Innovation versus infosecurity

Innovation versus infosecurity

Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.

Cloud security for the 'everywhere enterprise'

Cloud security for the 'everywhere enterprise'

As mobility introduces changes in workplace dynamics, Charles Milton looks at how to shift power in favour of the CISO while securing the borderless enterprise.

Is your summer intern more prepared than you?

Is your summer intern more prepared than you?

Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.

Botnet takedowns: are they worth it?

Botnet takedowns: are they worth it?

Botnet takedowns make good headlines and earn kudos for law enforcement and companies like Microsoft but are they worth the time and effort, asks Dan Holden.

Top of the app charts - Shuabang: automated malware made in China

Top of the app charts - Shuabang: automated malware made in China

Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.

Putting people at the heart of your IT policy: Five tips to get it right

Putting people at the heart of your IT policy: Five tips to get it right

IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.

The future of password managers

The future of password managers

Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.

How overcoming security challenges improved customer experience

How overcoming security challenges improved customer experience

In the age of connected objects, social networks, smartphones and new consumer behaviours, the IT security department has an increasingly important role for enterprises across all sectors, says Thierry Bettini.

Securing Hadoop - inflating the life rafts for big data lakes

Securing Hadoop - inflating the life rafts for big data lakes

New platforms such as Hadoop are pushing IT professionals to find innovative solutions to ensure data security, says Greg Hanson.

The applicability of ISO 27001 across industries

The applicability of ISO 27001 across industries

Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.

Data breach alert: the rising threat of contractors

Data breach alert: the rising threat of contractors

With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.

With our data under threat, it's time to set security in for the long-term

With our data under threat, it's time to set security in for the long-term

Responsibility for securing data is now increasingly shifting towards the board leading to a change in role for the IT department, says Terry Greer-King.

Smelling an mRAT: Defeating targeted attacks on enterprise mobiles

Smelling an mRAT: Defeating targeted attacks on enterprise mobiles

Commercial mobile surveillance kits are a growing security threat. Michael Shaulov looks at the scale of mRAT infestations, and how to avoid them.

Look beyond the darknet to manage supply chain risk

Look beyond the darknet to manage supply chain risk

Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company, says Tim Ramsey.

Facing up to the end of Windows Server 2003

Facing up to the end of Windows Server 2003

Don't end up as the weakest member of the herd following the end of official support for Microsoft Windows Server 2003, says Ian Trump.

Mobile fraud: a reality check

Mobile fraud: a reality check

Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.

How relevant is Cyber Essentials to your business proposition?

How relevant is Cyber Essentials to your business proposition?

Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.

Is Bitcoin the answer to fraud?

Is Bitcoin the answer to fraud?

As Bitcoin grows in popularity, could the crypto-currency be the solution to online fraud, asks Akif Khan.

The future of security is in the cloud

The future of security is in the cloud

Paul Lipman explains why he thinks that the cloud offers a way forward for securing the complex interconnected world.

Ensuring your security policy works

Ensuring your security policy works

Alex Vovk explains how to leverage security policy and ensure it's performing correctly to prevent a data breach.

Harvard hacked: the impact of educational cybercrime

Harvard hacked: the impact of educational cybercrime

University networks are becoming increasingly more attractive targets, as witness last week's attack on Harvard University in America, says James Burns.

Macro malware epidemic returns

Macro malware epidemic returns

The return of a decade-old attack vector, the malicious macro, requires a granular, policy-based approach to managing email at the gateway, says Greg Sim.

Security considerations when taking iPad POS mainstream

Security considerations when taking iPad POS mainstream

Businesses of all sizes have begun to consider iPad POS as a viable option, but what are the security implications, asks Josh Smith.

Last Word: Cyber-blackout - The dangers within and without the grid

Last Word: Cyber-blackout - The dangers within and without the grid

Utilities face thousands of cyber-attacks every day, but we are not prepared for a successful take-down despite the very real threat says Oliver Eckel

THREAT OF THE MONTH: Cryptolocker

THREAT OF THE MONTH: Cryptolocker

The world of data breaches - and how to avoid being part of it

The world of data breaches - and how to avoid being part of it

Norman Shaw looks at the causes of data breaches, what it costs and what the market needs to consider in order to protect itself.

Rombertik: what you should know about the evolution of destructive malware

Rombertik: what you should know about the evolution of destructive malware

Protecting yourself against malware that's aware of anti-virus programs and can self destruct to avoid detection is tricky, says Corey Nachreiner.

EU relaxes Data Protection Regulation reform

EU relaxes Data Protection Regulation reform

Less stick more carrot: EU relaxation of Data Protection Regulation reform is a positive development, says James Henry.

How to get IT to eat its vegetables

How to get IT to eat its vegetables

Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.

How to safely enable Microsoft Office 365

How to safely enable Microsoft Office 365

How can businesses enable Office 365 and its rich ecosystem of supporting apps securely without risking security issues or data loss, asks Eduard Meelhuysen.

BoE email leak: how to solve a problem like human error

BoE email leak: how to solve a problem like human error

Alexander Pope said, "To err is human; to forgive, divine." Could he have been thinking of the infamous Bank of England email leak when he said that, asks Rainer Gawlick.

IT enablers: How CIOs can make the move from gatekeepers

IT enablers: How CIOs can make the move from gatekeepers

Cloud computing is no longer in the sole charge of the IT team as organisations vie to take advantage of new cloud services, says Ian Finlay.

The Sally Beauty hack: a cautionary tale we should all learn from

The Sally Beauty hack: a cautionary tale we should all learn from

The problem with targeted attacks, of course, is that they are designed to stay hidden, as we learned from a recent hacking case, says Kev Pearce.

Cyber-security industry needs benchmarks for access risk

Cyber-security industry needs benchmarks for access risk

Wave upon wave of data breaches are putting company IT security measures under the microscope worldwide, says Chris Sullivan.

The need for industry standards in the fight against cyber-crime

The need for industry standards in the fight against cyber-crime

The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.

Securing your organisation from insider threats

Securing your organisation from insider threats

Living in a networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks, says Salo Fajer

Why a company's greatest vulnerability is its people

Why a company's greatest vulnerability is its people

While Snowden, high-profile data breaches and hacking dominate the headlines, the more pernicious risk to business continues to be simple human error, says Tony Pepper.

Identity management in the new frontier

Identity management in the new frontier

Identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy, says Andrew Thomas.

'Need-to-know' strategy does not pass muster in cyber era

'Need-to-know' strategy does not pass muster in cyber era

Defenders in the cyber-domain need to abandon the Cold War principle of 'need-to-know' - a gratifyingly simple but effective maxim, says Alister Shepherd.

Holborn fire underscores need for business continuity planning

Holborn fire underscores need for business continuity planning

According to the old adage, failing to plan is planning to fail, and as Matt Kingswood says, recent events in Holborn, London are a timely reminder of what can happen.

Using HSMs to prevent RansomWeb attacks

Using HSMs to prevent RansomWeb attacks

Prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security, says Paul Hampton.

Unexpected obstacles on the road to maximising information value

Unexpected obstacles on the road to maximising information value

Despite the objective of releasing greater business value from information, most businesses prioritise locking it down, says Sue Trombley

Securing the contact centre from the inside out

Securing the contact centre from the inside out

Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk

'The best defence is a good offence' in evolving security, networking market

'The best defence is a good offence' in evolving security, networking market

Dieter Lott discusses the security and networking solutions market and how organisations should be adopting a new proactive approach to security breaches given that IT infrastructure is in a constant state of change.

Teach children to hack ethically to save them from dark side

Teach children to hack ethically to save them from dark side

Teach children to code and, yes, even to hack so they learn about the power and potential perils of the internet, says Nick Banks.

Protecting your assets from the front lines

Protecting your assets from the front lines

Patrick Peterson examines why organisations need to focus on both external and internal assets to address the phishing threat.

Tracking the cyber kill chain: 'spot and block' no longer enough

Tracking the cyber kill chain: 'spot and block' no longer enough

It must be hard as an IT security professional not to feel overwhelmed by the sheer scale and sophistication of the threats facing your organisation, as the language used to describe modern cyber-attacks has become increasingly militaristic.

Living with the enemy

Living with the enemy

Preference for technical solutions, rather than organisational change is resulting in over-investment in stopping cyber-attacks rather than detecting attacks and defending data says James Henry.

Cyber-insurance: no replacement for locks on doors

Cyber-insurance: no replacement for locks on doors

Companies should build a holistic and forward-looking cyber-security programme capable of forecasting potential security threats and alleviating those risks before they cause serious damage says Piyush Pant.

What the next government's cyber-security policy should look like

What the next government's cyber-security policy should look like

The new government needs a new cyber-security policy as a priority - with sufficient resources - and drawn up by people with a good understanding of the issues, says Raimund Genes.

Why Geofencing will become the next endpoint security innovation

Why Geofencing will become the next endpoint security innovation

Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network explains Roman Foeckl

Cybersecurity requires stealth, patience and resources on a global scale

Cybersecurity requires stealth, patience and resources on a global scale

We must monitor cyber-criminal connections to follow attackers back to their source and have mechanisms − technical or legal − to stop them resuming their activities elsewhere says Neil Campbell.

THREAT OF THE MONTH: Komodia libraries

THREAT OF THE MONTH: Komodia libraries

Debate: is your money safe online?

Debate: is your money safe online?

Jen Andre and Cameron Camp debate online financial security

2 minutes on: UK bangs the drum for cyber-insurance

2 minutes on: UK bangs the drum for cyber-insurance

Cyber-insurance is the new go-to for large corporations trying to defend themselves from data breaches, but the UK is lagging behind - and that is something the government wants to fix.

Last word: prepare for the end - of MS Extended Support

Last word: prepare for the end - of MS Extended Support

MS Windows 2003 servers (WS2003) reach end of life on 15th July 2015 - but don't panic! They'll still operate in the same way, but could become more susceptible to cyber-attack warns Kevin Linsell

Extracting the weak link in password protection

Extracting the weak link in password protection

Removing human interaction with passwords and automating their selection and frequency of change is certainly a step in the right direction says Richard Walters.

Is your cyber insurance fit for purpose?

Is your cyber insurance fit for purpose?

Due to the complexities of IT security, achieving clarity on cyber-insurance policies is going to be a growing challenge says Rowland Johnson

What immediate action should an SME take to stop a hacker?

What immediate action should an SME take to stop a hacker?

SMEs need to be aware of the risks faced, whilst implementing quick and easy protective measures that will make them more secure than the average victim says Chema Alonso

Taking a trip of discovery into the unknown

Taking a trip of discovery into the unknown

Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.

Governments need to protect industry from cyber-espionage - and some do

Governments need to protect industry from cyber-espionage - and some do

Public-private partnerships in cyber-security are needed with governments helping protect their private sector from cyber-espionage - as demonstrated in Finland and Israel

Attention, criminals: DMARC will not get your spam delivered

Attention, criminals: DMARC will not get your spam delivered

Time to set the record straight on email authentication: DMARC won't get spam into the inbox, says Rob Holmes

Securing data where it matters most

Securing data where it matters most

Building a database security strategy is the first step for a company in ensuring security has been addressed inside out says Alan Hartwell.

Fingerprint technology far from foolproof for banking apps

Fingerprint technology far from foolproof for banking apps

A new approach to mobile user protection should focus on self-defending apps that provide an integrated, dedicated and secure solution to cyber-crime threats suggests Tom Lysemose Hansen

Government security initiatives: is the message getting through?

Government security initiatives: is the message getting through?

We need to see all results of government initiatives - both positive and negative - if industry, and especially SMEs are to act on them says Alan Carter.

Alert fatigue: When your security system cries 'wolf.'

Alert fatigue: When your security system cries 'wolf.'

Too many false positives inevitably reduce response times - and even response numbers - so raise the verification bar and thereby limit them says Chandra Sekar.

Organisations are compromised - time to Respond!

Organisations are compromised - time to Respond!

In the wake of successful cyber-attacks, and security incidents taking down some of the biggest brands on the planet, impacting critical infrastructure and banking systems alike, it may be asserted that, when it comes to technology, by evidenced implication, it would seem to be exposed, fragile and vulnerable.

Spear Phishing: Extracting the sting from infected documents

Spear Phishing: Extracting the sting from infected documents

Targeted emails with infected attachments are the hacker's weapon of choice but there are ways to avoid being spiked by spear phishing says Noam Green.

You think you've nothing to steal? Hackers don't agree.

You think you've nothing to steal? Hackers don't agree.

Few understand the value of their website to hackers says Ilia Kolochenko, warning that even an individual blog is potentially at risk.

Prison escape via mobile phone highlights social engineering vulnerability

Prison escape via mobile phone highlights social engineering vulnerability

A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.

Network visibility can prevent you from being the next cyber-security headline

Network visibility can prevent you from being the next cyber-security headline

Better understand what's happening on your network and you'll be better prepared to tackle hostile intruders says Corey Nachreiner.

Five steps to creating a secure software defined environment

Five steps to creating a secure software defined environment

Security is needed everywhere within the software-defined data centre as physical security is no longer an adequate defence against current threats says Dr Gerhard Knecht.

Cloud app ecosystems and what they mean for enterprise data

Cloud app ecosystems and what they mean for enterprise data

Unsanctioned subsidiary Apps are coming into the enterprise via sanctioned 'anchor' apps - with 35.1 percent of all app sessions occuring across four main ecosystems of Box, Dropbox, Google Apps, and Salesforce explains Rajneesh Chopra.

Cyber snipers: are you the target?

Cyber snipers: are you the target?

IT staff have greater access privileges - and ironically, even more so when they are junior - making them worthwhile researching by spear-phishers warns Kev Pearce.

A global tour of data regulation

A global tour of data regulation

We're all potentially in the global data market now, so do your research, ensure you know your market, and take every preventative step you can says Jonathan Armstrong.

Force Majeure - insurance for cyber-warfare?

Force Majeure - insurance for cyber-warfare?

Relying on cyber-insurance when your defences are actually negligent will increasingly become unsustainable - and unavailable - says Philip Lieberman.

The second coming of DLP: Learning lessons from the past

The second coming of DLP: Learning lessons from the past

2015 could be the year of DLP, argues Guy Bunker.

Keep your friends close... but your insiders closer

Keep your friends close... but your insiders closer

A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.

The true cost of false positives

The true cost of false positives

Implement a structured response with automated systems to bring down the cost of chasing false positives says Brian Foster.

Wiping the flaws: Why it's time to get smarter about patch management

Wiping the flaws: Why it's time to get smarter about patch management

Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.

Are digital loss prevention and signature-based anti-virus living on borrowed time?

Are digital loss prevention and signature-based anti-virus living on borrowed time?

Should fingerprint-based data leakage protection be declared dead asks Peter Tyrrell, suggesting it just doesn't scale for the hyper-connected world.

Change management - security vulnerability or scapegoat?

Change management - security vulnerability or scapegoat?

IT security issues continue to hit critical services, but do we, the public, ever know for sure if they are due to error, system failure, or an attack?

2 minutes on... CISO: The balancing act?

2 minutes on... CISO: The balancing act?

CISOs are increasingly being asked to take on greater management responsibilities, but are they subsequently being divorced from their firm's true security maturity?

How does PCI DSS 3.0 affect you?

How does PCI DSS 3.0 affect you?

Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.

Turning the tide on APTs and nation state attackers

Turning the tide on APTs and nation state attackers

Deal with APT intruders logically, not emotionally, and get the upper-hand - even if that means leaving them on the network says Mike Auty,

Ensuring mobile data remains secure

Ensuring mobile data remains secure

Containerisation - separating business and personal data and apps - is an effective way to ensure BYOD doesn't compromise corporate data security says David Brady.

Securing remote Access with token-free authentication

Securing remote Access with token-free authentication

Token-free, multi-factor authentication using mobile phones provides the real-time convenience and flexibility that today's work environment requires says Torben Andersen.

How BYOD and collaboration trends solve corporate incident management

How BYOD and collaboration trends solve corporate incident management

Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.

Smart TVs, wearables and sheep: online and hackable

Smart TVs, wearables and sheep: online and hackable

As the internet of things rolls out into every aspect of our lives, new security issues will arise, and regulators need to ensure minimum standards apply says Geoff Webb.

Software-defined defences - keeping the cyber-risk at bay

Software-defined defences - keeping the cyber-risk at bay

Combatting tomorrow's cyber-security threats with yesterday's flawed technology approach is an unreliable strategy, says John Suffolk.

Lies, damned lies and statistics

Lies, damned lies and statistics

Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.

Is BYOD a four-letter word in your organisation?

Is BYOD a four-letter word in your organisation?

Decide on your mobiles policy, then choose the technology that allows that policy to be delivered says Sergio Galindo.

Driverless vehicles and digital trust

Driverless vehicles and digital trust

Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell

War of the hacktivists

War of the hacktivists

As terrorist sympathisers hack non-military sites, and oppenents hack back, we are all now potential targets says John Walker.

Cyber-security: changing the economics!

Cyber-security: changing the economics!

The economics of cyber-crime make your network an attractive target. Change the economic incentive and you'll reduce the threat says Guarav Banga.

What the software defined data centre means for IT security

What the software defined data centre means for IT security

If you don't understand what the benefits of a software-defined data centre are how are you going to know how to secure it asks Kevin Linsell.

PCI DSS 3.0, responsibility and protecting against third party access

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

Who could deny that spies now use covert spyware?

Who could deny that spies now use covert spyware?

A good spying programme in the 21st century cannot exist without good covert spyware. So it's time to put a military discipline behind defending our state IT infrastructure says Ralf Benzmüller.

What data jurisdiction means for cloud providers: Satisfy local, grow global

What data jurisdiction means for cloud providers: Satisfy local, grow global

New data sovereignty regulations should not be seen as an obstruction, but as an opportunity to increase market share with innovative offerings says Cameron Burke.

Sound and webcam loggers

Sound and webcam loggers

Every sensor has the potential to be used for malicious logging - and anti-virus based systems aren't an effective defence says Janusz Siemienowicz who adovcates monitoring of behaviour.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US