Business
Dissecting UK cybersecurity: The categories you need to know

By Richard Yew, Senior Director, Product Management – Security at Edgio
Cybersecurity has diversified with businesses constantly trying to counter the ever-increasing number of new threats. Budgets often do not increase at the same pace and the industry remains plagued by a shortage in personnel resources.
Today, 40% of Brits working from home and shopping is more popular in the UK than in any other country. The cybersecurity risks associated has left businesses with a sprawling landscape to keep secure.
Understanding the cybersecurity solutions to choose in such a diverse market can be incredibly challenging. Areas that are non-negotiable in this post-pandemic landscape are Endpoint Security, Managed detection and response (MDR) and holistic Web Application and API Protection (WAAP).
These areas are foundational to any cybersecurity programme, and each has a role to play in keeping organisations protected.
Endpoint security
Endpoint solutions focus on defending endpoints including mobile devices, laptops, Internet of Things (IoT) devices, point-of-sale (POS) systems, or simply any device that connects to a network. Any endpoint can be an attack entry point, and with over 29 billion IoT devices forecasted to be in operation by 2030 the scope for risk will double. This means that businesses of any size can find themselves vulnerable to a cyberattack.
It can be challenging to deploy endpoint protection effectively with a diverse mix of device types, operating systems, with many companies having the additional burden of supporting bring your own device (BYOD) policies. Nevertheless, endpoint protection platforms are always evolving to detect malicious activity and prevent file-based malware attacks, while allowing security engineers to investigate and respond to incidents, wherever necessary. As endpoints are a wide entry point into an organisation from which attackers often aim to move laterally, effective endpoint protection is essential for organisations of any size.
Management detection and response (MDR)
An element of cybersecurity that combines human and technological expertise, management detection and response (MDR) is a service that typically covers monitoring, response, and cyber threat hunting. MDR reduces the strain on internal staff and the alert fatigue they often face, instead allowing experts to monitor devices, applications and networks remotely to keep these systems secure, and respond quickly when under attack.
This combination of technology and services works in tandem with in-house IT and DevSecOps teams, providing mature capabilities in observation, detection, and response, ultimately lowering risk and allowing companies to focus more on their core business. Given a global shortage of around 3.4 million cybersecurity professionals, MDR is a great way for organisations to gain round-the-clock cybersecurity support they need, without the high CapEx for new staff (which are very hard to hire and retain).
Managed Security
Much like MDR, security as a service (SECaaS) outsources cybersecurity to remote experts. However, this solution is a cloud-delivered model at its core and is hosted by cloud providers. Thanks to this, SECaaS has soared in popularity, offering lower costs than in-house investments and scaling to handle any cybersecurity demands.
As SECaaS works on a subscription basis, businesses only need to pay for the services they need, when they need them. Outsourcing security frees up resources and gives internal IT teams the time and confidence to work on other projects. Hosted in the cloud, SECaaS also allows organisations to access the latest security tools, patches, and updates immediately, with no need for onsite deployment and extended downtime. SECaaS is a great option for organisations that want to completely outsource their cybersecurity and move to the cloud.
Web Application and API Protection (WAAP)
Web applications provide critical services and experience for customers and employees alike. Besides endpoint devices mentioned earlier, they also represent an expanded threat vector for attackers to exploit. In fact, for several years running, web applications have been the top vector across all data breaches according to Verizon’s Data Breach and Investigations (DBIR) report. For this reason, having a holistic web application and API protection (WAAP) solution with multiple layers of protection for an organisation’s networks and web infrastructure becomes critical.
WAAPs provide protection against a wide range of critical threats targeting high value websites and applications, including injection and remote code execution (RCE) attacks, malicious bots attempting account takeover (ATO), or ransomware DDoS attacks, just to name a few. An effective WAAP protects against these types of evolving threats and many more.
There are some critical elements to a WAAP offering. First, find integrated solutions that can be managed from a single pane of glass. A configuration information, as well as analytics, all in one console reduces complexity that can lead to misconfigurations, while also making it easier for security teams investigating incidents.
Parsing logs from separate solutions and consoles is difficult. A Gartner survey conducted in 2022 found that 75% of organisations plan to consolidate security tools, with most respondents agreeing, less complexity leads to a stronger security posture.
Second, make sure to consider WAAP solutions that scale with your business, and with attacks. It’s important to consider that point solutions, while often providing innovative best-of-breed features, generally run on smaller, more centralised networks. API integration makes these tools easy enough to set up, but they add latency – detection requires an additional hop to a cloud decision engine.
Furthermore, the networks they run on are relatively small compared with edge/CDN-integrated security. This becomes important if you are targeted by a large-scale automated attack, such as DDoS. Lastly, it’s important to choose a WAAP solution with simple, predictable pricing. You never know when an attack will happen- you just know it will. Look for vendors that don’t charge you extra when you’re under attack. Reputable vendors take their customers’ security very seriously, but it feels pretty bad to get hit with an unexpected, large bill even after effectively mitigating a major attack. But there are options out there now, should you wish to lock in predictable pricing, aligned to your best interests.
Cybersecurity from the start
It cannot be ignored by any business. It can be daunting, but understanding the difference in solutions is critical for businesses.
From endpoint security and MDR to WAAP, each service provides an important set of security reassurances. Work with a reputable, trusted partner that can put your mind at ease – no matter the solutions you choose to implement.
You may like
Business
Innovation in banking must go hand in hand with security, and here’s why

Dean Clark, Group Chief Technology Officer for GFT
The banking sector is transforming more and more, with banks under pressure to meet customers’ evolving expectations. This means that even the most traditional institutions have to move away from legacy systems and adopt modern technologies such as cloud computing and AI. The aim of this shift is not just to keep pace with digital-native competitors, but also to improve operational efficiency and deliver better customer experiences.
However, innovation brings new challenges. Transitioning from centralised mainframes to cloud-based platforms is a complex process that can’t happen overnight. Amid this transformation, banks must ensure that security remains a top priority. Striking the right balance between modernisation and robust security is essential to building and maintaining consumer trust in the digital age.
Balancing agility with security
Multicloud is a key component of digital transformation strategies in the financial sector. Many banks are relying on hybrid multicloud to modernise and keep up with the evolving tech landscape. In the meantime, new digital banks are launching entirely on cloud-native platforms, which helps support agility and scalability from day one.
Cloud technologies offer many advantages, including improved performance, flexibility and faster innovation. However, despite these benefits, they do come with security challenges. Cloud infrastructure, often built and managed using Infrastructure as Code (IaC), can include some vulnerabilities and give an entry point into a bank’s system to malicious actors. As such, ensuring that IaC adheres to best practices is essential to avoid misconfigurations or exploitable vulnerabilities as early as possible.
The protection of consumer data must also be central to any digital transformation strategy. Security must be deeply embedded not only in backend infrastructure but also in the user-facing layers such as web portals and mobile applications. This is critical to maintain consumer trust and improve retention.
Why a unified security platform is essential
When undergoing digital transformation, financial institutions need a unified security solution to help streamline the security management process by having all the necessary tools in one place. In fact, a unified security solution is built on three interconnected pillars. First, security must be embedded directly into development pipelines. This integration helps identify and mitigate risks and misconfigurations early, before they can impact production. Second, through continuous monitoring and management of cloud assets, banks can gain more visibility and control over their security posture. Third, runtime protection safeguards cloud workloads, web applications and APIs through tools like cloud threat detection, host security, container security, serverless security, and web application & API protection. Together, these pillars help to establish a robust security framework. This way, digital banks can minimise risks, streamline operations and ensure compliance with regulatory demands.
The benefits of ‘zero trust’
Modern cloud-native banks rely on ‘zero trust’ security models more and more. ‘Zero trust’ refers to the principle according to which every request to access an organisation’s system should be carefully reviewed. This means that no user or system is trusted by default. They’re all subject to identification and authentication checks. This helps set clear boundaries between the applications the users are accessing and the resources available in the cloud. And even after access has been granted, all activity is monitored on an ongoing basis to identify potential malicious behaviour that could compromise digital banking systems. This continuous verification enhances visibility into potential threats and facilitates compliance with regulatory standards.
To further reinforce security, mutual transport layer security (TLS) can be implemented as a core design principle, enabling secure authentication with third-party entities over the internet. By adopting such measures, digital banks can build a resilient security foundation that safeguards against evolving threats whilst preserving customer trust and operational integrity.
The example of Salt Bank
Salt Bank is a next-generation digital bank launched in Romania. It serves as a good example of a financial institution that embedded security into its digital banking platform from the start. Salt Bank was built and launched in under 12 months, showcasing the power of an approach to innovation that heavily relies on security.
Salt Bank implemented a range of advanced security measures, including zero trust architecture, threat modelling, cloud security posture management, and automated security operations, guided by this security-by-design philosophy. These tools helped the bank implement a strong defence against cyber threats whilst still focusing on improving customer experience.
Central to Salt Bank’s strategy was Engine by Starling, a SaaS platform designed specifically for digital banking, paired with Palo Alto Networks’ Prisma Cloud. Prisma Cloud played a key role in securing the bank’s cloud infrastructure, offering capabilities such as misconfiguration monitoring, risk detection, remediation and compliance management. Together, these technologies provide a unified and efficient approach to managing security in a complex cloud environment.
The future of modern banking is all about security
As digital transformation accelerates across the financial sector, companies must keep security at the top of their agenda. Whilst innovating is key to keeping up with evolving trends and changing customer expectations, it can’t be done without prioritising security. If security isn’t embedded in every layer of an organisation’s digital infrastructure, vulnerabilities may be introduced within the system and easily exploited by malicious actors. And once cyber attackers are in the system, everyone knows it can lead to chaos.
But security isn’t just for defensive purposes, it’s also a strategic advantage. In a climate of growing digital distrust, the most secure bank doesn’t just win compliance, it also wins customers. By choosing to turn advanced security into a visible product feature, not just an internal practice, banks can build marketable trust and differentiate from fintech challengers who may cut corners in pursuit of speed.
Business
Why heat pumps are the future of heating and cooling

Drew Tozer
We live in a technologically advanced world with artificial intelligence, electric cars, and advancing space travel.
But our primary strategy for heating homes is still “burning stuff”.
We pump gas, propane, or oil into a traditional furnace and light the fuel on fire to keep houses warm. It’s an archaic solution—like sending a fax instead of an email.
Furnaces are popular because the majority of HVAC is replaced in emergency “no heat” situations. The default option becomes a like-for-like replacement (swapping an old furnace for a new furnace) because it’s quick and easy.
HVAC is a top 5 most expensive purchase that a homeowner will make in their lifetime, and we rush the decision by ignoring equipment until it breaks.
Choosing the right HVAC system is an opportunity to improve homes. HVAC is the biggest factor for indoor comfort and air quality, and the chance to pick the right system only comes around every 15 to 20 years.
Heat pumps operate like two-way air conditioners. In the winter, they take heat (energy) from the outside air and use it to heat homes.
So, what makes heat pumps the right decision?
Because electric products are just… better
Consumer experiences matter, and electric products create better experiences. The quality of electric appliances (like heat pumps, electric vehicles, induction cooking, and electric yard tools) surpassed gas alternatives in recent years.
For now, there continues to be a place for gas appliances in niche situations. But the overwhelming consensus is that electric products are better than gas products
A few examples:
- Oversized furnaces are the primary cause of comfort issues. Heat pumps are the direct solution—they can be properly sized to match the heating and cooling needs of a house, improving comfort and eliminating hot and cold rooms.
- EVs are more fun to drive, while being quicker, quieter, more convenient, and lower maintenance. The stress of “range anxiety” has largely disappeared with better infrastructure and battery performance.
- Electric yard tools are quieter, safer, and lower maintenance than gas tools.
- Gas stoves increase the risk of asthma in children. Induction is safer and healthier while offering similar control and faster boiling times.
The performance gap of electric over gas is growing. Every generation of electric products takes a leap forward while gas appliances stay largely the same.
Over the last decade, gas furnaces have increased from 90% to 97% efficiency. That’s the only change.
By comparison, cold climate heat pumps achieve efficiency ratings above 300% by moving heat instead of burning fuel to create heat. Heat pumps continue to improve, both in efficiency, reliability, and cold weather performance. They’re a proven success in cold climates like Canada, Sweden, Denmark, and Norway.
Heat pumps can also be sized to provide the right amount of heating and cooling at any given time, and the lack of combustion eliminates the risk of carbon monoxide poisoning, gas leaks, and explosions.
A sustainable world is an electric world
The cost of ignoring climate change continues to grow.
There’s no way around it. Ignoring climate change won’t solve it.
The frequency and severity of wildfires in North America are a key example. Large parts of the US are becoming uninsurable as the damage risk becomes untenable for banks and insurance companies.
These aren’t political choices, it’s the free market working: climate change is bad for business.
When we choose to not take action, it increases pain and suffering without decreasing the economic burden. We’ll have to implement the same solutions, but we’ll have to pay more to rebuild and replace more infrastructure and homes along the way.
Delaying action is the more expensive choice.
Heat pumps are part of the solution because they create a path to sustainable heating. They can be powered by renewables, either on-site or within grids.
We have access to the cheapest source of electricity in human history: solar. We choose not to embrace and scale renewables for political reasons. It’s a people problem, not a technical one.
We’re fortunate that the sustainable option (heat pumps) is also the choice that improves the comfort, health, and safety of homes.
Energy (in)dependence matters
Heat pumps and renewables allow homeowners and countries to heat and power their homes with local energy. It makes homes and communities resilient against geopolitics and global energy costs.
A house can be entirely energy independent by combining a heat pump and electric appliances with rooftop solar and battery storage.
Conversely, you can’t extract and refine oil in your backyard. If you rely on combustion heating, then you’re dependent on the person or country that supplies your oil and gas. A situation that played out with Europe’s reliance on Russian gas.
In the tenuous landscape of global politics, energy dependence is a risk.
Heat pumps are the future of heating and cooling because they create a path to sustainable heating powered by renewables. They create comfortable, healthy, sustainable homes that benefit from energy independence and improve consumer experiences.
Business
What can the West learn from the Arabian Gulf’s payments revolution?

Hassan Zebdeh, Financial Crime Advisor at Eastnets
A decade ago, paying for coffee at a small café in Riyadh meant fumbling with cash – or, at best, handing over a plastic card. Today, locals casually wave smartphones over terminals, instantly settling the bill, splitting it among friends, and even transferring money abroad before their drink cools.
This seemingly trivial scene illustrates a profound truth: while the West debates incremental upgrades to ageing payment systems, the Arabian Gulf has leapfrogged straight into the future. As of late 2024, Saudi Arabia achieved a remarkable 98% adoption rate for contactless payments in face-to-face transactions, a significant leap from just 4% in 2017.
Align financial transformation with a bold national vision
One milestone that exemplifies the Gulf’s approach is Saudi Arabia’s launch of its first Swift Service Bureau. While not the first SSB worldwide, its presence in the Kingdom underscores a broader theme: rather than rely on piecemeal upgrades to older infrastructure, Saudi Arabia chose a proven yet modern route, aligned to Vision 2030, to unify international payment standards, enhance security, and reduce operational overhead.
And it matters, because in a region heavily reliant on expatriate workers whose steady stream of remittances powers whole economies. The stakes for frictionless cross-border transactions are unusually high. Rather than tinkering around the edges of an ageing system, Saudi Arabia opted for a bold and coherent solution, deliberately aligning national pride and purpose with practical financial innovation. It’s a reminder that infrastructure, at its best, doesn’t merely enable transactions; it reshapes how people imagine the future.
Make regulation a launchpad, not a bottleneck
Regulation often carries the reputation of an overprotective parent – necessary, perhaps, but tiresome, cautious to a fault, and prone to slowing progress rather than enabling it. It’s the bureaucratic equivalent of wrapping every new idea in bubble wrap and paperwork. Yet Bahrain has managed something rare: flipping the narrative entirely. Instead of acting solely as gatekeepers, Bahraini regulators decided to become collaborators. Their fintech sandbox isn’t merely a regulatory innovation; it’s psychological brilliance, transforming a potentially adversarial relationship into a partnership
Within this curated environment, fintech firms have launched practical experiments with striking results. Take Tarabut Gateway, which pioneered open banking APIs, reshaping how banks and customers interact. Rain, a cryptocurrency exchange, tested compliance frameworks safely, quickly becoming one of the Gulf’s trusted crypto players. Elsewhere, startups trialled AI-driven identity verification and seamless cross-border payments, all under the watchful yet adaptive guidance of Bahraini regulators. Successes were rapidly scaled; failures offered immediate lessons, free from damaging legal fallout. Bahrain proves regulation, thoughtfully applied, can genuinely empower innovation rather than restrict it.
Prioritise cross-border interoperability and unified standards
Cross-border payments have long been a maddening puzzle – expensive, sluggish, and unpredictably complicated. Most Western banks seem resigned to this reality, treating the spaghetti-like mess of correspondent banking relationships as a necessary evil. Yet Gulf states looked at this same complexity and saw not just inconvenience, but opportunity. Instead of battling against the tide, they cleverly redirected it, embracing standards like ISO 20022, which neatly streamline data exchange and slash friction from global transactions.
Examples abound: Saudi Arabia’s adoption of ISO 20022 through its Swift Service Bureau will notably accelerated cross-border transactions and improve transparency. The UAE and Saudi Arabia also jointly piloted Project Aber, a digital currency initiative that significantly reduced settlement times for interbank payments. Similarly, Bahrain’s collaboration with fintechs has simplified previously burdensome remittance processes, reducing both cost and complexity.
Target digital ecosystems for financial inclusion
One of the most intriguing elements of the Gulf’s payments transformation is the speed and enthusiasm with which consumers embraced new technologies. In Bahrain, mobile wallet payments surged by 196% in 2021, contributing to a nearly 50% year-over-year increase in digital payment volumes. Similarly, Saudi Arabia experienced a near tripling of mobile payment volumes in the same year, with mobile transactions accounting for 35% of all payments.
The West, by contrast, still struggles with financial inclusion. In the U.S., millions remain unbanked or underbanked, held back by distrust, geographic isolation, and high fees. Digital solutions exist, but widespread adoption has lagged, partly because major institutions view inclusion as a long-term aspiration rather than an immediate priority. The Gulf shows that when digital tools are made integral to daily life, rather than optional extras, the barriers to financial inclusion quickly dissolve.
The road ahead
As the Gulf region continues to refine its payment systems experimenting with digital currencies, advanced data protection laws, and AI-driven compliance the ripple effects will be felt far beyond the GCC. Western players can treat these developments as an external threat or as a chance to rejuvenate their own approaches.
Ultimately, if you want a glimpse of where financial services may be headed towards integrated platforms, real-time international transactions, and widespread digital inclusion – the Gulf experience is a prime example of what’s possible. The question is whether other markets will step up, follow suit, and even surpass these achievements. With global financial landscapes evolving at record speed, hesitation carries its own risks. The Arabian Gulf has shown that bold bets can pay off; perhaps that’s the most enduring lesson for the West.

Innovation in banking must go hand in hand with security, and here’s why

Why heat pumps are the future of heating and cooling

What can the West learn from the Arabian Gulf’s payments revolution?

Stealthy Malware: How Does it Work and How Should Enterprises Mitigate It?

How 5G and AI are shaping the future of eHealth
