The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.
As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell
Oganisations need to cooperate and share threat intelligence in order to increase the cost of cyber attacks for hackers suggests Russ Spitler, VP product management, AlienVault
Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.
If you don't want your security training to be as compelling as an airplane safety presentation, vary the content and make an emotional connection says Scott Greaux.
Cyber security can't remain an IT issue. It needs to be addressed and filtered from the C-suite throughout the business, explains Rangu Salgame, CEO of growth ventures at Tata Communications.
Being alert to the danger of outside attacks is one thing, but like charity, security begins at home. Expect the unexpected, warns Geoff Sweeney, CTO of Tier-3.
Precautions must be taken to protect your Bitcoin horde, says LogRhythm's Mark Vankempen
Some may say that the lack of a recognised entry qualification for the information security industry is a good thing, for while professionalising ensures a baseline of competence, it can also be a barrier to talent from unexpected quarters.
A modest DNS investment can pay significant dividends in reducing the impact of DDoS attacks suggests Bruce Van Nice.
Cloud storage is itself under a cloud following Snowden, yet ironically its where the leaked data remains most secure says Campbell Williams
The way to avoid management by crisis is by having a strategy, goals, and plans to achieve them says Jarno Limnéll
Its time to take back third party remote access and increase visability on the network says Stuart Facey
Amir Lehr asks, What happens when your mobile ends up in someone else's hands?
Consumers need to get smart and be wary when installing and running 'dumb', but connected devices explains Keith Bird
How do they get any sleep at all asks Andy Aplin who advises CISOs to deploy dynamic security systems and strategies and choose an approach which complements the organisation's specific business needs and vulnerabilities
If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning argues David Rimmer
The tools that organizations have relied on to protect their networks are antiquated and no longer work.
Today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether.
Cloud storage will be a hacking magnet suggests David Emm, with the most vulnerable point of entry for attackers being staff.
For those of us tasked with managing the security of the digital world for the enterprise, there are serious ramifications to this evolution of identity. Specifically, how we manage identity must evolve.
Its time for a reality check regarding security vulnerabilities on your wearables says Raimund Genes who suggests that they are not about to cause serious data losses any time soon.
SecureData's Alan Carter asks what was learned from Waking Shark II, and questions whether there be a sequel, or spin-offs of the franchise into other sectors of the economic and physical infrastructure.
From being drawn in by a honypot, through to being compromised, lessons from life can have parallels with what happens online suggests Calum MacLeod.
Jason Jones at ASERT, which discovered the Madness Pro DDoS bot, explains why this malware posses such an ongoing threat
Selecting an appropriate cloud security solution can be simplified by ensuring cloud providers offer different environments with appropriate controls that align with actual risks faced suggests John Godwin
Paul Midian asks, 'How much are you prepared to 'give of yourself' so that algorithms can predict your wants and make your life easier? '
The BOYD focus should be on securing data wherever, rather than being preoccupied with specific devices recommends Dr. Paul Steiner
Security stress testing needs to happen at the development stage says Grayson Milbourne, Director of Security Intelligence at Webroot, who looks at the lessons learned from Snapchat
Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc
Protecting enterprise endpoints in a rapidly evolving threat landscape
2014 could be set to become the year of PTH suggests Calum MacLeod, VP of EMEA at Lieberman Software Corporation
Encryption integrity is called into question following NSA leaks, says Alan Kessler, CEO of Vormetric
Context-aware security can make intelligent decisions while allowing mobile users to get the job done.
Businesses can accept employee device promiscuity without causing difficulties for IT management, says Centrify's Darren Gross.
It's a New Year with a new editor and new team members on SC. Thanks for the warm welcome from everyone we've met and we'll be talking to more of you throughout the year.
Since its launch in 2009, Bitcoin has continued to dominate news headlines, for both good and bad reasons.
Keeping it simple and ensuring the basics are properly covered is likely to result in the biggest improvement in software security, says Cigital's Paco Hope.
With the right approach, it is possible to ensure compliance AND take advantage of the cloud says Garry Sidaway
Snowden has highlighted the need for staff training to ensure password sharing is prevented explains Francois Amigorena, CEO of IS Decisions
Many more personal mobile devices will arrive in the office after Chrismas, so sort out your security policies now advises Leon Ward.
Blaming cloud providers for giving in to the demands of US intelligence is a naive approach to a complex issue.
Mobile and cloud security, along with insider threats continued to dominate concerns over the past 12 months -impacted by the increased attention resulting from the Snowden revelations and concerns about back doors - but despite these concerns, this year the cloud really did become pervasive.
As the Bring Your Own Device trend continues to grow we are seeing that many people using their smartphones at work are blurring the lines between professional and personal use, which is creating an 'always-on' trend. This change in culture means that now more than ever people find themselves logging on and checking emails and working from home, or even abroad.
The government has done its bit for cyber security - now it's up to businesses to take action, and quickly.
Having a hard time getting security budget approval? Start by being relevant and communicating.
You can't stop change, but you can help define it. SC Magazine has been around for well over 20 years now. And, as the leading information resource for everything cyber security, we've covered it all - from 1992's 'Michelangelo' virus to 1999's 'Melissa' worm to today's APTs, hacktivist attacks, compliance mandates and more.
Shadow IT is an ever growing trend and one that can have a very real impact on a company's data and reputation, departmental spend and efficiency, and even its position as an IT leader.
The rise of mobile in the workplace shows no signs of abating. The trend is largely driven by consumers being used to using mobile devices, from tablets to smartphones, in their everyday lives.
Allen Scott, managing director of F-Secure UK & Ireland, dissects an extensive piece of global research into the cloud to discover the state of the cloud industry in the UK compared with Europe and the rest of the world.
Given the number of publicised high-profile security exploits, it is not unreasonable to expect that everyone involved in IT would be aware of the need to address security fundamentals, yet this does not seem to be the case.
When a term gets boring but is still relevant, it may be time to rebrand it and look at a new way to make it matter and heard.
It's a truism that a business is only as secure as its weakest point, so businesses should have security systems in place because staff members are going to mess up at some point.
Over at Cryptome, the cypherpunks have been busy looking at how the National Security Agency watches us.
As more and more organisations transfer sensitive or confidential data to the cloud, whether it is encrypted or not, important questions about who is responsible for securing and protecting this data are being asked.
Han van Meegeren was born at the end of the 19th Century in the Netherlands and went on to become one of the world's most prolific art forgers.
Whether top brass in the military, or CEO of a company, leaders have a lot in common.
All companies have a duty of care to their customers and employees while ensuring their business runs profitably.
The internet has evolved to become a vast social and interactive space, and with this evolution, new threats have emerged which are designed to target business and users' identity and trust in online services.
Corporate bring your own device (BYOD) growth is prompting enterprises to take a closer look at their networks and their approach to security.
The increasingly shrill headlines on security breaches have made cyber security a top priority among policy makers and in boardrooms.
I was recently speaking with a company about their concerns regarding security and the topic of jailbreak detection came up.
In the world of enterprise security, what used to be a fairly contained universe - with the ability to put effective controls at critical physical and online entry points — is now an exploding, constantly expanding target.
Understanding cloud computing's impact on all aspects of IT is vital, and this requires a broader set of skills and knowledge that meet the rapid evolution of the industry head on.
Using the incident pit technique in the wake of an attack is the best way to see off future threats to your organisation.
Believe an anti-virus vendor's marketing spiel and you might end up with a naff product - so do your homework.
We are always spoilt in April with not only Infosec, but 44Cafe and BSides London too - and this year was another corker.
The effects of leaked personal health information can be exceptionally damaging.
What do we really mean when we talk about 'legacy' systems? The dictionary definition is clear; a legacy is an inheritance or, used as an adjective, it's 'something outdated or discontinued'.
In the IT security and communications markets, it's been difficult recently to escape exposure to what's known as 'lawful interception'.
Between agenda-pushing hacktivists, financially-motivated cyber criminals and spying nation states, there is no shortage of attackers out there breaking into networks, stealing trade secrets and wreaking havoc.
It is easy to be critical of the government when it comes to cyber security, but the truth is that up against attacks, a lack of funding and an increasingly able adversary, what it is achieving is not all that bad.
Identity pollution has created a breeding ground for fraudulent activity.
In a story I did a month ago, I looked at research that suggested that distributed denial-of-service (DDoS) attacks were not being taken seriously at all levels of business.
Have you ever wondered how someone 7,300 miles away without legitimate access to a network can learn more about an organisation than its own employees?
Intellectual property (IP) is no longer safe and businesses are losing their competitive edge as a result.
You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.
The digitisation of all aspects of business and growing volumes of digital storage are causing the global digital forensics industry to expand rapidly.
Visitors to the recent Infosecurity Europe show were bombarded by vendors offering to secure their infrastructures from the outside.
The cloud has been a somewhat nebulous concept for a few years.
Increased media attention on cyber incidents, strong data protection legislation and regulatory interest in security has brought increasing investment and progressive improvement in proactive security within companies.
With the ever increasing threat of cyber crime knocking on one's door, many large organisations are reliant on IT security teams to protect their vast network from attack.
The insatiable consumer appetite for technology and the proliferation of mobile devices in people's personal lives has driven enterprises to adapt their ways of working.
There's no doubt that doing business in this day and age is exciting.
Cyber risk has time and time again been identified as one of the top risks facing organisations, irrespective of their size or industry sector.
We've known that the password hasn't been secure for quite some time.
Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief.
Pay attention to the Macs in your office, especially if they are used by people unaware of the risks they present.
Neither automated analysis, nor the manual reading of Twitter posts, is a useful practice for HR to engage in.
As the number and severity of cyber crimes continues to grow, it is important to understand the actual process an attacker follows when compromising a targeted computer or network.
In early 2012, with the Olympics looming, I was a civil servant trying to explain cyber security issues to more senior civil servants.
Many organisations faced with increasing in-house IT infrastructure and staffing costs look at other organisations with outsourced operations with envy.
The pattern of network and internet usage today is undergoing a tremendous shift that is nothing short of a life style change, demanding a transformation in security capability.
Cloud computing has been taking the IT world by storm - according to recent figures from Gartner, the industry grew by nearly 20 per cent globally last year.
For decades, we have relied on a simple 'two-pronged key' to allow us into virtually any computer system on the planet: the veritable userID/password combination.
Organisations across the UK are of course aware of the need to secure personal and corporate data within their business.
Over the past few years, the IT market has become commoditised, dominated by the larger distributors.
In the past few years, a stunning range of government agencies and prominent corporations have succumbed to stealthy, tailored cyber attacks designed to exploit vulnerabilities, disrupt operations and steal valuable information.
While attending school in Helsinki, I discovered a password 'sniffer' attack in our university network.