Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.
As mobility introduces changes in workplace dynamics, Charles Milton looks at how to shift power in favour of the CISO while securing the borderless enterprise.
Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.
Botnet takedowns make good headlines and earn kudos for law enforcement and companies like Microsoft but are they worth the time and effort, asks Dan Holden.
Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.
IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.
Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.
In the age of connected objects, social networks, smartphones and new consumer behaviours, the IT security department has an increasingly important role for enterprises across all sectors, says Thierry Bettini.
New platforms such as Hadoop are pushing IT professionals to find innovative solutions to ensure data security, says Greg Hanson.
Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.
With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.
Responsibility for securing data is now increasingly shifting towards the board leading to a change in role for the IT department, says Terry Greer-King.
Commercial mobile surveillance kits are a growing security threat. Michael Shaulov looks at the scale of mRAT infestations, and how to avoid them.
Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company, says Tim Ramsey.
Don't end up as the weakest member of the herd following the end of official support for Microsoft Windows Server 2003, says Ian Trump.
Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.
Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.
As Bitcoin grows in popularity, could the crypto-currency be the solution to online fraud, asks Akif Khan.
Paul Lipman explains why he thinks that the cloud offers a way forward for securing the complex interconnected world.
Alex Vovk explains how to leverage security policy and ensure it's performing correctly to prevent a data breach.
University networks are becoming increasingly more attractive targets, as witness last week's attack on Harvard University in America, says James Burns.
The return of a decade-old attack vector, the malicious macro, requires a granular, policy-based approach to managing email at the gateway, says Greg Sim.
Businesses of all sizes have begun to consider iPad POS as a viable option, but what are the security implications, asks Josh Smith.
Utilities face thousands of cyber-attacks every day, but we are not prepared for a successful take-down despite the very real threat says Oliver Eckel
Norman Shaw looks at the causes of data breaches, what it costs and what the market needs to consider in order to protect itself.
Protecting yourself against malware that's aware of anti-virus programs and can self destruct to avoid detection is tricky, says Corey Nachreiner.
Less stick more carrot: EU relaxation of Data Protection Regulation reform is a positive development, says James Henry.
Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.
How can businesses enable Office 365 and its rich ecosystem of supporting apps securely without risking security issues or data loss, asks Eduard Meelhuysen.
Alexander Pope said, "To err is human; to forgive, divine." Could he have been thinking of the infamous Bank of England email leak when he said that, asks Rainer Gawlick.
Cloud computing is no longer in the sole charge of the IT team as organisations vie to take advantage of new cloud services, says Ian Finlay.
The problem with targeted attacks, of course, is that they are designed to stay hidden, as we learned from a recent hacking case, says Kev Pearce.
Wave upon wave of data breaches are putting company IT security measures under the microscope worldwide, says Chris Sullivan.
The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.
Living in a networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks, says Salo Fajer
While Snowden, high-profile data breaches and hacking dominate the headlines, the more pernicious risk to business continues to be simple human error, says Tony Pepper.
Identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy, says Andrew Thomas.
Defenders in the cyber-domain need to abandon the Cold War principle of 'need-to-know' - a gratifyingly simple but effective maxim, says Alister Shepherd.
According to the old adage, failing to plan is planning to fail, and as Matt Kingswood says, recent events in Holborn, London are a timely reminder of what can happen.
Prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security, says Paul Hampton.
Despite the objective of releasing greater business value from information, most businesses prioritise locking it down, says Sue Trombley
Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk
Dieter Lott discusses the security and networking solutions market and how organisations should be adopting a new proactive approach to security breaches given that IT infrastructure is in a constant state of change.
Teach children to code and, yes, even to hack so they learn about the power and potential perils of the internet, says Nick Banks.
Patrick Peterson examines why organisations need to focus on both external and internal assets to address the phishing threat.
It must be hard as an IT security professional not to feel overwhelmed by the sheer scale and sophistication of the threats facing your organisation, as the language used to describe modern cyber-attacks has become increasingly militaristic.
Preference for technical solutions, rather than organisational change is resulting in over-investment in stopping cyber-attacks rather than detecting attacks and defending data says James Henry.
Companies should build a holistic and forward-looking cyber-security programme capable of forecasting potential security threats and alleviating those risks before they cause serious damage says Piyush Pant.
The new government needs a new cyber-security policy as a priority - with sufficient resources - and drawn up by people with a good understanding of the issues, says Raimund Genes.
Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network explains Roman Foeckl
We must monitor cyber-criminal connections to follow attackers back to their source and have mechanisms − technical or legal − to stop them resuming their activities elsewhere says Neil Campbell.
Jen Andre and Cameron Camp debate online financial security
Cyber-insurance is the new go-to for large corporations trying to defend themselves from data breaches, but the UK is lagging behind - and that is something the government wants to fix.
MS Windows 2003 servers (WS2003) reach end of life on 15th July 2015 - but don't panic! They'll still operate in the same way, but could become more susceptible to cyber-attack warns Kevin Linsell
Removing human interaction with passwords and automating their selection and frequency of change is certainly a step in the right direction says Richard Walters.
Due to the complexities of IT security, achieving clarity on cyber-insurance policies is going to be a growing challenge says Rowland Johnson
SMEs need to be aware of the risks faced, whilst implementing quick and easy protective measures that will make them more secure than the average victim says Chema Alonso
Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.
Public-private partnerships in cyber-security are needed with governments helping protect their private sector from cyber-espionage - as demonstrated in Finland and Israel
Time to set the record straight on email authentication: DMARC won't get spam into the inbox, says Rob Holmes
Building a database security strategy is the first step for a company in ensuring security has been addressed inside out says Alan Hartwell.
A new approach to mobile user protection should focus on self-defending apps that provide an integrated, dedicated and secure solution to cyber-crime threats suggests Tom Lysemose Hansen
We need to see all results of government initiatives - both positive and negative - if industry, and especially SMEs are to act on them says Alan Carter.
Too many false positives inevitably reduce response times - and even response numbers - so raise the verification bar and thereby limit them says Chandra Sekar.
In the wake of successful cyber-attacks, and security incidents taking down some of the biggest brands on the planet, impacting critical infrastructure and banking systems alike, it may be asserted that, when it comes to technology, by evidenced implication, it would seem to be exposed, fragile and vulnerable.
Targeted emails with infected attachments are the hacker's weapon of choice but there are ways to avoid being spiked by spear phishing says Noam Green.
Few understand the value of their website to hackers says Ilia Kolochenko, warning that even an individual blog is potentially at risk.
A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.
Better understand what's happening on your network and you'll be better prepared to tackle hostile intruders says Corey Nachreiner.
Security is needed everywhere within the software-defined data centre as physical security is no longer an adequate defence against current threats says Dr Gerhard Knecht.
Unsanctioned subsidiary Apps are coming into the enterprise via sanctioned 'anchor' apps - with 35.1 percent of all app sessions occuring across four main ecosystems of Box, Dropbox, Google Apps, and Salesforce explains Rajneesh Chopra.
IT staff have greater access privileges - and ironically, even more so when they are junior - making them worthwhile researching by spear-phishers warns Kev Pearce.
We're all potentially in the global data market now, so do your research, ensure you know your market, and take every preventative step you can says Jonathan Armstrong.
Relying on cyber-insurance when your defences are actually negligent will increasingly become unsustainable - and unavailable - says Philip Lieberman.
2015 could be the year of DLP, argues Guy Bunker.
A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.
Implement a structured response with automated systems to bring down the cost of chasing false positives says Brian Foster.
Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.
Should fingerprint-based data leakage protection be declared dead asks Peter Tyrrell, suggesting it just doesn't scale for the hyper-connected world.
IT security issues continue to hit critical services, but do we, the public, ever know for sure if they are due to error, system failure, or an attack?
CISOs are increasingly being asked to take on greater management responsibilities, but are they subsequently being divorced from their firm's true security maturity?
Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.
Deal with APT intruders logically, not emotionally, and get the upper-hand - even if that means leaving them on the network says Mike Auty,
Containerisation - separating business and personal data and apps - is an effective way to ensure BYOD doesn't compromise corporate data security says David Brady.
Token-free, multi-factor authentication using mobile phones provides the real-time convenience and flexibility that today's work environment requires says Torben Andersen.
Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.
As the internet of things rolls out into every aspect of our lives, new security issues will arise, and regulators need to ensure minimum standards apply says Geoff Webb.
Combatting tomorrow's cyber-security threats with yesterday's flawed technology approach is an unreliable strategy, says John Suffolk.
Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.
Decide on your mobiles policy, then choose the technology that allows that policy to be delivered says Sergio Galindo.
Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell
As terrorist sympathisers hack non-military sites, and oppenents hack back, we are all now potential targets says John Walker.
The economics of cyber-crime make your network an attractive target. Change the economic incentive and you'll reduce the threat says Guarav Banga.
If you don't understand what the benefits of a software-defined data centre are how are you going to know how to secure it asks Kevin Linsell.
Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.
A good spying programme in the 21st century cannot exist without good covert spyware. So it's time to put a military discipline behind defending our state IT infrastructure says Ralf Benzmüller.
New data sovereignty regulations should not be seen as an obstruction, but as an opportunity to increase market share with innovative offerings says Cameron Burke.
Every sensor has the potential to be used for malicious logging - and anti-virus based systems aren't an effective defence says Janusz Siemienowicz who adovcates monitoring of behaviour.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- HMRC launches Cyber Security Command Centre
- Updated: Hackers blow the doors off Hacking Team, expose 400GB confidential data
- The applicability of ISO 27001 across industries
- CESG gives security seal of approval for Samsung Galaxy smartphones
- Study: Critical infrastructure attacks often result in physical damage