Cyber Security Archives - Prism Infosec

Insider Threat Simulation: A Red Team Perspective

Posted on 28th July 2025 by Prism Infosec

Most organisations focus their cybersecurity efforts on external threats; they invest in firewalls, intrusion detection, and endpoint protection. Insiders however are already on the networks, they are trusted and know where to find the corporate data stores. Preparing to manage that sort of threat is very different.

That’s where red team insider threat simulations come into play. These exercises mimic the actions of a malicious or compromised employee to test how resilient an organisation truly is when the attacker is already inside.

Insider threats are hard to detect. Unlike external attackers, insiders already have access to systems, credentials, and sometimes even elevated privileges; they don’t need to try and bypass external controls, they don’t need to conduct noisy reconnaissance, and they often don’t need to rely on malicious software.

When we test these sorts of scenarios, our simulations help answer crucial questions:

Can security tools detect abnormal internal behaviour?
Are data access policies and least privilege enforced?
How quickly can the SOC respond to an insider attempting data exfiltration?
Do employees know how to report suspicious behaviour from colleagues?

When we design these scenarios, we often need to consider the type of insider we are playing:

Compromised Employee Scenario: This simulation assumes a legitimate user’s credentials have been stolen (via phishing or password reuse). The red team uses these credentials to move laterally, escalate privileges, and access sensitive systems, just as a real attacker would — without triggering alerts.

Rogue Insider with Intent: In this simulation, the red team acts as a disgruntled employee with legitimate access. The goal is to test how much damage a single individual can do from within without raising red flags.

Privileged Abuse Scenario: Red teams mimic an administrator abusing their elevated access. This tests both technical controls and oversight mechanisms.

Social Engineering Internally: Sometimes the threat isn’t technical at all. Red teams may simulate internal social engineering — convincing employees to reveal credentials or grant inappropriate access.

Building on these, and what makes these scenarios valuable, is understanding what the detection and response capabilities are like in relation to them:

Logging & monitoring: Are internal actions logged, and are alerts in place?
Data loss prevention (DLP): Can sensitive files be transferred to USB, personal email, or cloud apps?
Behaviour analytics: Are unusual login times or large file transfers detected?
HR + Security alignment: Are behavioural red flags being communicated and followed up?

Insider threat scenarios are uncomfortable for many organisations. Many are aware they have blind spots, and they will struggle to detect and prevent these sorts of threats, however, it is for precisely these reasons that they should be included and tested.

If you would like to know more, please reach out and contact us:

Prism Infosec: Cyber Security Testing and Consulting Services

UK Government Proposes Ban on Public Sector Ransomware Payments

Posted on 23rd July 2025 by Prism Infosec

On 22nd July 2025, the UK Government announced a significant legislative proposal aimed at reducing the incentive for ransomware attacks. Under the proposed law, public sector bodies and operators of Critical National Infrastructure (CNI) — including schools, local councils, the NHS, utilities, and data centres — would be prohibited from paying ransoms to cybercriminals.

The intention behind this move is to make these organisations less attractive targets for financially motivated threat actors. By clearly signalling that ransom payments are not an option, the Government hopes to deter attacks on the public sector altogether.

While the ban would apply only to public sector and CNI organisations, private companies would still be permitted to consider paying ransoms — but with a new requirement: they must notify the UK Government of any intention to make such a payment. This step would allow the Government to offer guidance, and assess and advise whether the payment could breach existing laws, such as sanctions regulations.

The implementation timeline for this proposal has not yet been confirmed. However, the announcement follows a public consultation in which nearly 75% of respondents supported the measure.

At Prism Infosec, we support efforts to reduce the impact of ransomware and limit the profitability of these attacks. However, we recognise that the proposed legislation could have unintended consequences. Organisations may still be tempted to pay ransoms covertly, particularly if they feel they have no other viable recovery options. This approach carries serious risks — including legal, reputational, and operational consequences — especially if payments are made in breach of sanctions or reporting requirements. Furthermore, the proposed legislation also makes note that penalties for breaching the legislation are also being considered.

As always, we strongly encourage all organisations to prioritise robust cyber security measures, incident response planning, and open communication with authorities in the event of an attack.

Further details on the Government’s proposal can be found here: https://www.gov.uk/government/consultations/ransomware-proposals-to-increase-incident-reporting-and-reduce-payments-to-criminals

How We Got Here: A Brief Reflection on Cybersecurity’s Foundations

Posted on 14th July 2025 by Prism Infosec

Computer technology as we know it, has existed for the merest blip of time in human history. In less than 90 years we have gone from valves and punchboards to pushing the boundaries of quantum states in an attempt to achieve computations that would take millions of years to achieve otherwise. We landed people on the moon with computers that were no more powerful than graphing calculators available at schools in the 1990s. To me, that is astounding. You could argue, that the field of cybersecurity although known as an alternative name, was born at the same time as Colossus, with the first code breakers using it to attack Axis powers’ encryption.

Regardless, it wasn’t until computers became more accessible and people were given the opportunity to experiment more freely that the first virus was created in the early 1970s with the Creeper Virus; the first anti-virus, Reaper followed shortly after that. Since then, we have seen an escalating rise in offensive and defensive computer capabilities grow. When the 1990s rolled around, computer interconnectivity exploded into homes and businesses around the world and the internet as we know it today took shape (the internet in fairness has existed since the 1950s but it didn’t become wholesale accessible until the 1990s).

Why mention this? Context. Computers, networks, and widespread computer literacy only started to become a thing just over 30 years ago. People who grew up in that generation, grew up with access to these tools and capabilities, and yet those capabilities became widespread almost overnight, with businesses thrown into the deepend of needing to adapt and adopt to keep up and remain competitive. They did that without expertise in the board rooms, without considering how they would implement those capabilities securely, and had to learn the hard way what the impact of this technology would be.

Today we are dealing the adoption of those systems and the speed with which they came into play. The generation that grew up programming VCRs, coding on BBC Micros, grabbing gaming magazines for cheat codes, are now entering board rooms and making decisions for the next generation. We have to keep in mind that when a red team comes in, and takes a look at a network and identifies issues like poor credential hygiene, poor network segmentation, ineffective access controls, and improper administration tiering, we are looking at a network that may have been designed, torn up, merged, reimplemented, and reconfigured multiple times over decades with no one starting fresh and building to principles we now recognise as necessary for security rather than competitiveness. That does not excuse these issues, but we do need to be cognisant of how we got here, and recognise that we are still in the infancy stages of changing mindsets as we adapt to the implications of this technology and recognise that bolting on random security products will not solve the problems if we don’t address the foundations we started with.

If you’d like to explore how red teaming can help you uncover and address these foundational risks, feel free to get in touch.

Prism Infosec: Cyber Security Testing and Consulting Services

Underinvestment in Cybersecurity

Posted on 27th June 2025 by Prism Infosec

In the last few decades IT systems have become a significant factor for every industry, increasing productivity, improving service offerings and increased the speed at which companies can deliver services. It is only right therefore that we ensure that these systems are not abused, damaged, or misused in a manner which can undermine the organisation or its customers.

Whilst every industry wants to ensure that their IT systems was continuing to deliver massive benefits to them, the cost of securing such systems and ensuring they remain secure is an area in which many companies underspend as security is often viewed as a cost centre with no discernible benefit. This is because of a combination of economic, psychological and organisational reasons.

Cybersecurity is seen as a cost, not an investment. This is because there is no immediate rerun on the investment as it does not generate visible revenue, and its hard to quantify the benefit of an attack not happening. if it is working and effective, there is no loss of service.

Companies will also often underestimate the risks they are running. Too many believe there are too small or unimportant to be targeted, without the consideration that any income a threat actor can squeeze out of a business regardless of their size makes them a potential victim. This can also be attributed to lack of awareness at how damaging cyberattacks can be. Not every attack needs to result in ransomware – sometimes you can be a victim purely because of who your clients are, the data you hold, or because of who you are affiliated with. Not to mention opportunistic criminals who would seek to abuse your IT systems to mine cryptocurrencies!

On an organisation level, there can be many factors for underinvestment. This can be a result of the c-suite not really understanding technical threats or how to prioritise them in the context of the business. CISOs can struggle to make the business case for financial investment when competing with other growth-oriented spending like sales. There can be an overconfidence in existing defences – the fallacy that anti-virus and firewalls is all that is needed to keep you secure, combined with a “check-the-box” approach to compliance can give a false sense of security.

What we see time and time again is that too many organisations only invest in their security after a breach or regulatory penalty. Security has traditionally only been prioritised after a failure, and not before one.

These issues have been identified by regulators in the financial industry, and beyond. This is why schemes such as CBEST exist. Not to force companies to spend money where they would rather not, but to validate the security spends, demonstrate the impact at board level for underinvestment and enable companies to move from a reactive culture to a proactive one. These types of regulator led tests are not pass/fail events. They are about ensuring that organisations build resilience and capability, and maintain the trust they have worked hard to gain from their customers.

Prism Infosec are proud to be part of this industry – security should be a priority for every organisation and not just the regulated ones. We want to help our clients on their security journey, raising awareness, demonstrating the value of security investments, and supporting them to be trusted, secure and robust whilst achieving their goals.

If you would like to discuss how Prism Infosec can help your company, then please reach out to us:

Prism Infosec: Cyber Security Testing and Consulting Services

Cyber Threats & The Boardroom

Posted on 13th June 2025 by Prism Infosec

In cybersecurity, the prevalent and growing threat from criminals is ransomware operations. This is where a threat actor manages to establish a foothold into an organisation, will try to position themselves to gain control of the organisation’s data, will often steal some or all of that data, and then encrypt as much of it as they can. They will then contact the organisation and demand payment to restore that data, often they will also use the stolen data they have in their possession to prove their access, and use it to blackmail the organisation into paying, or sell it on to other threat actors. Regardless of the outcome, the impact to the organisation is usually severe with losses to share price, customer confidence, massive operating cost increases, and additional supply chain knock on effects. These attacks have crippled many organisations and the number of attacks continues to grow. They cannot be treated as purely an IT department issue and often sit as a risk with the board.

The UK and the EU have started to take steps to raise the priority of defending against these sorts of issues through DORA (the EU Digital Operational Resilience Act) and the CSR (the UK’s Cyber Security and Resilience Bill). These empower regulators and appropriate bodies to take action against firms that fail to address specific threats, sometimes with significant fines. Whilst many organisations do invest in security systems, they have insurance, and they even sometimes have third party incident response retainers, properly exercising those systems is often seen as too costly and too impactful for the business. This is unfortunately short-term thinking, as most organisations have no idea how effective these systems actually are until they are tested under fire and fully utilised to determine if what is down on paper, will match reality should the worst happen. It’s a bit like installing a fire alarm in a house but never actually testing it to see if it works, and instead just hoping it will if a fire breaks out.

In Red Teaming simulations, companies like Prism Infosec will often assume the role of these real world threat actors to help an organisation understand how vulnerable they are to these sorts of attacks, and to help them exercise their incident and response systems. This gives an organisation the ability to understand how staff and their systems react if a threat actor manages to gain a foothold.

These simulations however are only effective when the executive body of an organisation engage with them to understand the identified risks, and put emphasis on addressing them.

Passwords

Posted on 11th June 2025 by Prism Infosec

NIST, like the NCSC have updated their password guidance. It is now no longer advisable to set them to be random strings of nonsensical letters, numbers and symbols. The focus is now on password length, by stringing together multiple words. Inclusion of uppercase, and symbols or numbers is still helpful, to make them even harder for threat actors to guess. It is also no longer advisable to rotate passwords frequently – instead, passwords should be checked against known bad lists and breaches should be monitored. If the password is identified in those lists, or an incident occurs with the associated account, then it should be rotated.

Frankly it’s about time these caught up with the realities of the real world. Users will often choose weak but easy to remember passwords, and deliberately craft them to match password complexity rules. Often these will be incremented by a digit when a forced expiry occurs. This makes them extremely weak and vulnerable – especially once the pattern is identified!

At Prism Infosec we often don’t need to breach systems with fancy exploits due to poor credential management practices. We often get asked to help clients conduct credential audits by performing cracking exercises and testing against known bad lists to support them whilst they are updating their internal guidance and strategy.

Updated guidance:

NIST Special Publication 800-63B

Password policy: updating your approach – NCSC.GOV.UK

DORA

Posted on 9th June 2025 by Prism Infosec

The Digital Operational Resilience Act (DORA), the EU regulation that came into force in January 2025, and affects financial entities and their suppliers mandates Threat-Led Penetration Testing (TLPT), alongside Risk Management for third parties, information sharing and incident reporting. The full impact of DORA’s requirements is still be absorbed by the industries it affects, and the full implications of getting all of these systems tested to meet compliance has yet to be realised, with elements such as the The TLPT element is still being worked through, but we do know that TIBER tests will satisfy the requirements, and that financial entities will only use testers for carrying out TLPTs, that:

Are of the highest suitability and reputability;
Possess technical and organisational capabilities and demonstrate specific expertise in threat intelligence, penetration testing and red team testing;
Are certified by an accreditation body in a Member State or adhere to formal codes of conduct or ethical frameworks;
Provide an independent assurance, or an audit report, in relation to the sound management of risks associated with the carrying out of TLPT, including the due protection of the financial entity’s confidential information and redress for the business risks of the financial entity;
Are duly and fully covered by relevant professional indemnity insurances, including against risks of misconduct and negligence.

At Prism Infosec, we not only meet these requirements with our accreditations as a CBEST, STAR-FS and STAR TLPT supplier in the UK, but we are also recognised by the National Bank of Belgium’s TIBER-BE team as a supplier of TLPT services.

Regulation – 2022/2554 – EN – DORA – EUR-Lex

The Quantum Spectre at the Banquet

Posted on 6th June 2025 by Prism Infosec

Quantum is tipped to be the next big thing in computers, and it has been for some time – in fact it was first conceived in the 1980s; however the issue was not really considered until the mid-1990s. Now, it’s seen as a potential game changer in the world of cryptography, where the world’s secrets will be laid bare and the privacy will be compromised unless we can develop post-quantum cryptography.

Unlike present day computers, which use bits (1s and 0s – basically on and off) for representing states, quantum computers use qubits (these can be both 1 and 0 simultaneously – a state known as superposition) which are considerably more efficient and permit the computer to conduct complex parallel calculations faster than traditional computers, exponentially faster. In theory, a calculation that would take a present-day computer millions of years to find, a quantum computer could do in minutes.

The technology though has a few issues, for one, qubits are extremely fragile, environmental factors can interfere with them, and as a result they need specialised architecture and error correction to compensate, and for the technology to actually threaten cryptography as it currently exists, it will need considerably more qubits than we currently are capable of building into our architectures. The most qubits we can currently create in a stable architecture is about 1000, whilst NIST theorises that in order to properly threaten cryptography potentially millions of qubits would be needed and they would need to operate in a near error free state – something we are nowhere near close to reaching.

This does not mean we should be complacent; we also need to be practical. The cost and technology for a threat actor to build a practical quantum computer is still some significant time away, and when we start to reach that threshold, it will likely lie in the space of militaries and governments seeking to gain strategic advantages over their rivals. In practical cybersecurity terms quantum is viewed as a theoretical threat that may well eventually manifest, but it’s a next decade problem in a present-day world of patching and data hygiene issues. Whilst it is right we should be mindful and challenge vendors to consider how they will address quantum; we also need to avoid doom mongering and hype by staying focussed on the issues that we currently have rather than focus on possible problems in a decade.

Prism Infosec Appoints Andrew Turner as Chief Commercial Officer

Posted on 5th June 2025 by Prism Infosec

Cybersecurity consultancy Prism Infosec, with offices in Cheltenham and Liverpool, is pleased to announce the appointment of Andrew Turner as its new Chief Commercial Officer (CCO).

Andrew brings a wealth of experience in cybersecurity and commercial leadership. He holds a degree in Computer Information Systems Design from Kingston University and most recently served as Vice President of Sales, EMEA at VikingCloud. Prior to that, he held senior commercial roles at leading cybersecurity consultancies including F-Secure and Context Information Security, where he was instrumental in driving growth and expanding market presence.

“The opportunity to join a business like Prism, with its outstanding technical capabilities and prestigious client base, presents a fantastic platform for growth,” said Andrew. “I’m excited to work alongside the team to develop new service offerings, strengthen existing client relationships, and expand into new verticals where our specialist approach can deliver real value.”

In his role as CCO, Andrew will lead the development of Prism Infosec’s commercial strategy, focusing on scaling the business and deepening its footprint within the FTSE 250 and other key markets. His appointment marks a significant step in the company’s growth journey.

“We’re thrilled to welcome Andrew to the leadership team,” said Phil Robinson, CEO at Prism Infosec. “He brings a deep passion for cybersecurity, along with a proven track record of building high-performing teams, delivering commercial value, and consistently exceeding client expectations. Andrew’s experience in scaling businesses will be instrumental as Prism Infosec continues to grow. His strategic insight and commercial acumen have helped organisations expand into new markets, strengthen client relationships, and drive sustainable revenue growth.”

Prism Infosec Launches Vulnerability Remediation Service

Posted on 4th February 2025 by Prism Infosec

Prism Infosec is proud to announce the launch of a remediation service line that will enable organisations to promptly implement effective fixes for vulnerabilities identified during engagements. The remediations service connects organisations with Prism Infosec’s team of IT and security experts to deliver tailored solutions that address vulnerabilities while ensuring compliance with industry standards and minimising operational disruptions.

Through leveraging Prism Infosec’s in-depth understanding of vulnerabilities and effective mitigation strategies, organisations can take advantage of a comprehensive vulnerability management service spanning from discovery to resolution, working collaboratively with our teams to develop and implement effective remediations.

Often, after an engagement, organisations are left burdened with the challenging task of resolving a large number of complex vulnerabilities and configuration issues, without the necessary expertise or resources to effectively address them. Prism’s remediation service aims to alleviate this challenge by providing a dedicated team of IT and security professionals to guide organisations from discovery to resolution.

“Post-engagement, organisations often find themselves at a crossroads, with identified vulnerabilities but no clear path to remediation. Naturally, we are seeking to bridge that gap between discovery and resolution by providing an end-to-end service that leaves organisations confident with their security posture. We’re delighted to build on our reputation further by leveraging our extensive in-house talent to deliver more value to our clients through remediation services.” – Ollie Stepney, Head of IT & Remediation Services at Prism Infosec.

Our remediation services will be available to our clients as an extension of engagements, providing a natural progression from the identification and assessment phases. This approach ensures that organisations can immediately begin addressing vulnerabilities without any gaps. Remediation services will also be available as an offering within our Cyber Security as a Service platform, Luxis^AI and via direct engagement as organisations look to improve their security posture in support of any certification or regulatory requirements.

“I am delighted that Prism Infosec has developed the in-house capability to support our clients with remediation services following the end of a security test or consultancy engagements. Always working in partnership with our clients, we understand that there is much to do beyond assessments and audits and sometimes remedial activity can lead to complex and/or overwhelming challenges to solve. Prism Infosec will support our clients every step of the way in partnership to ensure that vulnerabilities and weaknesses are appropriately addressed and without introducing new security risks.” – Phil Robinson, CEO at Prism Infosec.

Key to the remediation service, expansive documentation offers transparency throughout the process. Recognising the value in not only resolving vulnerabilities but also providing detailed information about the issues addressed, the reasoning behind the fix, and the specific steps taken to remediate. This comprehensive documentation allows organisations to gain a deeper understanding of their vulnerabilities, the recommended mitigations for them, and best practices moving forward.

If you are interested in learning more about our remediations service and how it can benefit your organisation, please contact your account manager or email us at remediations@prisminfosec.com for more information.