The Data Privacy, Compliance and Risk monthly newsletter from ISMS.online – December 2024
As we wrap up 2024, we want to thank you for being part of our journey this year. It's been a year of growth and milestones, from earning 8 G2 badges (including GRC Compliance Leader) to growing to 45,000 active users and being named one of the best companies to work for.
We hope you enjoy our final newsletter of the year and wish you a joyful and peaceful festive season. See you in the new year!
Latest Blogs
Rebecca Harper breaks down the NCSC Annual Review 2024, highlighting key threats such as ransomware, AI, and supply chain security and examines proactive measures for businesses to build resilience.
Phil Muncaster explores how the emergence of quantum computing could undermine public key cryptography, examining the ICO's guidance on 'crypto agility' and best practices businesses to safeguard sensitive data.
Reflecting on 2024's cybersecurity challenges, Phil Muncaster highlights key trends such as Australia's Cyber Security Strategy, rising AI threats, and new regulations like NIS 2 and DORA shaping global security practices.
Exploring the potential and privacy risks of emotion-reading wearable technology, with insights from Duke University professor Nita Farahany, Danny Bradbury highlights concerns over brain data privacy and the need for regulatory safeguards.
Christie Rae shares how ISMS.online achieved recertification for ISO 27001 and ISO 27701 alongside Cyber Essentials, offering tips on audit preparation, insights from IMS Manager Mike Jennings, AfCIIS , and the value of an integrated approach to people, processes, and technology.
Phil Muncaster outlines five key cybersecurity trends for 2025, offering insights into tackling generative AI-powered phishing, addressing the convergence of nation-state and cybercrime activity, and navigating significant shifts in UK regulatory compliance with new legislation.
Latest News
British hospitals hit by cyberattacks still battling to get systems back online
Children's Hospital and cardiac unit say criminals broke in via shared 'digital gateway service' > Read more
Meta to pay landmark $50 million settlement over privacy scandal
Meta has agreed to a landmark $50 million settlement with Australia's information commissioner. > Read more
Hacker Leaks Cisco Data
IntelBroker has leaked 2.9 GB of data stolen recently from a Cisco DevHub instance but claims it's only a fraction of the total. >Read more
Recommended by LinkedIn
Rhode Island hit by data breach as hackers demand ransom
Rhode Island has suffered a severe cyberattack that has potentially exposed the personal data of hundreds of thousands of residents. > Read more
Phishers cast wide net with spoofed Google Calendar invites
Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organisations. More than 4,000 emails have been sent over four weeks. >Read more
Texas Tech University System data breach impacts 1.4 million patients
The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. >Read more
Ransomware attack on Blue Yonder disrupts retailers ahead of holidays
Starbucks, Sainsbury and Morrisons are among the companies affected by the supply chain attack. >Read more
Free Resources
Check Out The Latest Episodes of the Phishing For Trouble Podcast
Episodes 1 to 5 of our brand-new podcast are live, diving into high-profile cybersecurity and compliance incidents to uncover critical lessons and practical tips to help businesses stay secure and resilient.> Listen Now
GUIDE: AI Management Made Easy: The No-Stress Guide to ISO 42001
With enforcement dates for the EU AI Act fast approaching, now is the perfect time to start thinking about your AI compliance and management. Our comprehensive guide offers a deep dive into the fundamental principles of ISO 42001 and practical steps to achieve compliance and unlock effective AI management in your business. >Download Now
WEBINAR: Transitioning to ISO 27001:2022: Key Changes and Effective Strategies
From 31 October 2025, ISO 27001:2013 certificates will be invalid, requiring organisations to transition to ISO 27001:2022. Our on-demand webinar covers the critical changes between the 2013 and 2022 versions, provides a clear roadmap to transition effectively, and highlights the benefits of adopting the latest standard. > Watch Now
Your Compliance Success Story Starts Here
If you're looking to start your journey to better information security and data privacy management, we can help.
Our ISMS SaaS platform enables a simple, secure and sustainable approach to information management with ISO 27001, SOC 2, NIST and over 100 other frameworks. Unlock your competitive advantage today.
Follow us on social media.
SEO/Content Writer | B2B SaaS| Compliance Analyst in Training | Helping businesses grow with ease | Content on marketing, technology, and law
1wAwesome stuff. 🎉