Category: Cybersecurity

For two decades, the cybersecurity world has relied on a single source of truth: the US National Vulnerability Database (NVD). If a vulnerability existed, it had a CVE ID, and the NVD told you how bad it was. But in 2024 and 2025, that foundation cracked. Funding disputes and massive backlogs left the NVD largely stagnant, forcing the world to wake up to a dangerous reality: we had a single point of failure for global digital security. In response, the European Union has just launched the European Vulnerability Database (EUVD), a move that signals a permanent shift toward digital sovereignty. But where does this leave the UK, caught between a faltering US giant and a new European fortress it has just left? What these developments mean for vulnerability programs in the EU and the UK? 🇪🇺 The EU Perspective: Strategic Autonomy & Resilience For the European Union, the launch of the EUVD (managed by ENISA) is not just a technical backup plan, it is a declaration of independence. 1. Decoupling from US Instability The recent Reuters reports on US funding running out for the NVD highlighted a critical risk: European security cannot depend on the US Congress passing a...

Continue reading

The UK government is taking bold steps to protect our digital infrastructure from cyber threats. Two major initiatives: the Cyber Security and Resilience Bill and the Government Cyber Action Plan are working together to create a safer digital future for everyone. Why This Matters to You? Cyber attacks aren’t just technical problems, they affect real lives. When cyber criminals strike, vital public services can go offline in minutes, disrupting daily life and eroding public confidence. Whether you’re switching on lights, accessing safe water, using NHS services, paying taxes, or applying for benefits, you rely on digital systems that need robust protection. The Cyber Security and Resilience Bill: Stronger Defences for Essential Services Introduced to Parliament in November 2025, this legislation will strengthen UK defences against cyber attacks and better protect services that the public relies on. It builds on existing regulations to create more comprehensive protection. What the Bill covers? The legislation focuses on essential and digital services across multiple sectors. Energy providers, water companies, healthcare services, transport networks, and data centres will all need to meet higher security standards. This means the organisations that keep our country running will have clear requirements to defend against cyber criminals and...

Continue reading

As we start to navigate 2026, Gartner’s latest strategic technology trends reveal a fundamental shift in how organizations must approach cybersecurity. Speaking at the recent Gartner IT Symposium, analysts emphasized that we’re entering a period where disruption, innovation, and risk are expanding at unprecedented speed Gartner. For CISOs, this means rethinking security strategies from the ground up. Here are my thoughts after readding some of the recent Gartner publications: The Paradigm Shift: From Reactive to Preemptive The cornerstone of Gartner’s 2026 cybersecurity vision is Preemptive Cybersecurity, identified as one of the top 10 strategic technology trends. This represents a fundamental departure from traditional detect and respond models. Gartner forecasts that by 2030, preemptive solutions will account for half of all security spending Gartner, as organizations shift from reactive defense to proactive protection. The concept centers on using AI powered security operations, programmatic denial, and deception techniques to anticipate and neutralize threats before they materialize. As Gartner VP Analyst Tori Paulman explains, “Preemptive cybersecurity is about acting before attackers strike using AI powered SecOps, programmatic denial and deception. This is a world where prediction is protection.” Gartner For CISOs, this means investing in technologies that can predict attack paths, simulate...

Continue reading

2020 – what a year has it been so far… The world around has changed so much, so quickly. I wont touch here how serious the economical after effect is going to be, for everyone’s sake, including mine. 2020 and COVID-19 has already marked it’s place in the history. I still remember reading this article on 3rd of Jan 2020: Company shuts down because of ransomware, leaves 300 without jobs just before holidays. The actual company closure has been announced on 2nd슠 of Jan. To cut the story short – the company has been hit with a ransomware attack and they’ve decided to pay the ransom hoping to get keys to their data back. What has happened next? They got asked for payment again, and again, and they’ve kept paying. And this has resulted in 300 people entering 2020 without a job. It was a very unpleasant read to me personally. The beginning of 2020 was not all bad news: The new decade has begun relatively well, with a six-month low of only 61 disclosed cyber security incidents. (and only 1.5 billion records breached, source). It will be interesting to see how the 2020 is going to end in...

Continue reading

A while back I have come across a short but very interesting book ‘Finite and Infinite Games‘ by슠 James Carse. I’ve really enjoyed the read and thesis around looking at pretty much everything in life as a game, be it, for example, business outcomes, personal targets or career. In a nutshell, a finite game can be defined as: – players are known prior to the game commencement – fixed rules – agreed-upon objectives – chess, football, basketball – we declare the winner and the game is over And then, there is an infinite game: – players can be known and unknown – the rules and players are changeable – and the objective is to keep the game in play to perpetuate the game I personally really like this approach as it can be applied to many aspects of life and can be an interesting way of looking about everything we do – what our goals are and how we are approaching them. I think this resonates particularly well in regards to a cybersecurity strategy. Let’s take a very quick look at what’s been happening in the security industry over the recent years and what the trends have been like:...

Continue reading