top of page
-JS-20240807%20PNG.png)
Search
What the Asahi Cyber-Attack Teaches Us About Managing Your Attack Surface
What Happened at Asahi What we do know: On September 29, 2025 , Asahi Group Holdings (Japan’s largest brewer) suffered a cyber-attack...
Lucas Daniels
Oct 93 min read
LockBit 5.0: The New Ransomware Variant That Hunts Your Servers
A Brief History of LockBit LockBit is one of the most persistent and high-impact ransomware families operating today. It began in 2019...
Lucas Daniels
Oct 24 min read
CVE-2025-10585: What It Is and Why You Must Update Your Browser Now
What CVE-2025-10585 Is Here’s what we know so far (as of mid-September 2025): The vulnerability is a zero-day, meaning attacks are...
Lucas Daniels
Sep 253 min read
The NX GitHub Attack: What Happened and How Your Business Can Avoid Being Next
A Quick Recap of the Attack On 16 September 2025, attackers exploited a GitHub Actions injection vulnerability to steal Nx’s NPM...
Lucas Daniels
Sep 182 min read
Cyber Risk Hits Home: How Charities Can Defend Against Breaches
If you're part of a charity team, whether a founder, trustee, or operations lead, you already know how tight budgets and time are. But...
Lucas Daniels
Sep 113 min read
Clickjacking and Password Managers: What Startups Need to Know
Password managers are a great tool. They help teams avoid reusing weak passwords, keep track of dozens (sometimes hundreds) of logins,...
Lucas Daniels
Sep 42 min read
2.7 Million Dialysis Patients Had Their Data Stolen, What Startups Can Learn
This is a cautionary tale for founders and GRC leads: DaVita, a major kidney dialysis provider, was hit by a ransomware attack that...
Lucas Daniels
Aug 283 min read
When Government and Police Email Accounts Are Up for Sale Underground (And What Startups Should Do About It)
Imagine a hacker buying a genuine .gov or .police email account for as little as $40 and using it to trick your team into opening malware...
Lucas Daniels
Aug 213 min read
How Royal and BlackSuit Ransomware Operated, and How You Can Stop Attacks Like Theirs
You might be familiar with Blacksuit , the successor to royal, who defrauded 450 victims of over $370m since mid 2023 via Ransomware ....
Lucas Daniels
Aug 143 min read
Thorium by CISA: Why Startups Should Sit Up and Pay Attention
This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released Thorium , a powerful open-source platform for...
Lucas Daniels
Aug 73 min read
DMARC is coming!
🚨 Heads up: Microsoft is enforcing DMARC policies by 5th May 2025. If you don't want your emails being delivered to the junk folder,...
Dan Steel
Apr 172 min read
What is a Fractional CISO, and Does Your Business Need One?
If you run a small business or startup, you know that cybersecurity is important—but hiring a full-time Chief Information Security...
Dan Steel
Feb 173 min read
How Long Does ISO 27001 Certification Take, and What Does It Cost?
The most common questions I'm asked by small business or startups thinking about ISO 27001 certification are of course: how long will it...
Dan Steel
Feb 133 min read
How to not get scammed! 🦹🏻♂️ A guide to preventing social engineering.
I've recently delivered an awareness session for a client on how to prevent social engineering. Social engineering is one of my all time...
Dan Steel
Feb 112 min read
Understanding the Internal Audit Requirement of ISO 27001: A Friendly Guide for Startups, Small Businesses, and Charities
Hello there! If you’re reading this, you’re probably on the exciting (and sometimes daunting) journey of ISO 27001 compliance. Whether...
Dan Steel
Aug 8, 20244 min read
Demystifying ISO 27001 Compliance: Your Startup's Path to Security Success
Hey there, fellow startup innovators! 🚀 At Steel FYI, we know that navigating the world of information security can feel overwhelming,...
Dan Steel
Jun 3, 20244 min read
Dungeons, Dragons, and Data Security
Security is a solved problem. We broadly know the things we need to do. We've seen what technology works and what doesn't (spoiler alert,...
Dan Steel
Apr 10, 202411 min read
bottom of page