Blaming cloud providers for giving in to the demands of US intelligence is a naive approach to a complex issue.
Mobile and cloud security, along with insider threats continued to dominate concerns over the past 12 months -impacted by the increased attention resulting from the Snowden revelations and concerns about back doors - but despite these concerns, this year the cloud really did become pervasive.
As the Bring Your Own Device trend continues to grow we are seeing that many people using their smartphones at work are blurring the lines between professional and personal use, which is creating an 'always-on' trend. This change in culture means that now more than ever people find themselves logging on and checking emails and working from home, or even abroad.
The government has done its bit for cyber security - now it's up to businesses to take action, and quickly.
Having a hard time getting security budget approval? Start by being relevant and communicating.
You can't stop change, but you can help define it. SC Magazine has been around for well over 20 years now. And, as the leading information resource for everything cyber security, we've covered it all - from 1992's 'Michelangelo' virus to 1999's 'Melissa' worm to today's APTs, hacktivist attacks, compliance mandates and more.
Shadow IT is an ever growing trend and one that can have a very real impact on a company's data and reputation, departmental spend and efficiency, and even its position as an IT leader.
The rise of mobile in the workplace shows no signs of abating. The trend is largely driven by consumers being used to using mobile devices, from tablets to smartphones, in their everyday lives.
Allen Scott, managing director of F-Secure UK & Ireland, dissects an extensive piece of global research into the cloud to discover the state of the cloud industry in the UK compared with Europe and the rest of the world.
Given the number of publicised high-profile security exploits, it is not unreasonable to expect that everyone involved in IT would be aware of the need to address security fundamentals, yet this does not seem to be the case.
When a term gets boring but is still relevant, it may be time to rebrand it and look at a new way to make it matter and heard.
It's a truism that a business is only as secure as its weakest point, so businesses should have security systems in place because staff members are going to mess up at some point.
Over at Cryptome, the cypherpunks have been busy looking at how the National Security Agency watches us.
As more and more organisations transfer sensitive or confidential data to the cloud, whether it is encrypted or not, important questions about who is responsible for securing and protecting this data are being asked.
Han van Meegeren was born at the end of the 19th Century in the Netherlands and went on to become one of the world's most prolific art forgers.
Whether top brass in the military, or CEO of a company, leaders have a lot in common.
All companies have a duty of care to their customers and employees while ensuring their business runs profitably.
The internet has evolved to become a vast social and interactive space, and with this evolution, new threats have emerged which are designed to target business and users' identity and trust in online services.
Corporate bring your own device (BYOD) growth is prompting enterprises to take a closer look at their networks and their approach to security.
The increasingly shrill headlines on security breaches have made cyber security a top priority among policy makers and in boardrooms.
I was recently speaking with a company about their concerns regarding security and the topic of jailbreak detection came up.
In the world of enterprise security, what used to be a fairly contained universe - with the ability to put effective controls at critical physical and online entry points — is now an exploding, constantly expanding target.
Understanding cloud computing's impact on all aspects of IT is vital, and this requires a broader set of skills and knowledge that meet the rapid evolution of the industry head on.
Using the incident pit technique in the wake of an attack is the best way to see off future threats to your organisation.
Believe an anti-virus vendor's marketing spiel and you might end up with a naff product - so do your homework.
We are always spoilt in April with not only Infosec, but 44Cafe and BSides London too - and this year was another corker.
The effects of leaked personal health information can be exceptionally damaging.
What do we really mean when we talk about 'legacy' systems? The dictionary definition is clear; a legacy is an inheritance or, used as an adjective, it's 'something outdated or discontinued'.
In the IT security and communications markets, it's been difficult recently to escape exposure to what's known as 'lawful interception'.
Between agenda-pushing hacktivists, financially-motivated cyber criminals and spying nation states, there is no shortage of attackers out there breaking into networks, stealing trade secrets and wreaking havoc.
It is easy to be critical of the government when it comes to cyber security, but the truth is that up against attacks, a lack of funding and an increasingly able adversary, what it is achieving is not all that bad.
Identity pollution has created a breeding ground for fraudulent activity.
In a story I did a month ago, I looked at research that suggested that distributed denial-of-service (DDoS) attacks were not being taken seriously at all levels of business.
Have you ever wondered how someone 7,300 miles away without legitimate access to a network can learn more about an organisation than its own employees?
Intellectual property (IP) is no longer safe and businesses are losing their competitive edge as a result.
You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.
The digitisation of all aspects of business and growing volumes of digital storage are causing the global digital forensics industry to expand rapidly.
Visitors to the recent Infosecurity Europe show were bombarded by vendors offering to secure their infrastructures from the outside.
The cloud has been a somewhat nebulous concept for a few years.
Increased media attention on cyber incidents, strong data protection legislation and regulatory interest in security has brought increasing investment and progressive improvement in proactive security within companies.
With the ever increasing threat of cyber crime knocking on one's door, many large organisations are reliant on IT security teams to protect their vast network from attack.
The insatiable consumer appetite for technology and the proliferation of mobile devices in people's personal lives has driven enterprises to adapt their ways of working.
There's no doubt that doing business in this day and age is exciting.
Cyber risk has time and time again been identified as one of the top risks facing organisations, irrespective of their size or industry sector.
We've known that the password hasn't been secure for quite some time.
Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief.
Pay attention to the Macs in your office, especially if they are used by people unaware of the risks they present.
Neither automated analysis, nor the manual reading of Twitter posts, is a useful practice for HR to engage in.
As the number and severity of cyber crimes continues to grow, it is important to understand the actual process an attacker follows when compromising a targeted computer or network.
In early 2012, with the Olympics looming, I was a civil servant trying to explain cyber security issues to more senior civil servants.
Many organisations faced with increasing in-house IT infrastructure and staffing costs look at other organisations with outsourced operations with envy.
The pattern of network and internet usage today is undergoing a tremendous shift that is nothing short of a life style change, demanding a transformation in security capability.
Cloud computing has been taking the IT world by storm - according to recent figures from Gartner, the industry grew by nearly 20 per cent globally last year.
For decades, we have relied on a simple 'two-pronged key' to allow us into virtually any computer system on the planet: the veritable userID/password combination.
Organisations across the UK are of course aware of the need to secure personal and corporate data within their business.
Over the past few years, the IT market has become commoditised, dominated by the larger distributors.
In the past few years, a stunning range of government agencies and prominent corporations have succumbed to stealthy, tailored cyber attacks designed to exploit vulnerabilities, disrupt operations and steal valuable information.
While attending school in Helsinki, I discovered a password 'sniffer' attack in our university network.
The claims in the National Audit Office's (NAO) report are made in spite of recent action taken by the government to develop a robust cyber strategy - including GCHQ's formation of the UK's first academic research institute set up to arm the nation with the necessary tools in the growing struggle against cyber attacks.
Modern attackers, by necessity, have become highly adaptable and customised to avoid traditional security, producing threats that are more sophisticated than ever.
I read this week that one of the One Direction boys was bemoaning the fact that he had not been able to tweet for a week as he had no signal, not sure where he was but it just goes to show that you can't always rely on using your mobile phone.
In 2012, mobile threats were a relatively small but growing percentage of overall web traffic.
The US government is suddenly getting serious about cyber security.
The PCI Security Standards Council recently issued some cloud computing guidelines aimed at demystifying this oft-misunderstood area of IT and the kinds of processes and applications it should be used to support.
Being in and remaining in a 'secure state' requires a continuous process of awareness, preparedness and readiness.
According to Forrester's recently launched 2013 Mobile Workforce Adoption Trends report, the demand for Microsoft's Surface Pro tablet is rife.
'Simplicity is the ultimate sophistication', said Leonardo da Vinci.
Cloud computing is a familiar term in the enterprise market.
If you've been in the world of information security for a while, you've undoubtedly seen an article or two comparing biological and computer viruses, and proposing ways of mimicking the biological immune system in the world of computers.
Last week I was delighted to attend the Centre for Secure Information Technologies (CSIT) summit in Belfast, in its third year of operating as a think tank and speaker conference.
More of us have social media accounts like Facebook, LinkedIn or Twitter which we use to share experiences or opinions and maintain relationships with friends, family and colleagues.
On 1st February the UK government removed all GSi Code of Connection (GCSx) Connectivity from the GCF catalogue. On 7th February, The European Digital Directive was published' - so how can CISOs ensure that their organisations remain compliant when the targets keep moving?
In the past 15 years, we've gone from dial-up internet to massive high bandwidth pipes that have connected and even flattened the world.
Attacks on applications succeed because they are still not secure.
Today's retailers and their customers are embracing and using technology through an array of devices and channels.
Put simply - politically motivated hacking is no longer 'the next threat' to national security.
Whether or not the internet is your business, your business is on the net.
One of the most successful lines of defence when dealing with today's cyber criminals is to understand the mechanics of an attack.
In December 2012, I attended an event that included a large number of security executives from various US federal government departments.
For any nation, protecting critical infrastructure is, as the term suggests, critical.
Women in Security, recently launched by (ISC)2's London chapter, is actively encouraging women to join the profession and take on those roles for which they are often overlooked.
Password re-use, not to mention default and blank passwords, can bring your whole network to its knees.
We shouldn't let the potential misuse of a product in the wrong hands blind us to its benefits in the right ones.
"That won't happen to us, 'cause it's always been a matter of trust." This line from Billy Joel's 1986 hit single could easily describe the approach that many organisations have taken over the past five years to safeguarding the personal, confidential data that they hold.
The recent spate of high-profile spear-phishing attacks has put pay to any illusions that large organisations and their imposing defences are impenetrable.
As businesses continue to move critical operations online, distributed denial of service (DDoS) attacks are increasing in frequency, sophistication and range of targets.
On the night of April 14th, 1912, the RMS Titanic scraped an iceberg and sank to the bottom of the ocean in only two hours and 40 minutes resulting in the death of 1,517 people.
Adoption of a 'risk-managed' approach to information security is extremely fashionable amongst the organisations that I work with.
Organisations depend on information to operate, thrive and prosper and the information itself is increasingly the core of the business.
The threat landscape today is more advanced than ever before, and shows no signs of slowing down. Malware has proliferated and increased in complexity, while hackers have become more cooperative with each other.
A year on since the EU Commission announced proposals to revise data protection legislation, businesses are in a state of flux as they prepare for potential change.
Security is not just for merchants and card users to take care of. Central government at both national and European level and the payments industry should step up and take responsibility too.
Since the emergence of the zero-day vulnerability in Internet Explorer over the Christmas period, I have seen a new term become more and more used.
The convergence of physical and IT security calls for infosec practitioners to adopt 'a design principle', says Eduard Emde, president of professional body ASIS International.
Sensitive data can be tunnelled out of your network in many ways. Fortunately, there are just as many ways to stop it.
The vulnerability of BMWs to 'no key' theft is a case study in what happens if the lessons of IT security are ignored.
They have been variously described as technology's 'Generation Y' or 'Generation Tech', an undisciplined, impulsive, entitled horde of 20-something workers older heads are inclined to see as one of the biggest security challenges ever to hit corporate networks.
Advanced Evasive Threats (AETs) have come a long way since our research team here at Stonesoft went public on the security problem in October of 2010.
In a world where a lot of business transactions now take place online, cyber criminals are posing a real risk to businesses' annual revenue.
This year has seen Dell move firmly into the security market after a number of key acquisitions and this has led to the formation of its software group.