.png?width=55&height=41&name=conosco_icon_lightbg%20(1).png "conosco_icon_lightbg (1)"){kind=icon}
What is ISO42001?
Artificial intelligence (AI) has seamlessly woven itself into the fabric of most organisations, often emerging as a practical tool rather than through a deliberate strategy. Technologies are usually adopted based on their immediate utility, rather than being subject to formal governance frameworks. …
AI Governance may not be sexy, but it needs addressing
AI is already out of control in most organisations. Not because the technology is dangerous, but because leadership has allowed it to spread without ownership, rules, or visibility. Staff are pasting sensitive information into ChatGPT, Claude, Perplexity, Grok, and whatever comes next because it is …
The AI Problem
Artificial intelligence (AI) is no longer just a theoretical concept; it's now an integral part of our daily work lives. In organisations across the UK, people are engaging with a variety of AI tools, including copilots, chatbots, coding assistants, automated workflow solutions, and decision support …
Project management for technology projects that protects the budget
Most organisations can manage day-to-day change in-house. The trouble starts when the work crosses vendors, sites, or business units. At that point, project management for technology projects becomes a specialist discipline.
What a Good Penetration Test Report Should Deliver
Anyone who has ever paid for a penetration test knows the anticipation. You wait weeks to receive a comprehensive PDF filled with screenshots and urgent red text. Then, you dedicate months to transforming this information into actionable tickets, clarifying priorities, advocating for essential chang …
Passkeys in the real world
Passwords represent one of the weakest forms of security that we continue to rely on. They are easy to forget, easy to steal, and costly to manage. Every phishing breach, every instance of credential stuffing, and every password reset request serves as a reminder of a broken system we have come to a …
Long Read: NCSC 2025 Review: What CIOs Must Do as Major Attacks Surge
Empty shelves at M&S were not the real warning sign. The 50 per cent rise in nationally significant attacks was.
Deepfakes, voice clones, and AI-written lures
European Cybersecurity Month highlights social engineering for good reason. Attacks now target people more than code. Even a cloned voice or a routine approval process can lead to failures, despite having good controls in place. These issues can be avoided only if leadership recognises social engine …
Your supply chain just got stronger
Cyber Essentials Renewed Conosco has renewed Cyber Essentials Plus for another year, with the new certificate issued this October. The assessment confirms that core controls are in place, operating correctly, and applied to real devices across the environment that underpins client services. That inc …
How social engineering actually breaks a business
European Cybersecurity Month highlights social engineering for good reason. Attacks now target people more than code. Even a cloned voice or a routine approval process can lead to failures, despite having good controls in place. These issues can be avoided only if leadership recognises social engine …
Windows 10 end of support: what actually happens on 14 October 2025
Windows 10 support ends on Tuesday, 14 October 2025. That switch does not power off devices; it changes the risk. Security updates for Windows 10 stop, which means exploits widen, and insurers, auditors, and procurement officers will ask more complex questions. Microsoft is clear about what ends, an …
Penetration testing for first-timers: how to know if you need one
Most first Penetration Testing projects are bought for the wrong reason. A client asks for a certificate, cyber insurance tightens its wording, or a board member reads about an incident and wants reassurance by quarter-end. Penetration Testing is most effective when it is risk-driven and well-scoped …