on a Webinar

Is it marketing or a data leak?

November 3, 2020

Your company's data is all over the internet... is that marketing? Or is it a data leak? Jason Hart shares his opinion.

Where Do Data Companies Draw The Line? Verifications.io Data Breach, 2019

October 8, 2020

On 25 February 2019 security consultant Bob Diachenko discovered an enormous database of emails and other personal information. Diachenko found that it contained 763 million records...

When Your Contact’s Address Book Gets Hacked: Covve (db8151dd) Data Breach, 2020

October 6, 2020

For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online. Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised.

Fresh Security Monthly Update - October 2020

October 5, 2020

For Fresh Security update for October 2020. We had the idea for Fresh Security almost exactly 12 months ago...

Are You At Risk of An Account Takeover? Onliner Spambot

October 1, 2020

Could highly visible people in your company have fallen victim to a spambot? Given that spambots have targeted billions over the years...

Illustration of a digital fingerprint made up of ones and zeros, slowly disintegrating into a pile of data.

Is Our Digital Footprint in Safe Hands? Part 2: Apollo Breach 2018

August 11, 2020

Continuing from our last blog, we're looking at another huge data breach of a data enrichment company, this time dating back to May 2018...

Is Our Digital Footprint in Safe Hands? Part I: People Data Labs (PDL) Breach 2019

July 30, 2020

Businesses that collect and sell data are, unsurprisingly, extremely juicy targets for phishing scammers and identity thieves...

stereotypical image of a hacker working in a dark room at night not showing their face

How Do Hackers Hack?

July 16, 2020

How Do Hackers Hack? In 3 simple steps. Find out as much information about you as possible. Find a weakness. Exploit the vulnerability and get in. Nothing has changed...

Keeping Grandma Out of Trouble With GDPR - Tonya Hall Show

June 30, 2020

Fresh Security CEO Jason Hart stopped in to chat with Tonya Hall about GDPR on her show, The Tonya Hall Show.

one bird standing on a phone line away from a larger group

Another Month, Another Way to Make Life Easier…

May 31, 2020

One of the greatest things we receive from the Fresh Security community is feedback. Lists of problems...

Fresh Security customer story from Clifton High School - education cybersecurity case study.

Customer Story: Clifton High School

May 1, 2020

Clifton High School was an early Fresh Security customer. In this customer story, James Webber explains how the school uses Fresh Security. As curriculum lead for digital learning...

Sat at a desk preparing the March 2020 Fresh Security community update

Fresh Security is Moving Faster 🏃

March 20, 2020

March 2020 update: At Fresh Security, we are a remote-first company, so we have felt little impact. But we are seeing many of our customers and friends adapting...

Prepare to be Shocked - Behind the Repairer Podcast - Episode 2

March 7, 2020

15 Minutes Read

When Fresh Security's customer Fix Auto told us they were launching a new podcast, we jumped at the chance to help them out. Hear what Jason Hart - Fresh Security CEO - spoke about...

#FridayFeedback: 2 Things I Didn't Know on Monday

February 7, 2020

With the soft launch of Fresh Security on Wednesday, this week has been focussed on marketing and communicating our values...

Fresh Security case study from Fix Auto.

Customer Story: Fix Auto

February 5, 2020

Fresh Security customer reference and case study by Fix Auto UK. Covering why they chose to use Fresh Security...

Our community is awesome!

January 31, 2020

The Fresh Security community are awesome and has referred 100 businesses. More details in the Fresh Security January 2020 newsletter.

Don't call me "user"

December 3, 2019

Have you noticed that the only people who call their customers ‘users’ are drug dealers and people who work in IT?

Time to Cut the Jargon

November 19, 2019