Insights

As cyber threats grow in complexity, the debate continues—should organisations rely more on automation or human expertise? The reality is that the strongest security strategies integrate both, leveraging cutting-edge technology to enhance human capabilities rather than replace them. At Integrity360, we believe this balance is the key to a resilient security posture, and is be the central theme of our Security First 2025 conferences starting this week!

Important Update on PCI DSS SAQ A Eligibility Criteria

The PCI Security Standards Council (PCI SSC) has published a new Frequently Asked Question (FAQ 1588) to help businesses better understand the updated eligibility criteria for Self-Assessment Questionnaire (SAQ) A under PCI DSS v4.0.1. These new requirements will take effect on April 1, 2025 and are especially important for e-commerce merchants using embedded payment pages (like iframes).

Overview: 

MITRE Caldera is an open-source cyber security platform designed for automating adversary emulation, red teaming, and threat hunting. It allows security teams to simulate real-world cyber threats, test defences, and improve incident response. 

With the skills gap growing, finding the right IT security professionals can be a daunting task. CyberConnect360, powered by Integrity360, is here to simplify that process. Our resource placement service connects businesses with top-tier cyber security talent, ensuring the perfect match for critical roles. This FAQ provides insights into how CyberConnect360 works and why it stands out from traditional recruitment services.

Cyber security threats are growing more sophisticated by the day and organisations need to stay ahead of adversaries by continuously refining their security strategies. One powerful approach is Purple Teaming—a strategy that bridges the gap between offensive and defensive security tactics. But what exactly is Purple Teaming, and how does it enhance an organisation’s security posture? Let’s take a closer look at this critical aspect of cyber security testing.

Artificial intelligence (AI) is revolutionising industries, and cybercrime is no exception. While organisations explore AI-driven security solutions, threat actors are leveraging the same technology to enhance their attacks—making them faster, more sophisticated, and more targeted than ever before. 

The Payment Card Industry Security Standards Council (PCI SSC) has announced significant updates to Self-Assessment Questionnaire A (SAQ A), particularly affecting e-commerce merchants. These changes, taking effect on 31 March 2025, remove certain requirements and introduce new eligibility criteria that require merchants to strengthen website security and protect against malicious script attacks.

As businesses are increasingly reliant on technology, the need for robust security measures has become more important than ever. With cybercrime showing no signs of slowing down, organisations must take proactive steps to protect their data and systems from malicious threat actors.  

Adhering to frameworks such as NIST, DORA, NIS2 and ISO 27001 not only ensures that your organisation is secure but also enhances your reputation, fosters client trust, and sharpens your operational resilience. In this blog, we'll explore how compliance can give your organisation a competitive edge and how Integrity360 can support your compliance journey. 

The UK government’s latest ransomware proposals aim to shield businesses and public services from ransomware attacks that cost the economy billions annually. These proposed new measures aim to target the financial lifelines of cybercriminals by banning ransomware payments from public sector bodies and critical national infrastructure organisations, such as the NHS, local councils, and schools. The government’s approach also includes mandatory ransomware incident reporting to bolster law enforcement’s ability to disrupt criminal networks.

CVE-2025-21298 is a critical vulnerability present in the windows OLE that enables a remote code execution with a CVSS severity of 9.8. Object Linking and Embedding (OLE) is a proprietary technology developed by Microsoft that allows embedding and linking to documents and objects.

According to a new report released by ISACA. The European cyber security landscape is grappling with a widening skills gap, raising alarms for businesses needing to protect themselves from cyber threats. A recent report highlights that the majority of organisations are struggling to find professionals equipped with the necessary expertise.