8 November 2024
This white paper examines the Digital Operational Resilience Act (DORA), an EU regulation aimed at strengthening cybersecurity and operational resilience in the financial sector. It details compliance requirements, including threat-led penetration testing, and highlights DORA's role in mitigating cyber risks, ensuring service continuity, and enhancing third-party risk management.
22 April 2024
This white paper explores the contrasting regulatory frameworks for artificial intelligence (AI) in the European Union and the United Kingdom. It aims to illuminate their implications for AI system creators and provide a guide for navigating these diverse legal landscapes.
27 February 2024
The Bank of England is working to ensure that the financial sector in the UK is resilient to any disruptions to its operations. The financial sector includes banks, building societies, insurers, and financial market infrastructure providers (FMIs). They carry out this work together with the UK’s two other financial authorities: HM Treasury and the Financial Conduct Authority.Operational disruption to important business services could impact financial stability, threaten the safety and...
31 October 2023
With an ever-growing threat facing HM Government (HMG), cyber security capability has become ever more important and critical to ensuring the UK remains safe and secure. GovAssure is an enhanced cyber security programme that has been implemented by HMG to ensure HMT IT systems are protected from this growing threat. GovAssure is run by the Cabinet Office’s Government Security Group (GSG), with input from the National Cyber Security Centre (NCSC). This whitepaper aims to explain and provide...
31 August 2023
There are very few threats that are faced by individuals, organisations and governments alike; at the precipice of them all, in our current age, are cyber-attacks. Any number of actors, be they state-backed, hacktivists or organised criminals, have the potential to circumvent the security procedures and barriers created to protect information of value. The UK Ministry of Defence (MoD) has now released a new policy for managing the through-life cyber security of projects and programs, to...
30 August 2023
In the ever-evolving landscape of cybersecurity, recent scrutiny has unveiled two critical vulnerabilities within CraftCMS, identified as CVE-2023-36259 (Stored XSS) and CVE-2023-36260 (DoS). The first vulnerability, CVE-2023-36259, highlights a Stored Cross-Site Scripting flaw stemming from deficient input validation within CraftCMS's Audit Plugin. Malicious actors are able to exploit this vulnerability by introducing malevolent JavaScript code during the user creation phase.
29 August 2023
AMR CyberSecurity has recently been accepted into the CREST OVS scheme, demonstrating our commitment to maintaining the highest standards of cybersecurity excellence. CREST OVS is a quality assurance standard for the global application security industry, providing mobile and web app developers with greater security assurance and accredited organisations with enhanced access to the growing app development industry.
28 July 2023
The rapid advancements in Artificial Intelligence (AI) and Machine Intelligence (MI) technologies have brought about a paradigm shift in various industries, including cybersecurity. As organisations increasingly adopt AI and MI solutions, it is crucial to assess their impact on compliance with the Payment Card Industry Data Security Standard (PCI DSS). This white paper aims to explore the profound implications of AI and MI on PCI DSS compliance and discuss how organisations can leverage these...
31 May 2023
In today's interconnected world, supply chain security has become an essential element of cybersecurity. As businesses increasingly rely on third-party vendors and suppliers, the potential for a breach or attack through the supply chain has become a significant concern. Organisations must understand the security implications of their supply chain and implement suitable controls to mitigate risks.
31 May 2023
Martin Walsham from AMR CyberSecurity discusses the benefits of implementing a purple team assessment process and provides a high-level structured approach to implementation.
15 February 2023
Tom Miller from AMR CyberSecurity describes how organisations can best defend against, detect and respond to cyber-attacks. Many organisations are concerned about potential and actual cyber security attacks, both on their own organisations and through the supply chain. Dealing with cyber security incidents – particularly sophisticated cyber security attacks – can be a daunting, difficult task, even for the most advanced organisations. The best way to shield against attack is to...
15 December 2020
It recently been highlighted within the wider computer security industry that SolarWinds products are a supply chain risk. Specifically, the Orion platform are critically vulnerable to a remote attack known as “SUNBURST Backdoor” due to some legitimate products from the orgnisation being trojanised with malware during an update permitting a back door into orgnasitation's networks and the data contained on the platform. The SolarWinds Orion product is used to monitor and optimise IT...
20 November 2020
With the growing trend of ransomware attacks on large established organisations and brands over the last quarter; such as IT service provider 'Sopra Steria' and more recently the beverage brand and manufacture 'Campari'. The Ransomware risk has shown no traction in stopping, or what industries and sectors are being targeted. With many organisations having to invest significance resource to manage this risk. AMR CyberSecurity has researched this risk and outlined the key information, risks...
