Next month, the annual Most Inspiring Women in Cyber Awards will take place at The BT Tower, London, celebrating some of the industry’s most inspirational – and oftentimes unsung – women.

Sponsored by Fidelity International, BT, Plexal and Bridewell, and proudly supported by industry-leading diversity groups WiTCH, WiCyS UK&I and Seidea, the 2026 event is set to be bigger than ever. To make sure everyone has had the chance to nominate, we’ve extended the nomination deadline until the 16th January 2026, 5pm GMT. 

For now, it’s time to introduce our 2026 judges, who have the exceptionally hard task of picking this year’s top 20 and five ones to watch… 

• Yasemin Mustafa, Director of the Cyber Security Portfolio at BT 
• Adam Haylock, Head of Global Cyber and Information Security Department at Fidelity International 
• Rebecca Taylor, Co-Author of Co-Author of Securely Yours: An Agony Aunts’ Guide To Surviving Cyber, and Threat Intelligence Knowledge Manager and Researcher at Sophos
• Adaora Uche, GRC Lead at THG (representing Seidea) 
• Joanne Elieli, Cyber Lead and Litigation Partner at Stephenson Harwood LLP
• Diane Gilbert, Senior Lead for Programmes at Plexal 
• Yvonne Eskenzi, Co-Founder of Eskenzi PR and Founder of The Most Inspiring Women in Cyber Awards
• Jennifer Cox, Director of Solutions Engineering, EMEA and APAC, at Tines (representing WiCyS UK&I)
• Hannah Arnold, London Ambassador for WiTCH – Women in Tech & Cyber Hub

The Gurus spoke to some of our judges about the 2026 awards and what they’re looking for in a good application. 

Adaora Uche, GRC Lead at THG 

Why are initiatives like this so important?

Initiatives like this matter because visibility changes possibility. Cybersecurity is still an industry where many women don’t see themselves reflected in leadership, technical authority, or decision-making roles. By intentionally spotlighting women who are doing impactful work, we challenge outdated perceptions of who belongs in cyber and what success looks like.

Beyond recognition, these initiatives create role models, momentum, and community. They validate the work women are already doing – often quietly and behind the scenes, and help open doors for others who are earlier in their journeys. Representation is not just symbolic, it is a powerful driver for inclusion, retention, and long-term change in our industry.

Why should people nominate?

People should nominate because inspiration often goes unrecognised unless someone speaks up. So much impactful work in cybersecurity happens behind the scenes. Particularly in governance, risk, privacy, and security leadership, where success often looks like problems prevented, risks mitigated, or the right questions being asked early. This kind of impact does not always attract attention, but it is critical.

A nomination is more than an accolade; it is an act of recognition and encouragement. It tells someone that their work matters, that they are seen, and that their journey can inspire others. Nominating also helps broaden the narrative of cybersecurity by showcasing diverse paths, backgrounds, and contributions that might otherwise go unnoticed.

What makes an ‘inspiring woman’ in cyber in your eyes?

First and foremost, I believe every woman in cybersecurity is inspiring. Simply showing up each day to help make the digital world safer, often in complex, high-pressure environments, is truly heroic.

An inspiring woman in cyber creates impact while lifting others as she progresses. She may be a technical expert, a strategist, a leader, or an educator, but what sets her apart is purpose, resilience, and a commitment to making the space better than she found it. She does not just respond to challenges, she anticipates them, questions the status quo, and contributes to safer, more ethical, and more inclusive digital environments.

She does not need to dominate the room to lead. Her credibility comes from consistency, thoughtfulness, and sound judgement. It also stems from her unwavering commitment to building systems and teams that are secure, resilient, and future-ready. Importantly, she uses her voice, whether in boardrooms, classrooms, or communities to share knowledge, mentor others, and make cybersecurity more accessible and human.

Adam Haylock, Head of Global Cyber and Information Security Department at Fidelity International 

Why are initiatives like this so important?

I often find myself in meetings counting the number of male versus female attendees. Too often, there are only one or two women in the room, surrounded by many more men.

In cyber, many men take for granted that they don’t have to overcome that initial sense of standing out before even contributing to the discussion or holding their ground. While we are making some progress in addressing the gender imbalance, initiatives like this are vital in keeping the spotlight on an issue that still matters deeply. They help encourage more women to put themselves forward, particularly where they may previously have hesitated, and to feel recognised and valued for the outstanding work they do, inspiring others along the way. 

Why should people nominate?

Nominations reinforce the value that female talent brings to our field. Diversity of thought, approach and communication is critical in cyber, a discipline that is as much about culture and behaviour as it is about technology.

Recognising and celebrating female talent strengthens that value proposition, especially when nominations come from male colleagues who see first-hand, and rely on, the expertise and impact that women bring to our teams.

What makes an ‘inspiring woman’ in cyber in your eyes?

Being in the minority in any environment can create invisible barriers and perceptions that are difficult to overcome. For me, an inspiring woman in cyber – a male-dominated field – is someone willing to step outside her comfort zone, try new things, take risks, and learn from setbacks.

Standing out in a male-dominated environment requires real courage, and that courage is inspiring in itself. We need more visible role models like this to attract more women into cyber and to show that it is a field where they can thrive, feel valued, and build rewarding careers.

Rebecca Taylor, Co-Author of Securely Yours: An Agony Aunts’ Guide To Surviving Cyber, and Threat Intelligence Knowledge Manager and Researcher at Sophos

Why are initiatives like this so important?

Initiatives like the ‘Most Inspiring Women in Cyber Awards 2026’ are so important because they shine a light on women who are accomplishing amazing things in an industry that is still largely male-dominated. Recognising these achievements in an inclusive and safe way helps ensure women feel seen, valued, and celebrated for their expertise and impact.

Beyond individual recognition, these initiatives also create visible role models. Seeing women celebrated for their achievements inspires others to enter the field, stay in the industry, and aim higher. It helps challenge outdated stereotypes, builds confidence, and fosters a stronger sense of community and belonging.

Ultimately, celebrating women in cyber isn’t just about awards – It’s about changing culture. It encourages equity, boosts morale, and helps build a more diverse, inclusive, and resilient cybersecurity industry for everyone.

Why should people nominate? 

People should nominate because recognition matters! Nominating is a powerful way to celebrate women who are accomplishing amazing things and making a real impact. Remember that a nomination (let alone a win!) can boost confidence, open doors to new opportunities, and remind someone that their work truly matters. Get those entries in!

What makes an ‘inspiring woman’ in cyber in your eyes?

In my eyes, an ‘inspiring woman in cyber’ is someone who brings others with them into the conversation. They lift people up, share knowledge, and create space for others to learn, grow, and feel they belong. They want to leave a positive footprint, not just through their work, but through the way they support and encourage those around them.  They are a role model, someone who shows what’s possible and inspires others to follow their own path in cyber with confidence and purpose.

It isn’t about money, job titles, or seniority. It’s about impact. An inspiring woman is thriving in what they do, and you can see that they genuinely love their work. That passion is contagious and motivating to others.

Joanne Elieli, Cyber Lead and Litigation Partner at Stephenson Harwood LLP at Stephenson Harwood LLP

Why are initiatives like this so important? 

Initiatives like this are instrumental in recognising and celebrating the achievements of women in cybersecurity, helping to raise their visibility and inspire others. These initiatives encourage diversity, challenge stereotypes, and can empower the women being recognised to stay and advance in the field. By providing networking opportunities and driving positive industry change, initiatives like this can also help to create a more inclusive and innovative cyber sector.

Why should people nominate? 

Nominating women in the cyber industry is a meaningful way to recognise and celebrate their expertise, dedication, and achievements. Formal nominations help to bring the contributions of our exceptional women to light, ensuring they receive the appreciation they deserve. This visibility can inspire other women and girls to pursue careers in cybersecurity, which in turn fosters a more diverse and inclusive industry.

What makes an ‘inspiring woman’ in cyber in your eyes?

An inspiring woman in cyber, in my eyes, is someone who demonstrates exceptional skill and dedication to her work while also uplifting and supporting others in the industry. She is passionate about solving complex problems and is eager to learn and adapt in a rapidly changing industry. Beyond her technical abilities, she actively shares her knowledge, mentors others, and advocates for diversity and inclusion. Her resilience in overcoming challenges and her willingness to break new ground make her a role model for both current and future generations in cybersecurity.

Jennifer Cox, Director of Solutions Engineering, EMEA/APAC, at Tines

Why are initiatives like this so important?

Women’s representation in cybersecurity still has a lot of ground to cover, and initiatives like this shine a light on those who are making an impact both technically and culturally. Recognition not only celebrates achievement but also helps change perceptions;  it shows the next generation that there’s space for them here, no matter their background or neurotype. When we platform diverse voices, we accelerate innovation and make our industry stronger, more inclusive, and more human.

Why should people nominate?

Nominating someone is a simple but powerful act of allyship and pride. Many brilliant women in cyber are so focused on lifting others up or doing the hard, often invisible work that they rarely stop to celebrate themselves. A nomination says, “I see you, I value what you’re doing, and you’re shaping this industry.” You never know who might need that encouragement to keep going or step into an even bigger role, and for other women just starting their cybersecurity careers visibility of these trailblazers and their capabilities is key.

What makes an ‘inspiring woman’ in cyber in your eyes?

For me, an inspiring woman in cyber is someone who leads with both competence and compassion. She’s technically grounded, but she also uses her voice and position to make space for others; especially those whose stories aren’t often heard. She’s authentic, curious, resilient, and not afraid to challenge the norm. Above all, she shows that success in cybersecurity isn’t about fitting a mould; it’s about rewriting it so more people can belong.

 

—

You can nominate here. 

The post Most Inspiring Women in Cyber 2026: Meet The Judges appeared first on IT Security Guru.

In Formula 1, milliseconds matter… and so does security. Keeper Security has helped Atlassian Williams F1 Team tighten its cyber defences, revealing how the iconic racing team is using KeeperPAM to protect its data, systems and global operations without taking its foot off the accelerator.

Announced on 13 January 2026, a new case study from Keeper Security details how Atlassian Williams F1 Team has overhauled its privileged access strategy using KeeperPAM, a unified, cloud-native Privileged Access Management (PAM) platform built on zero-trust and zero-knowledge principles. With terabytes of sensitive telemetry and performance data generated every race weekend, any breach, whether trackside or back at base, could be race-ending.

Unlike many organisations, Atlassian Williams F1 Team’s infrastructure isn’t parked in one place. It’s constantly on the move, travelling across more than 20 countries each season. From airports and paddocks to garages and headquarters, the team needed cybersecurity that could keep pace with a relentless global schedule without adding friction.

“We travel to more than 20 countries each season, and every week we’re in a new location,” said James Vowles, Team Principal, Atlassian Williams F1 Team. “Our infrastructure isn’t sitting safely in a single building – it’s traveling with us. That means we have to be secure wherever we are, from airports to garages to our HQ at Grove. With Keeper, we can build that fortress around our operations.”

KeeperPAM delivered that protection by putting zero trust at the heart of access control. Through role-based access, privileged session monitoring and automated provisioning, the platform allows Atlassian Williams F1 Team to enforce least privilege while keeping engineers and staff moving at racing speed.

The team has also streamlined operations by funnelling all privileged connections through a single platform, giving security teams better visibility and faster reaction times when something looks off.

“We now have a single platform where all of our connections go through,” said Harry Wilson, former Head of Information Security, Atlassian Williams F1 Team. “We can apply policies, monitor usage and generate alerts when something unexpected happens. Doing that on our server estate was critical to us.”

KeeperPAM brings together enterprise password management, secrets management, privileged session management, endpoint privilege management, secure remote access and dark web monitoring into one cloud-native platform. By replacing legacy tools with a single solution, Keeper Security says organisations gain real-time visibility, automated least-privilege enforcement and AI-driven threat detection, helping them spot threats before they cross the finish line.

For Atlassian Williams F1 Team, flexibility was just as important as control. Engineers occasionally need elevated access, but only when it’s genuinely required  and never longer than necessary.

“There are times when employees need local admin rights on a case-by-case basis,” added Wilson. “With Keeper, we can grant that access in real time and remove it automatically, which gives us confidence that privileged access is always controlled and temporary.”

Keeper Security believes modern PAM needs to work quietly in the background, more like a finely tuned race engine than a heavy braking system.

“Modern PAM has to do more than secure credentials. It has to automate provisioning, rotate secrets and eliminate standing privileges – all without burdening IT teams,” said Craig Lurey, CTO and Co-founder, Keeper Security. “That’s why we designed KeeperPAM to replace complexity with automation, freeing organisations like Atlassian Williams F1 Team to focus on what they do best.”

By centralising all credentials within a zero-knowledge environment, Atlassian Williams F1 Team has eliminated plaintext exposure while automating the provisioning and deprovisioning of privileged access. The result is lower operational overhead for IT teams and fewer roadblocks for engineers pushing performance innovation.

With KeeperPAM in place, Atlassian Williams F1 Team can now operate securely on any device, on any network, anywhere in the world. In a sport where marginal gains make all the difference, cybersecurity has become another competitive edge, helping the team stay secure, agile and firmly in the race.

The post Keeper Security puts Atlassian Williams F1 Team in pole position on cybersecurity appeared first on IT Security Guru.

BreachForums, one of the most well-known English-language cybercrime forums, has reportedly suffered a data breach, exposing user information after the site was taken offline once again.

As reported by The Register, a database linked to the forum was leaked online, potentially revealing account details, private messages and metadata on close to 325,000 accounts. However, security researchers caution that while the leak may attract attention, its intelligence value and authenticity remain uncertain.

Michael Tigges, Senior Security Operations Analyst at Huntress, said the dataset should be treated with caution.

“This data leak, while potentially useful for authorities and security professionals researching adversarial activities, is ultimately of limited forensics use,” he said.

“While the database leak may be legitimate, the integrity is called into question as it was derived from another cybercrime group, ShinyHunters.”

He added that such leaks are sometimes used to infer links between threat actors, but warned that datasets may be incomplete, selectively modified, or deliberately misleading.

“The reliability of the information must be highly scrutinised, as it may not be legitimate data or could be altered to disguise or prevent disclosure of information,” Tigges said.

Criminal trust continues to erode

The breach is likely to further undermine confidence in BreachForums among cybercriminals, following a series of takedowns and reappearances over recent years.

Gavin Knapp, Cyber Threat Intelligence Principal Lead at Bridewell, said the platform’s turbulent history has already damaged its credibility.

“Criminals are likely questioning its credibility and losing trust in it, and it’s often referred to as a potential honeypot for law enforcement,” Knapp said.

Knapp noted that the real-world impact of the leak depends largely on the operational security (OPSEC) practices of individual users.

“The data leak is obviously a problem for legitimate accounts used for crime, as opposed to sock-puppet accounts used by researchers or law enforcement,” he said.

“However, the impact depends on whether users exposed information that could be linked back to a real-world identity, such as unique email addresses or reused passwords.”

He added that the same risks apply to investigators and researchers who may also face exposure if poor OPSEC was used, and that it remains unclear how current or complete the leaked data is.

Limited underground reaction

Despite the publicity surrounding the breach, reaction within cybercrime communities appears muted.

Michele Campobasso, Senior Security Researcher at Forescout, said responses across underground forums have been limited or dismissive.

“On one of the XSS forum forks following the takedown, some users responded with sarcasm,” he said.

“In other underground forums and communities where we have access, we found no reaction on the topic.”

This lack of engagement may reflect growing scepticism among threat actors toward long-running forums, many of which are viewed as compromised or unreliable.

Disputed links to ShinyHunters

The breach has also prompted speculation around the involvement of the ShinyHunters extortion group, although responsibility remains disputed.

Campobasso said that while there is no conclusive evidence linking ShinyHunters to the leak, the claim is not implausible given recurring references to a figure known as “James” across multiple iterations of the shinyhunte[.]rs website.

Cached versions of the site show repeated mentions of “James”, including defacement messages, accusations from other group members, and a manifesto attributed to the same pseudonym. Linguistic patterns in the text suggest possible French influence, although Campobasso cautioned against drawing firm conclusions.

“It is possible that either the data leak was performed by James, or that someone is attempting to frame them in order to disrupt their reputation within the cybercriminal ecosystem,” he said.

A familiar pattern

Ultimately, the BreachForums incident highlights a recurring issue within cybercrime communities: instability, internal conflict and declining trust.

For defenders, the breach reminds them that leaked criminal datasets should be treated carefully, validated rigorously and never assumed to be complete or accurate, even when they appear to offer rare insight into adversary activity.

The post BreachForums Data Leak Raises Fresh Questions Over Credibility appeared first on IT Security Guru.

This week, Keeper Security the launch of its JetBrains extension, offering JetBrains Integrated Development Environment (IDE) users a secure and seamless way to manage secrets within their development workflows. By integrating directly with the Keeper Vault, developers can replace hardcoded secrets with vault references and execute commands using injected credentials, ensuring sensitive data remains protected at every stage of development. 

Secure secrets management protects the credentials, API keys, tokens and certificates that applications rely on to function safely. When these secrets are mishandled, such as being stored in plaintext, hardcoded into source code or shared insecurely, they become easy targets for attackers. The Keeper JetBrains extension eliminates these risks by allowing developers to store, retrieve and generate secrets from the Keeper Vault without leaving their IDE.

Unlike standalone plug-ins or external vault tools that rely on third-party servers, the Keeper JetBrains extension operates within a zero-knowledge architecture, ensuring all encryption and decryption occur locally on the user’s device. Integrated natively with Keeper Secrets Manager and KeeperPAM®, it brings enterprise-grade privilege controls directly into the developer’s workflow to deliver strong security without slowing down development. 

“Modern software development demands security at every layer,” said Craig Lurey, CTO and Co-founder of Keeper Security. “Integrating Keeper into JetBrains ensures developers can apply secure-by-design principles from the start, eliminating hardcoded credentials and strengthening the integrity of the software supply chain.”

The Keeper JetBrains extension provides a range of powerful capabilities, including secrets management that allows users to save, retrieve, and generate secrets directly from the Keeper Vault. It also supports secure command execution by enabling applications to run with secrets safely injected from the vault. In addition, the extension offers logging and debugging tools, giving users access to logs and the ability to enable debug mode for full operational transparency, and it supports cross-platform use across Windows, macOS, and Linux environments.

The JetBrains extension builds on Keeper’s broader KeeperPAM® platform, an AI-enabled, cloud-native privileged access management solution that unifies password, secrets, connection and endpoint management under a zero-trust, zero-knowledge framework. 

 

The post Keeper Security Launches JetBrains Extension appeared first on IT Security Guru.

A cyber attack on shared IT systems used by several London councils has resulted in the theft of personal data relating to thousands of residents, raising renewed concerns about the resilience of local government cyber security and the risks posed by interconnected public-sector infrastructure.

Kensington and Chelsea Council confirmed that sensitive personal information was accessed during the incident, which also disrupted services across neighbouring boroughs. The attack prompted swift intervention from the National Cyber Security Centre (NCSC) and the Metropolitan Police, underlining the seriousness of the breach.

Cyber security leaders warn that the incident reflects a broader and accelerating threat to public-sector organisations. Darren Guccione, CEO and co-founder of Keeper Security, noted that this is the second significant cyber incident affecting a UK local authority in less than two months, highlighting how persistently councils are being targeted.

“Councils and other arms of government remain high-value targets for cybercrime because they hold extensive sensitive personal data and operate interconnected, often legacy, systems that are both attractive to attackers and difficult to defend at scale,” Guccione said. He added that the frequency of these attacks suggests adversaries are shifting away from opportunistic intrusion towards sustained and sophisticated campaigns designed to exploit systemic weaknesses and undermine public trust.

The technical characteristics of the attack have also raised alarm among experts. Graeme Stewart, head of public sector at Check Point, said the incident shows “all the signs of a serious intrusion”, citing multiple boroughs being taken offline and internal warnings instructing staff to avoid emails from partner councils.

“That’s classic behaviour when attackers get hold of credentials or move laterally through a shared environment,” Stewart said. “Once they’re inside one part of the network, they can hop through connected systems far faster than most councils can respond.”

Stewart added that the rapid shutdown of services suggests authorities feared escalation into encryption or large-scale data theft. “Councils hold incredibly sensitive material – social-care files, identity documents, housing records. If attackers got near that, the fallout wouldn’t stay local,” he warned.

The incident has also highlighted the risks created by shared and centralised IT platforms across local government. Dray Agha, senior manager of security operations at Huntress, described such environments as a “double-edged sword”.

“While shared systems are efficient, the breach of one council can instantly compromise its partners, crippling essential services for hundreds of thousands of residents,” Agha said. He stressed the need to move beyond purely cost-driven IT strategies and towards segmented, resilient architectures capable of containing attacks before they spread.

For residents affected by the breach, the immediate concern is how their personal information may be misused. Chris Hauk, consumer privacy advocate at Pixel Privacy, urged individuals to remain vigilant for phishing and fraud attempts, while calling on the council to provide tangible support.

“People that have had their data exposed should stay alert for phishing schemes and other scams,” Hauk said. He added that Kensington and Chelsea Council should offer free credit monitoring to affected residents, noting that government bodies frequently expect private-sector organisations to do the same following similar breaches.

Transparency will be critical in limiting long-term harm, according to Paul Bischoff, consumer privacy advocate at Comparitech. He called on the council to clarify what types of personal data were compromised as quickly as possible.

“Until then, victims cannot make informed choices about how to protect their personal information and finances,” Bischoff said. He noted that attackers have already published a proof pack containing sample stolen documents – a common tactic used by ransomware groups to substantiate their claims and apply pressure. “Based on our research into hundreds of ransomware attacks, the vast majority of these claims are legitimate,” he added.

At a policy level, Guccione pointed to the UK Government’s recently launched Cyber Action Plan, which includes more than £210 million in funding and the creation of a new Government Cyber Unit to improve coordination and resilience across public services.

“The plan is a positive development in recognising the cross-government nature of this challenge,” he said, but warned that central initiatives must be matched by action at the organisational level. He urged public-sector bodies to accelerate adoption of identity-centric security models, enforce stronger access controls, segment networks to limit lateral movement and implement continuous monitoring.

“Only by elevating cybersecurity from a technical afterthought to a core governance priority can public services reduce their exposure to increasingly persistent attacks and maintain citizens’ trust in the digital services they rely on,” Guccione said.

As investigations continue, the incident is expected to intensify scrutiny of cyber maturity across UK local authorities, many of which continue to deliver critical digital services under tight budgets and complex operational constraints.

The post London council cyber attack exposes personal data and highlights risks of shared public-sector IT appeared first on IT Security Guru.

Critical thinking and media literacy are now seen as essential skills for young people, yet many schools lack the resources to teach them, according to new research with teachers, commissioned for BBC Bitesize. Over half of teachers say they need more support to help pupils identify misinformation, as teens increasingly struggle to separate fact from fiction online, a challenge linked to rising anxiety levels.

To bridge this gap, BBC Bitesize is launching Solve the Story, a six-part media literacy series designed to equip students, teachers, and schools with practical tools to tackle misinformation and disinformation. Premiering in schools on 5 January 2026, the series forms part of the Bitesize Other Side of the Story initiative and will help teenagers question what they see online, verify sources, spot fakes, and understand how misleading narratives spread.

The roll-out comes amid mounting evidence that young people are struggling to manage the sheer scale and sophistication of online content. According to research commissioned by the BBC involving more than 400 teachers, critical thinking is now considered the single most important skill for young people, yet one in three teachers say it is difficult to teach, citing lack of time, resources and curriculum pressure.

More than half of the teachers who took part in the research said they need more support in helping pupils recognise misinformation, and that media literacy is not covered well enough in the current curriculum. Teachers also warn that students are already “outpacing adults” online, with the rate of digital change widening the skills gap in the classroom. The research also suggests that parents echoed this concern, as many felt their own digital skills were already outdated.

For young people, the effect of misinformation reaches far beyond the classroom as the impact is emotional as well as educational. New findings from this year’s Bitesize Teen Summit with Radio 5 Live, suggests that two thirds of teenagers worry about fake news and online misinformation, causing confusion and contributing to rising levels of stress and anxiety.

Patricia Hidalgo, Director of BBC Children’s and Education said: “In today’s digital landscape, media literacy isn’t a luxury, it’s a necessity. Solve The Story will help schools to equip young people with the critical thinking tools they need to navigate online content confidently, verify what they see, and protect their mental well‑being. This series is a vital next step towards empowering students and supporting educators in tackling misinformation, as we take Other Side of the Story into classrooms.”

Available to schools and on the BBC Bitesize website, Solve the Story uses a six-part mystery series in which characters must apply media literacy skills to uncover the truth, by analysing sources, questioning assumptions, identifying deepfakes, challenging viral claims and spotting bias. Each episode is paired with a “how-to” guide offering clear, practical steps for teachers and resources for classroom use.

Hundreds of schools up and down the country have already signed up to take part in the January launch, signalling strong demand for classroom-ready tools to help pupils navigate online misinformation. The first episode will be shown in schools on 6 January, with new episodes released weekly until the finale event in February.

Solve the Story is the first content series created for us in schools from the Bitesize Other Side of the Story, that was launched in 2021 to help students navigate the online world and be more critical of the information they consume. Bitesize Other Side of the Story provides articles, videos, quizzes and other resources and workshops in secondary schools that to help students be more curious about the news and information they see and share online. It also equips them with the tools to be create content responsibly, stay safe online and avoid scams, be more aware of different types of media, think more critically and become more positive digital citizens.

The BBC commissioner for Solve The Story is Andrew Swanson.

The video content can be found https://www.bbc.co.uk/bitesize/groups/c4gqzw1kxn6tand Other Side of The Story can be found https://www.bbc.co.uk/bitesize/groups/c0rx3447znvt

 

TEACHER CASE STUDY

Amy, English Teacher, Manchester

“CRIMINALS USE THAT KIND OF MISINFORMATION TO LURE VULNERABLE KIDS IN BY SHOWING THEM A GLAMOROUS LIFESTYLE”

Amy, an English teacher at a secondary school in Manchester, sees first-hand how quickly misinformation online shapes what her students believe. One of the most alarming examples is how many genuinely think glamorous “prison freestyle” videos on social media are accurate depictions of real life.

“They really believe that’s what prison is like,” she says. “The videos make it look easy or exciting. Criminals use that kind of misinformation to lure vulnerable kids in by showing them a glamorous lifestyle and telling them crime can get them there. That’s what scares me the most.”

But the prison clips are just one part of a much bigger issue. Amy says many of her pupils are convinced they’re “too smart” to be tricked by anything online.

“They’ll laugh at obviously fake AI videos and say, ‘that’s so AI’, but underneath that is a belief that they can’t be fooled. If I tell them something isn’t real, they argue back. They think teachers don’t understand technology, and they automatically trust what they see online more than what we tell them.”

She has seen conspiracy theories spill directly into schoolwork.

“We’ve had essays referencing ‘the matrix’ and huge conspiracy theories, because they’ve come from influencers like Andrew Tate. Those opinions really appeal to them because they’re presented as ‘facts’. It’s frightening how quickly those ideas embed.”

Challenging this isn’t always straightforward.

“Teenagers don’t want to believe anything that contradicts what they’ve seen on TikTok or YouTube. Sometimes they push back so hard that it becomes something we pick up with safeguarding, simply because it needs a wider team around it. Mentors and form tutors help us challenge the misinformation as a team.”

Social pressures add another layer.

“Their friendship groups feel like they span the whole internet, so the biggest fear is embarrassment. Anything taken out of context can spread quickly, and at our school the fear of parents seeing them do something they shouldn’t is huge. The consequences feel enormous to them.”

Amy says traditional critical-thinking lessons aren’t enough on their own.

“We teach those skills in English, but once they’re at home, school doesn’t exist. They need practical tools that match the world they’re actually living in.”

That’s why she believes Solve the Story could make a real difference.

“They love short-form content, and this format suits their attention span. If teachers show it to them, it will help them stop and question things instead of just accepting whatever they scroll past. They won’t look for it themselves, so teacher buy-in is essential, but once it’s in front of them, it will click.”

Amy sees media literacy as part of her duty of care.

“Some understand the problem, so they can’t push back on what their children are watching. It falls to us to teach them how to protect themselves. They need these skills more than ever.”

The post BBC Bitesize Launches Media Literacy Series To Help Teens Separate Fact From Fiction Online appeared first on IT Security Guru.

Remote-first companies are no longer an exception. What began as a temporary response to global disruption has evolved into a long-term operating model for startups, scaleups, and even established enterprises. Distributed teams, cloud-based tools, and borderless hiring have unlocked flexibility and talent access—but they have also introduced new cybersecurity and compliance challenges.

One often-overlooked factor in managing these risks is business structure. How a company is legally formed, governed, and registered plays a critical role in determining its cybersecurity responsibilities, regulatory exposure, and ability to respond to incidents. For remote-first companies, structure is not just a legal formality—it is a foundational element of cyber resilience.

Business Structure Shapes Compliance Obligations

Every company operates within a legal framework that defines its obligations around data protection, record keeping, and reporting. These obligations vary significantly depending on whether a business is incorporated, operating as a sole trader, or functioning through informal arrangements.

A formally structured business is more likely to have clearly defined accountability. Directors, officers, and data controllers are identified, which matters when regulators assess responsibility after a data breach. In contrast, loosely structured or improperly registered businesses often struggle to demonstrate who is responsible for cybersecurity decisions, policies, and failures.

For remote-first companies handling customer data across multiple jurisdictions, clarity of structure becomes essential. Regulators typically look first at the legal entity when determining which laws apply and who must answer for compliance failures.

Cybersecurity Policies Depend on Legal Identity

Cybersecurity compliance is not just about technical controls; it also involves policies, contracts, and governance. Business structure influences all three.

Employment contracts, contractor agreements, and vendor relationships must align with the company’s legal identity. A properly formed company can implement standardized security policies, data processing agreements, and incident response protocols. These documents are often required under regulations such as GDPR, even for small or remote-first businesses.

Without a clear structure, remote-first teams may rely on informal tools, shared accounts, or undocumented processes—practices that significantly increase security risk. Legal formation helps enforce separation between personal and business systems, reducing exposure when devices are lost, compromised, or misused.

Cross-Border Teams Increase Risk Without Structure

Remote-first companies frequently operate across borders, hiring talent wherever skills are available. While this offers strategic advantages, it also introduces complexity around data residency, access controls, and jurisdictional compliance.

A defined business structure helps anchor these complexities. It establishes a primary legal home for the company, which regulators and partners use as a reference point. For example, many founders choose company formation in UK because it provides a clear corporate framework, predictable regulatory standards, and alignment with international data protection norms—factors that simplify compliance planning for distributed teams.

Without such anchoring, companies may unintentionally violate local data laws or struggle to demonstrate compliance during audits or investigations.

Incident Response and Liability Management

Cyber incidents are not a matter of if, but when. How a company is structured affects how effectively it can respond to breaches and limit damage.

A properly incorporated business can:

• Appoint responsible officers for data protection and security
• Maintain incident response plans tied to legal obligations
• Communicate with regulators, clients, and partners through formal channels
• Access insurance products that require clear legal status

In contrast, poorly structured businesses often face delayed responses, unclear communication, and increased liability. Regulators may impose heavier penalties when they believe negligence stems from inadequate governance rather than technical failure.

Investor and Partner Expectations

Cybersecurity is now a core concern for investors, enterprise clients, and strategic partners. Due diligence processes increasingly examine not just security tools, but governance and legal structure.

Remote-first companies with clear formation, documented policies, and defined accountability are viewed as lower risk. This can affect access to funding, partnerships, and enterprise contracts. Conversely, informal or ambiguous structures raise red flags, especially when sensitive data or regulated industries are involved.

Structure Enables Security Maturity

Cybersecurity maturity develops over time. Early-stage companies may rely on basic controls, but as operations scale, expectations increase. Business structure enables this progression by providing a framework for:

• Assigning roles and responsibilities
• Budgeting for security investments
• Auditing systems and processes
• Demonstrating compliance to third parties

Remote-first companies that delay proper structuring often find themselves retrofitting compliance under pressure—an expensive and risky approach.

Final Thoughts

Remote-first work is here to stay, but it demands a more deliberate approach to cybersecurity. Technical tools alone are not enough. Legal and organizational structure underpins everything from policy enforcement to regulatory compliance and incident response.

For remote-first companies, business structure is not an administrative afterthought. It is a strategic decision that shapes how securely and sustainably the organization can operate in a digital, distributed world. By aligning structure with cybersecurity obligations early, companies position themselves to scale with confidence rather than react under crisis.

The post Why Business Structure Matters for Cybersecurity Compliance in Remote-First Companies appeared first on IT Security Guru.

We’re on the edge of something interesting in the industry right now, and it’s the transformation of the modern SOC.

We Know the Problem

Everyone knows that security operations centres are faced with too much, too hard, and too fast – not to mention too confusing. We know the stats: thanks to the cyber talent crunch, limited resources, and a ton of new attacks (thanks, bots and AI), 40% of alerts get ignored. Even worse, 61% of security teams admit to ignoring alerts that later proved to be critical incidents.

We’ve Dipped Our Toe in the Solution

The simple answer is “figure out how to get less alerts.” Check. Reducing noise is key. But once you do, is the problem solved?

No, but you’re on the right track. The next step is where the transformation really takes place, and where the industry is looking to go next. We’ve talked noise reduction, but now, what we need when we’ve only got a few (ish) alerts is to know is which one of those is worth our time? If we can only get to five a day, which ones should we be going after? And what determines what comes next on our roster?

Let’s Go All the Way

The answer is risk. You need to prioritise those remaining few (hundred) alerts by risk, which is a multifaceted project, then streamline remediations based on which ones present the biggest, most immediate, or most impactful threat.

Reducing noise is a good start, but it’s only that. Here’s where we jump off, and how to build a risk-first alert pipeline that analysts trust. And that will truly have the power to transform the SOC.

First, Let’s Talk Noise Reduction

Before we jump to the conclusion, let’s orient ourselves and look at where we’ve come from.

Nobody Can Function with Alert Fatigue

Faced with an average of 83 different tools from 29 different vendors, SOCs are forced to wade through deluges of data to find the rare, true positive needle in a haystack.

It doesn’t come easy, and SOCs waste most of their time looking. That’s why it’s so important to, before anything else can get better, cut the noise. Prophet Security, an AI SOC Platform company, does a great job of explaining the process of reducing alert fatigue, but then adds this insightful conclusion: “Do not chase volume alone. Reducing alert count without measuring risk impact creates blind spots.”

Cutting Down Alerts? It’s a Good Start

And this is the jumping off point. Having fewer alerts is, well, good. But those still have to be actioned on and someone has to decide which comes first. Typically, SOCs make that decision based on severity scores. It’s the way the industry does things, it’s the way we’ve always done things.

But these days, security no longer exists in a vacuum and “how big a deal” a certain exposure is really doesn’t matter if it isn’t a big deal to the business. Today, all security priorities are intrinsically tied to business objectives – it’s about time! – which means that the alerts that represent the biggest overall business risk are the ones that need to be taken care of first.

So, how do you do that?

Determining Risk to the Business: The Real Metric

We’ve carried the ball halfway down the court, and now it’s time to sink it in. To really help SOCs out, any sort of automated SOC tool needs to do more than cut down on noise. It needs to tell you what to do with the alerts that are left, and tie those decisions transparently to:

• Asset criticality. Is this a moderate severity vuln on a database holding cardholder information? That’s huge. Or is it a critical vulnerability on a stale on-premises database that holds no secrets? Not as big of a deal.
• How likely is this to be exploited? Are there currently strong security controls surrounding this asset, blocking any potential attacks? We can wait on the fix, then. Are there zero policies in place, meaning all an attacker has to do is compromise this one weakness and they’re in? Put that higher on the list.
• Risk to the business. If this vulnerable system goes down, what’s the worst that can happen? Is it a SCADA system or an API connecting highly regulated data? Priority one. Is it a retired server that’s been languishing in the digital corner? You get the point.

Looking at these other angles shows why simple severity scores won’t cut it. They say nothing of the context around the exposure; what it’s putting at risk, how real that risk might be, the impact if that risk becomes a real threat or gets exploited.

All these things need to be taken into account by your automated SOC tool if it’s going to do more than give you more puzzles to solve. SOCs have enough on their plates; these types of answers should come standard.

So, what’s the technology that can get it done?

A Modern, Risk-First Alert Pipeline

When looking for the right AI SOC platform, it needs to be one that will do this sort of math for you, not take out a bunch of alerts, hand you the rest, and say “good luck.”

That’s why you want one with a modern, risk-first alert pipeline. This sounds like a bunch of security-ish buzzwords strung together with hyphens, but it’s really where the magic takes place.

Can AI Help? Yes.

But first, does AI help? In 2025, you don’t have to ask. Yes, artificial intelligence helps in this whole process. Like with most technologies, applying AI, generative AI, machine learning, agentic AI, natural language processing, and everything AI can move the needle significantly; but only when used in the right way.

Building Out Alerts by True Risk

Here’s what a risk-first alert pipeline looks like in action:

1. Upstream Filtering: AI agents, especially agentic AI agents, ingest alerts and analyse them (early in the pipeline, or at the source). They filter out false positives here, leaving less mess to work with downstream.
2. User Behaviour: Helps filter out false positives by comparing normal baselines to existing identity and session activity.
3. Contextual Enrichment: Using only the alerts that aren’t marked duplicates or false positives, autonomous AI agents get to work. They gather and correlate data from all relevant sources (SIEMs, cloud logs, identity platforms, EDR) to build the beefed-up attack story and deliver SOCs alerts they can use. Right away.
4. Contextual Reasoning: You can’t chase dynamic threats with static rules. Agile, agentic AI agents “think” on the spot (using LLMs and domain-specific data) to make conclusions about the evidence, ask investigative questions, and come up with next steps.
5. Blended Scoring: The ultimate, prioritised list should be one where multiple factors have been taken into account: severity (yes), context (SIEMs, EDR, etc.), behavioural analytics (does surrounding system behaviour deviate from the norm?), and confidence scoring (how “right” the AI thinks its reasoning is, so SOCs know what they’re working with). All AI-based decisions should be transparent and auditable to boost trust; no “black box” scoring.

The result is that you get your alerts not only thinned out, but organised by order of importance to the business, not an arbitrary security scoring chart. Don’t misunderstand; severity needs to be factored in, too. It just can’t be the only factor.

The Benefit of a Risk-First Alert Model

With a risk-first alert model, SOCs can place their limited resources where it counts, instead of chasing down alerts that may not have been the best use of company time.

This means that security teams look really good when presenting to boards at the end of the year, and that non-security board members can immediately grasp why SOCs did what they did, how that positively impacted the business, and where their money was going.

And, most importantly, be happy with it.

The post From noise to signal: Building a risk-first alert pipeline that analysts trust appeared first on IT Security Guru.

Private aviation’s typical buyer used to be straightforward: corporate executive, mid-50s, established wealth. That profile is still prominent, but it’s changing fast.

Buyers under 45 now account for 29% of pre-owned private jet transactions, nearly double their share from a decade ago, according to Jetcraft’s 2025 market report. These younger buyers are also spending more: averaging $25 million per transaction, 31% higher than their older counterparts. Many have made fortunes in technology, entertainment, and finance. Others inherited substantial wealth earlier than previous generations as part of what wealth advisors call the Great Wealth Transfer: $90 trillion in assets moving from baby boomers to younger generations over the next two decades.

What they want looks somewhat different from what their predecessors wanted. The question is whether aviation’s traditional sales infrastructure can adapt.

Sergey Petrossov, the Managing Partner of Aero Ventures, believes his company is at the forefront of this change.

“By solving for the two biggest pain points, lack of information and slow delivery, we believe Aero Ventures will become the hub where the world’s most discerning aviation clients begin and manage every major ownership decision,” he told Sherpa Report.

The firm’s AI-driven platform targets those pain points by providing instant valuations and ownership cost simulations, tools addressing buyers who expect immediate access to data whether they’re 35 or 65.

The Productivity-First Buyer

Remote work reshaped how younger high-net-worth individuals approach aviation. A 2025 survey found 81% of affluent 18-35 year-olds work remotely. That demographic enters private aviation younger than previous generations, prioritizing functional amenities like high-speed connectivity, wellness features, and productivity tools.

They want jets functioning as airborne offices. The Gulfstream with mahogany paneling matters less than whether the Wi-Fi handles video conferences reliably.

George Galanopoulos, CEO of Luxaviation UK, described the shift in a recent interview with Inflight. “Millennials, broadly those in their 30s and early 40s, now account for more than half of our business jet charter clients. These are clients who value efficiency over formality, digital access over legacy prestige, and experiences that feel personal.”

Different Entry Points, Different Expectations

Aviation buyers arrive at ownership through varied paths. Some build relationships with brokers over years through charter programs or fractional ownership, developing industry connections and understanding pricing dynamics through long-term advisory relationships. Others enter aviation suddenly and without established broker networks, spurred on by a company sale, inheritance, or rapid business growth.

The challenge emerges when buyers accustomed to digital platforms for other major purchases encounter aviation’s traditionally relationship-driven sales model. It may feel like they are purchasing eight-figure assets with less immediately accessible information than they’d get researching a $50,000 car.

Sergey Petrossov sees the disconnect. “Today, most aircraft sales require weeks of back-and-forth, incomplete information, and outdated valuations,” he told Sherpa Report.

His assessment reflects broader industry data: aircraft transactions still averaged 207 days from listing to closing in 2024.

Platform Access Without Commitment

Aero Ventures’ AI-driven platform was designed to address information asymmetry. Users can access aircraft valuations, ownership cost simulations, and market comparables without engaging brokers initially. The model mirrors what successful real estate platforms like Zillow have done for real estate: provide enough data for buyers to explore options independently before committing to transactions.

The platform generates instant fair market values using AI-based systems tracking transaction data and market comparables. Users can model scenarios like flying 200 hours annually versus 400 hours to understand total cost implications. The system tracks inventory levels and absorption rates across aircraft types, showing whether current conditions favor buyers or sellers.

“Rather than trying to take the human out of the process, the Marketplace serves as an entry point for engagement, letting clients ‘window shop’ and experiment with different ownership scenarios,” Petrossov explained to Sherpa Report.

The concept offers an alternative entry point for buyers who prefer preliminary exploration before advisory engagement. Some buyers want immediate broker consultation. Others prefer researching independently first. Both paths ultimately lead to human expertise for transaction execution.

Maintaining Human Expertise

Aircraft transactions involve bespoke financing, maintenance status assessments, regulatory compliance across jurisdictions, insurance considerations. Automated valuations provide starting points, but closing deals requires interpreting data through operational expertise.

All buyers, regardless of how they enter the market, recognize multimillion dollar purchases demand human expertise at some stage. The question is when that expertise enters the process.

Aero Ventures positions its platform as complementing rather than replacing advisory relationships. The firm targets “qualified buyers and sellers, typically focused on aircraft in the ten million dollar and above range,” according to Petrossov.

Aviation sales have evolved to serve buyers through multiple channels: traditional broker relationships built over years, digital platforms providing immediate data access, or hybrid models combining both.

Platform tools might appeal to buyers entering aviation without established broker networks. Traditional advisory relationships continue serving buyers who value long-term consultation and discretion. The industry is accommodating both approaches rather than replacing one with the other.

Aviation’s relationship-driven culture persists because transactions remain complex enough that human expertise adds genuine value. For Petrossov and Aero ventures, the hope is that digital tools enhance that expertise and reshape how buyers access it.

The post Sergey Petrossov’s Aero Ventures Addresses Aviation’s Younger, Tech-Focused Buyer Demographic appeared first on IT Security Guru.

As Santa starts his travels, experts are warning that his arrival could bring with it a range of cyber risks, from scams to insecure gadgets.

Whilst Santa prefers to deliver via chimney, most cybercriminals are looking for backdoors. In some cases, hackers prefer to deliver malicious communications via email. Worryingly, in 2025, scams are not just more common, they’re often harder to spot. Earlier this month, researchers from the team at Check Point detected 33,502 Christmas-themed phishing emails in the first two weeks of December, along with more than 10,000 fake advertisements being created daily on social media channels. Many mimic festive promotions, while others push fake Walmart or Home Depot deals, fraudulent charity appeals, and urgent delivery notices.

Why is this time of year so popular for cybercriminals? Ian Porteous, Regional Director, Security Engineering, UK & Ireland at Check Point Software, notes that “Cybercriminals love Christmas just as much as shoppers do, but for all the wrong reasons. This time of year, people are more exposed due to the sheer volume of digital interactions – shopping online, sending e-cards, and grabbing festive deals. That makes it the perfect opportunity for scammers.”

Which other types of attacks should consumers look out for?

Javvad Malik, Lead CISO Advisor at KnowBe4, highlighted a range of common festive scams that consumers should be alert to during the Christmas period. He warned that these include “fake courier messages – like texts from Royal Mail, DPD, Evri etc”, often claiming “we tried and failed to deliver” or asking recipients to “pay a small fee to release it”. Malik also pointed to deals that are too good to be true, such as “ridiculous savings, 90% off named brands”, as well as gift card scams and urgent favour requests, typically appearing as “a WhatsApp or email from your boss or family member usually”. Other tactics include charity scams involving “fake charities trying to pull at heartstrings during the season of giving”, fraudulent shopping emails claiming “your payment failed” or that “your Black Friday order couldn’t be processed”, and holiday job or side hustle offers that require victims to “pay an upfront fee for training or admin”, which in some cases can result in individuals unknowingly becoming money mules.

“Digital security at Christmas starts with prevention,” adds Ian Porteous from Check Point. “Staying alert and cautious online can make all the difference – protecting your personal information and ensuring a stress-free festive season.”

Javvad Malik from KnowBe4, urges consumers to ask the following questions before taking action:

• Was I expecting this?
• Is this how we normally do it?
• Is this invoking an emotional response?
• Is it time-sensitive (rushing me)?
• Have I checked it somewhere else?

 

The post Cyber Experts Warn of Increased Consumer Scams This Festive Season appeared first on IT Security Guru.