Fresh Security Blog

This is the model I use to respond to all types of cybersecurity and business situations... OODA.

Fresh Thoughts #48: Are Cyber Attacks "Uninsurable"?

January 10, 2023

The headlines say, "Cyber attacks set to become 'uninsurable', says Zurich chief"... But is this real or clickbait?

Fresh Thoughts #47: Situation Normal. The End of the World Is Nigh.

January 3, 2023

As is tradition the conclusion of the LastPass data breach was spun into "the end of the world is nigh" scaremongering. But what does it actually mean?

Fresh Thoughts #46: The People Perimeter

December 20, 2022

No amount of cybersecurity technology can provide perfect protection. At some point, your people will need to form a defensive perimeter...

Fresh Thoughts #45: Can ISO-27001 Solve Our Siloed Comms Problem?

December 13, 2022

ISO 27001 isn't just a security certification - it can also help your team communicate effectively.

Fresh Thoughts #44: Let Technology and People Play to Their Strengths

December 5, 2022

Do people and technology both have the same strengths in cybersecurity?

Fresh Thoughts #43: Who Do You Trust More - People or Tech? Part 1

December 5, 2022

It can be challenging to decide which is better... Buying more security tech or taking a human-centric approach? Here are some points you should consider...

Fresh Thoughts #41: Are You Ready to SOAR?

November 15, 2022

Are you ready to auto-magically respond to every other incident with SOAR... 🤔

Fresh Thoughts #42: My Security Is Like Swiss Cheese

November 15, 2022

Your security is like Swiss cheese. Is that an insult or a good thing?

Fresh Thoughts #40: Think Like a Hacker

November 8, 2022

What motivates a hacker to infect a computer? Let's use the recent EMOTET outbreak as an example...

Fresh Thoughts #39: The #1 Reason Cyber Insurers Don't Pay

November 1, 2022

Why do cyber insurers refuse claims? It turns out there's one main reason...

Person standing alone in a field of wheat

Fresh Thoughts #38: “You're on your own.”

October 25, 2022

Sandip Patel KC tells us - "The government and law enforcement are not going to save you from cybercrime."

Fresh Thoughts #37: What Does It Take to Get ISO27001:2022?

October 18, 2022

You're thinking about ISO 27001:2022… So what does it take to achieve the certification?

Fresh Thoughts #36: Get Security Certified! Why Should We?

October 11, 2022

Why do we do cybersecurity? It's a question we regularly ask at Fresh Security and the answers are pretty predictable...

Fresh Thoughts #35: Who Represents Your Business?

October 4, 2022

Every new Fresh Security customer receives a handwritten Thank You note. It's a small token saying - we appreciate your trust...

Fresh Thoughts #34: Are We Asking Too Much of IT Admins?

September 27, 2022

"When I started, it was common to have 6-9 months to figure out a new technology... Now my team has 2 days."

Fresh Thoughts #33: The Show Must Go On

September 20, 2022

After every shock or atrocity, there is a time of recoil. This pause happens whether it's an event of world significance, a purely personal one...

Fresh Thoughts #32: The Queen's Wit

September 13, 2022

10 Minutes Read

My mum's Irish. And like many old societies, the Irish have strong opinions about death. If you've been to an Irish wake, you'll know...

Fresh Thoughts #31: The State of Cyber Insurance - September 2022

September 6, 2022

In March we made predictions about the cyber insurance industry. Were we right?

Fresh Thoughts #30: Spring/Summer Directory 2022

August 30, 2022

With 29 issues of Fresh Thoughts under our belts, it's time to pause and reflect. Here are the themes we have touched on...

motion blur of people walking in an underground station

Fresh Thoughts #29: Security Should Be Shaker, Not Silk

August 23, 2022

The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.

Fresh Thoughts #28: Resilience: What Are My Options?

August 16, 2022

There should never be a budget for unnecessary. But when spending gets tight - resilience can start to look increasingly unnecessary.

Fresh Thoughts #27: Resilience: Keeping the Lights On and the Business Moving

August 9, 2022

"Never say - redundant. It implies unnecessary. And there's no budget for unnecessary." I was told this 3 days into my cybersecurity career.

Fresh Thoughts #26: How to Right-Size Accountability

August 2, 2022

Being held accountable but having no control. It's one of the worst feelings I know. Unfortunately, it's all too common in cybersecurity...

Fresh Thoughts #25: The Revolutionary Advance of Three Random Words

July 26, 2022

Passwords have always been a problem. But in 2016, the NCSC rejected the legacy password rules and published a new, revolutionary idea...

Fresh Thoughts #24: The Evolution of Cybersecurity: Antivirus

July 19, 2022

"Cybersecurity tech is constantly changing". Erm… not in my experience. Most of the cybersecurity tech is evolutionary.

Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back

July 13, 2022

In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?

Fresh Thoughts #22: Incident Response: What Most Companies Do & How To Respond

July 5, 2022

Once the shock of a data breach or ransomware attack subsides, everyone starts asking the question… What do most companies do in this position?

Fresh Thoughts #21: The "I've got a policy you can use..." Insult

June 28, 2022

Cybersecurity policies have a bad reputation. It's well deserved, but it doesn't have to be this way.

Fresh Thoughts #20: Brown M&Ms & Trusting Your Team

June 21, 2022

Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones. While easily dismissed as rockstars being picky - it was anything but.

Fresh Thoughts #19: Tiny Changes, Significant Impact & Board Briefing Packs

June 13, 2022

At Fresh Security, we help our customers make small, tiny changes to the way they work. But those tiny changes create significant impacts.

Fresh Thoughts #18: Policies, Plans and Bad Weather

June 7, 2022

In business, there's a plan. But unlike a boat with a rudder and propulsion, there isn't a mechanical way to translate the plan into action. In business, we use policies.

Fresh Thoughts #17: Foundations and First Principles

May 31, 2022

Cybersecurity doesn't need to be complicated. Here are 2 models to ask questions and find gaps.

Fresh Thoughts #16: Risk Is Part of Business & Why Certification Is Not the Goal

May 24, 2022

Here are the 4 ways to deal with the risk of business and everyday life... And why security certifications are a goal....

Fresh Thoughts #15: Vulnerability Zero Is A Terrible Idea & Consistent Secure Configuration

May 17, 2022

Vulnerability Zero is the idea that you should fix every vulnerability. Vulnerability Zero is a terrible idea. Here are seven reasons why...

Fresh Thoughts #14: The Emotional Rollercoaster of a Vulnerability Scan

May 10, 2022

Where else in life would you ask for a list of perceived flaws in excruciating detail? But that's precisely what a vulnerability scan is designed to do...

Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities

May 3, 2022

Some servers are like football supporters on a Saturday afternoon... And security certificates communicate information... quickly.

Fresh Thoughts #12: Lies. Statistics. Risk Transfer & Cyber Insurance.

April 26, 2022

Are you a hacker - by mistake? And watching an insurance underwriter decide if they will take on risk reminded me recently of being a new manager...

Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?

April 19, 2022

The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...

Fresh Thoughts #10: Risk is Not Unique & A Rotten Analogy

April 12, 2022

For some reason, cybersecurity folks seem to think they have a unique view of risk. But any business owner, investor or accountant knows - there are many types of risks we see...

Fresh Thoughts #9: Keeping on Top of Common Threats & Wasted Training?

April 5, 2022

Why use security awareness training when 90% is forgotten within 1 week? Security awareness training is about creating triggers. To cause people to "feel something isn't quite right".

radio antenna on a hill side picking up signals

Fresh Thoughts #8: Seeing Signals & Why Some Bugs are Unpatchable

March 29, 2022

Security awareness training teaches your team how to spot the signals used in scams. Once they see it...

Fresh Thoughts #7: The State of Cybersecurity Sales in 2022

March 22, 2022

Cybersecurity conferences are feeling nostalgic. Like it's 2010... but for some reason, no one is talking about the solution to ransomware. So we are...

Fresh Thoughts #6.5: Trust is Earned (Sometimes)

March 18, 2022

Trust should be simple. Trust is doing what you say you will - over time. Unless you're in cybersecurity, then...

Fresh Thoughts #6: Please. No More Security Soundbites

March 15, 2022

When you distil an idea too much, all meaning is lost. Security soundbites are contradictory and confusing. Time for a new project...

Fresh Thoughts #5: Password Managers Are Becoming Collateral Damage

March 8, 2022

Password managers are fundamental to better security practices. But since Christmas, LastPass and Chrome have been working to block each other. Why?

Fresh Thoughts #4: The Price of Cyber Insurance & Know Your Perimeter

March 1, 2022

The eye-watering price of cyber insurance renewals may be coming as a surprise... Let's have a look at why it's happening.

Fresh Thoughts #3: When Cyber Threats Are “Imminent” What Do You Do?

February 22, 2022

Doom! Doom! I say. What should you actually do when a cyber attack is imminent?

Fresh Thoughts #2: Zero Trust & Leading Indicators

February 15, 2022

Zero Trust is everywhere... but is it just another buzzword? And the trouble with looking at the wrong indicators.

Fresh Thoughts #1: Trouble Ahead for Cyber Essentials?

February 7, 2022

Are the new Cyber Essentials v3 cloud requirements possible for small & mid-sized businesses? Let's discuss.

Why is IT Asset Inventory Management Critical?

January 18, 2022

IT asset inventory management is one of the foremost security control measures. It increases the company's accountability and protects its assets.

Why it’s important to track what hardware you use?

December 13, 2021

You need to know what to protect before you can start creating cybersecurity processes and procedures.

How To Stop Hackers Getting In Your Business

November 11, 2021

Over the last two months, four businesses have approached me for support in managing their security breaches...

Planning meeting with group around a table looking at a woman working with post it notes on a whiteboard.

Top 10 Cyber Security Frameworks

October 11, 2021

An overview of the Top 10 cyber security frameworks - covering the UK's Cyber Essentials, CIS Security framework, ISO27001, NIST's Cybersecurity Framework and more.

It’s 2021 and We Still Don’t Know How to Give Password Advice

August 20, 2021

It’s 2021 and we still don’t know how to give password advice. If you look for password advice in 2021, you will get 2 very different sets of guidance.

Say What We're Not...

June 11, 2021

This Fresh Security Founder Friday we explore that sometimes it is easier to define what Fresh Security is not than what we are...

When Hackers Leak Data: Trik Spam Botnet, 2018

May 20, 2021

In June 2018, a threat intelligence analyst from Vertek Corporation unearthed a huge database. It contained 43 million email addresses. The analyst discovered the leak on a server of what’s known as the Trik spam botnet.

Account Takeovers Follow LinkedIn Data Breach, 2012 & 2016

April 14, 2021

On June 6th, 2012, LinkedIn responded to a seemingly harmless data breach that had occurred the day before...

Hacker Brags About Data Breach: Canva (2019)

February 11, 2021

On the 24th of May 2019, the Australian design platform Canva intercepted an attack as it was happening, but 139 million accounts were breached. Strangely, the hackers "gnosticplayers" bragged to the media and claimed responsibility within hours of being intercepted. But why?

Top cybersecurity threats and challenges of 2021 - Tonya Hall Show

December 17, 2020

15 Minutes Read

Fresh Security CEO - Jason Hart - stopped by the Tonya Hall Show for an end-of-year review and to share some ideas for 2021...

Competitive advantage of a red paper plane

Cyber security is a cost of doing business

November 6, 2020

Is security strategic or just a cost of doing business? While many talk about "investing in security", the reality is...

Jason Hart - Fresh Security CEO - speaking on a Webinar

Is it marketing or a data leak?

November 3, 2020

Your company's data is all over the internet... is that marketing? Or is it a data leak? Jason Hart shares his opinion.

Where Do Data Companies Draw The Line? Verifications.io Data Breach, 2019

October 8, 2020

On 25 February 2019 security consultant Bob Diachenko discovered an enormous database of emails and other personal information. Diachenko found that it contained 763 million records...

When Your Contact’s Address Book Gets Hacked: Covve (db8151dd) Data Breach, 2020

October 6, 2020

For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online. Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised.

Fresh Security Monthly Update - October 2020

October 5, 2020

For Fresh Security update for October 2020. We had the idea for Fresh Security almost exactly 12 months ago...

Are You At Risk of An Account Takeover? Onliner Spambot

October 1, 2020

Could highly visible people in your company have fallen victim to a spambot? Given that spambots have targeted billions over the years...

Illustration of a digital fingerprint made up of ones and zeros, slowly disintegrating into a pile of data.

Is Our Digital Footprint in Safe Hands? Part 2: Apollo Breach 2018

August 11, 2020

Continuing from our last blog, we're looking at another huge data breach of a data enrichment company, this time dating back to May 2018...

Is Our Digital Footprint in Safe Hands? Part I: People Data Labs (PDL) Breach 2019

July 30, 2020

Businesses that collect and sell data are, unsurprisingly, extremely juicy targets for phishing scammers and identity thieves...

stereotypical image of a hacker working in a dark room at night not showing their face

How Do Hackers Hack?

July 16, 2020

How Do Hackers Hack? In 3 simple steps. Find out as much information about you as possible. Find a weakness. Exploit the vulnerability and get in. Nothing has changed...

Keeping Grandma Out of Trouble With GDPR - Tonya Hall Show

June 30, 2020

Fresh Security CEO Jason Hart stopped in to chat with Tonya Hall about GDPR on her show, The Tonya Hall Show.

one bird standing on a phone line away from a larger group

Another Month, Another Way to Make Life Easier…

May 31, 2020

One of the greatest things we receive from the Fresh Security community is feedback. Lists of problems...

Fresh Security customer story from Clifton High School - education cybersecurity case study.

Customer Story: Clifton High School

May 1, 2020

Clifton High School was an early Fresh Security customer. In this customer story, James Webber explains how the school uses Fresh Security. As curriculum lead for digital learning...

Sat at a desk preparing the March 2020 Fresh Security community update

Fresh Security is Moving Faster 🏃

March 20, 2020