Tony Anscombe discusses the biggest mistakes companies make when moving to the cloud and tips to reap the benefits
Ken Munro discusses why Pokémon Go is symptomatic of a wider problem - permissions abuse by mobile apps - and the implications of this for the user and app developer
François Amigorena explains why compromised credentials are a major cyber-threat to organisations and how cumbersome security wastes time, whereas contextual awareness allows greater security automatically.
Dwayne Melancon discusses why he thinks China's quantum communication satellite is more of a novelty than a practical solution to the eavesdropping problem.
Mateo Meier discusses how Brexit is set to impact data privacy/security in the UK
Lewis Henderson explains how companies need to prepare to EU general data protection regulation in light of the post Brexit situation in relation to cyber-security.
Dr Jules Pagna Disso explains why phishing remains one of the most successful forms of attack, and why staff education is key to tackling the problem.
Ben Johnson discusses threat intelligence sharing and how current standards are without expert input.
James Henry explores the implications of Brexit on the adoption of the EU GDPR legislation
Stacy Leidwinger looks at the Hillary Clinton email scandal and how companies can avoid the potential security risk of staff using shaddow IT.
Laurance Dine discusses what you can do to mitigate the risk of being struck by ransomware
Ross Brewer discusses the impact of the Bangladesh bank cyber-attack and the growing problem of stolen credentials.
Mike Foreman says we're about to get some much-needed help ... smarter technology to save us from ourselves.
Norman Shaw looks at why encryption alone is not the answer to avoiding a data breach and outlines where he thinks companies should be focusing.
Social media platforms are a social engineering resource for hackers. Andrew Tang, service director, security, MTI Technology outlines the problem and what is required to guard against it
Bryan Lillie puts forward suggestions for what the UK's cyber-security strategy should contain in the next five years
Ron Arden takes a data-centric approach to security where the focus is on protecting the data within a system, and not just the system itself
Paul Donovan outlines the main questions to ask when choosing a NAC solution to work alongside a BYOD policy while protecting the network
email is one of the main routes for delivering malware into the enterprise, but despite frequent reports of its demise, it appears here to stay, so companies had better tailor their security posture accordingly says Carl Leonard.
Andrew Rogoyski says that companies need to identify what is truly their most sensitive, most valuable data - the thing that would most severely impact the company if stolen or compromised.
It's difficult to predict how the global and British economies will react to Brexit in the long run, however UK Cyber-security has every chance of staying in very good shape says Ilia Kolochenko.
Joanna Ward looks at the recent battles between tech providers and law enforcement agencies over encryption and considers how the escalation potentially be avoided.
Itay Glick says that new spear-phishing scams suggest that this method of spreading malware will surely continue to grow
Tony Anscombe asks, which is more secure, the password or biometrics?
The threat of a cyber-attack is a concern for us all, but nothing strikes more fear than ransomware says Mark Kedgley.
Paco Hope asks if black boxes can make our cars and lives less safe instead of safer
James Parry explores why the enterprise needs to move beyond threat intelligence to proactively seek out emerging threats on social media and the dark web
Oren Kedem asks if we're using the right methods to teach victims about scams or are some other forces preventing the warning messages from being effective?
Wes Mulligan says organisations are on high alert when it comes to network security, yet they are overlooking the potential risks posed by the many printing devices that are connected directly to their network
Russia is alterering the balance of power with superior human resources in the cyber-realm and a strategy and will to used them offensively, including via proxies - and lack of western response encourages escalation says Jarno Limnéll.
Stuart Aston offers suggestions that an everyday business can learn from the Government and should consider when creating their own cyber-security protection framework
Cyber-security companies can cooperate to help facilitate and encourage standardisation of certifications and practices and even exercise their power at a global level to influence policy-making say Chris Southworth and Allen Dixon.
Shawn Henry explores the potential security pitfalls involved when companies make an acquisition, along with the steps that must be taken to mitigate these risks
Alistair Tooth talks about bots and what they are doing to your website - and says its time to take control.
Aidan Simister highlights basic questions to establish how much visibility organisations have around the most basic of security risks.
Thomas Fischer believes that the Investigatory Powers Bill will incentivise more citizens to use Tor to protect their online privacy. In turn, this could lead to more people using the Tor network at work, either for privacy reasons or to bypass the company firewall and browsing policies.
Rick Orloff highlights the importance of trust between IT and employees, and how to restore it in the wake of the current cyber-crime climate, including communicating that you understand user concerns..
Mav Turner shares top tips to help IT pros address the growing issue of insider threats within their business.
Amit Ashbel explains how source code is the one advantage vendors have over hackers and how testing code earlier in the development process can prevent many of the vulnerabilities that hackers exploit today
Ransomware has been labeled the biggest threat this year, but is it as dangerous as it's made out to be?
Steve Donald says ransomware is emerging as the major cyber-threat of 2016 but what can organisations do to protect themselves?
From nuclear power stations to cars, 'Things' are increasingly vulnerable to attack. Greater adoption of security best practices is needed says Mark Kedgley, who urges more building-in security to devices and how they use the internet.
Steven Rogers advises steps that will allow security teams to prioritise threats based on relevant threat intelligence.
Despite very vocal critics, Netflix will not give in to the demands of overseas VPN users that want access to the US catalogue of shows says Paul Bischoff.
Data security has never before featured so highly on the boardroom agenda, mostly thanks to a continued avalanche of major breach incidents says Tony Pepper.
In today's cyber-threat landscape, the importance of incident response (IR) as a critical priority is fast gaining traction among the security community says John Bruce.
Cesare Garlati says having a device rendered useless because of a shut down in cloud service highlights the need for open standards in IoT devices.
The healthcare sector is vulnerable to cyber-attack, keeping a lot of personal data that attackers are increasingly targetting, and the NHS needs to get its defences in place now says Stuart Robb.
Sean Ginevan outlines how attackers are changing their methods to attack the mobile enterprise, and what can be done to shut down vulnerabilities.
Andrew Tang explores the contentious issue of paying bug bounties when software flaws are discovered.
New approaches to user monitoring and behavioural analytics enable firms to analyse all user activity, allowing tracking and visualising of user activity in real-time to understand what is really happening on the network says Balázs Scheidler.
When it comes to cyber-security, almost half of organisations rely on luck to get them through a cyber-attacks says Bethany Mayer.
Poor risk appetite remains a problem for companies, yet cyber-security is one area that needs urgent attention says Stuart Reed.
Jason Hart explains why EU businesses need to evaluate their security practices now before the new law takes effect.
Without synchronised security, information system controls don't talk to each other, so can't work together to react to threats says John Shaw, advocating a more joined-up approach to security to defend against attacks.
Identity Access Management (IAM) tools don't just protect the perimeter, they protect the identities of everyone that logs on to the network, enabling users to benefit from productivity applications with less risk says Mark Hughes.
Its not just anti-malware, but a holistic security review including policies and processes that's needed to minimise the risk of ransomware says Raimund Genes - with basics such as data segmentation being ignored.
As technology advances it brings with it new and more efficient ways to live and work says Todd Partridge.
Mike Loginov and Viv MacDonald explore the importance of management awareness of cyber-security in an organisation
A successful move to a global cashless society requires a comprehensive information security strategy
With electronic payments rapidly becoming the new way to transact, the idea of a cashless society is becoming a bigger reality, leading to demands for stronger authentication - without slowing transactions - says David Poole.
Michael Fimin considers the impact new EU General Data Protection Regulation (GDPR) laws will have on current vulnerability disclosure practices and recommends a number of best practices to help organisations measure up to the challenge.
How much of a risk is BYOD to network security? No more than company-issued hardware - provided businesses follow these four essential steps says Lee Painter.
Brian Chappell looks at why the backdoors of the Snooper's Charter are so repugnant to tech firms and how it can't be reconciled with the government's own directive to businesses to protect people's personal data.
Whether through loss of financial assets or damage to an organisation's brand, online fraud is becoming more of a problem and has the capacity to significantly and negatively impact a business, says Gad Elkin.
Katherine Maxwell says most organisations don't include cyber/data negligence within their employment contracts, and it is often not given the same respect as other employment issues.
The entire company must be aware of security risks, and their role, with safeguards in place to make it harder for mistakes to happen, as well as training to raise awareness of the consequences of a leak says Jens Puhle.
Ian Muscat offers four crucial tips on securing web applications - with the general theme of being prepared.
Tracey Stretton and Lauren Grest look at the EU-US Privacy Shield and the consequences of the Schrems judgement for international data transfers and how it (or any successor) fits into the EU GDPR.
Loyalty points have value. And when something has value, criminals will want to get their hands on it. So retailers and consumers have to work to keep these loyalty programmes safe according to Don Bush.
Companies operating in Europe have until 2018 to comply with compulsory breach notification under the EU GDPR or face heavy fines, but Gant Redmon says this could be a good thing for the industry and provide a global legislative model
The impending demise of Mozilla's identity management system, Persona, doesn't thange the fact that a sound blend of password management and unified authentication is the future of identity management says V Balasubramanian.
Jeff Finch offers reasons for organisations to take advantage of Managed Security Services (MSS).
Hitoshi Kokumai provides follow-up statistical data regarding "False sense of security" confirming eroneous perceptions exist regarding identity verification when two factors are used but not not linked.
Two recent events have highlighted the issue of whether service providers should be forced to find a way to give government agencies access to encrypted, private communications says Richard Anstey.
Analysis of the website of Mossack Fonseca, of Panama Papers 'fame', reveals glaring security weaknesses. The firm is not the only one to have been targeted by cyber-attacks. Emily Taylor suggests law firms are easy targets.
Claus Rosendal says financial services are a hot target for cyber-criminals, and observes that they may consistently gain access via remote workers.
Bridging the gap between executive awareness and enterprise security requires teams to provide greater visibility into programme performance and regularly communicate about emerging threats says Matt Middleton-Leal
A lack of rigorous disaster recovery testing by UK organisations is leaving a large chunk of plans unfit for purpose says Peter Groucutt.
Companies operating in Europe have until 2018 to comply with compulsory breach notification under the EU GDPR or face heavy fines, but Gant Redmon says this could be a good thing and provide a legislative model.
Ukraine's power supply suffered one of the most high profile targeted cyber-attacks on infrastructure ever- but the route - via phishing - is one of the oldest, emphaising the need for increased staff awareness says Mark Logsdon.
The FBI got around ordering Apple to cooperate in breaking its own security, but when the next case arises, and it will, should the company refuse to help, the outcome will have far reaching implications says Chris Peel.
Cyber-security threats are continuing to increase around the globe, including at small and large organisations in the United Kingdom says Mat Ludlam.
Compliance is sometimes described as a box-ticking exercise. Bruce Jubb explains why the GDPR must be more than that.
Richard Beck takes a look at how UK businesses plan to tackle cyber-threats to corporate security over the coming year.
Changing passwords is no longer advised by CESG and Barry Scott says businesses should be encouraging users to think about how passwords are used and adopt additional security that works in tandem with passwords.
By focusing on key supplier relationships as well as providing transparency deep into the chain of suppliers, a truly strategic VMO can oversee service delivery and value creation across the global business says David England.
Insider threats aren't always malicious: how organisations allow employees to continue to be the weakest link
Norman Shaw unpicks the innocent mistakes that employees make which, unlike cyber-security, there's no budget to reduce.
Cyber-attacks that harvest data have been gaining momentum, increasing in destructiveness and targeting progressively higher-profile organisations. However, this is not a problem limited to consumer-facing corporations says Ian Trump.
Anyone running glibc 2.9 or above should upgrade to a later version or apply a vendor patch now as malware authors will be looking at this bug closely given its remote code execution capabilities says Carl Leonard.
Drone deliveries, mobile car parking assistance, keyless building access. They're all possible now but Mark Furness asks how much is necessity and how much is pure hype?
Identify and prioritise your critical data, where it's held and who has access to it as the first steps to build your insider-threat programme advises Keith Lowry, and look at it as a business and not a technology issue.
As the headlines continue to be filled with stories of sophisticated cyber-attacks and high-profile data breaches, businesses are beginning to realise that they could easily be the next victim says Brent Kozjak.
The digital revolution has freed data from the office to multiple devices, bringing with it issues of secure acess, compliance and reputational integrity, which even smaller law firms must now address explains David Meyer.
By recognising and addressing the specific risks associated with use of cloud solutions, companies can overcome their fears and shift from a strategy built around minimising change to one optimised for change says Gordon Haff.
To tackle targeted cyber-attacks, Bob Tarzey says research and experience concur: put measures in place to prevent attacks happening, take action when one is underway and the clear up after the event when one succeeds.
In the rush to be first to market many organisations overlook basic IoT security principles, putting users at risk. Thomas Fischer urges, take time to build robust security protocols into products, rather than trying to retroft them.
Timothy Edgar suggests that the new Privacy Shield set replace the US-European Union Safe Harbour framework, is no shield at all and will not protect the privacy of European data held in the US.
Following the huge number of data lapses, last year will be remembered as the 'year of the breach' says Paul McEvatt who advises that we prepare for more frequent and diverse attacks in the year ahead.
Kevin Foster's advice for actions that companies can take to protect themselves against ransomware may be considered basic - from ensuring back-ups to not clicking on links - but they are actions that many neglect to take.
Secret Sharing - taking data and using randomisation to compute different shares (numbers) that only together define the secret/data - could be evolved to become a full-blown authentication protocol says Shlomi Dolev
Hitoshi Kokumai explains how increased access options improve convenience, but actually reduce security if each autonomously offers access, while creating a false sense of improved security as two factors get mentioned.
SC Webcasts UK
Sign up to our newsletters
Professor in Cyber Security and Networking
Edinburgh Napier University - Edinburgh
Lecturer in Cyber Security and Networking
Edinburgh Napier University - Edinburgh
Associate Professor in Cyber Security and Networking
Edinburgh Napier University - Edinburgh
CISO - Chief Information Security Officer (Up to £100K)
Evolution Recruitment - London (North), London (Greater)
Cyber Security, Intelligence & IA Consultants
Electus Recruitment - London (West), London (Greater)
- See All Jobs »
SC Magazine UK Articles
- BT Broadband outage blamed on power failure [updated]
- Critical infrastructure in Europe exposed to hackers
- Polish telecom suffers major data breach following hack
- Wassenaar Arrangement 'inhibits international cyber-security efforts'
- Poking around with Pokémon: why app developers need to address permission abuse
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Malware spawns botnet in 25,000 connected CCTV cameras
- Many IT pros are still not sure what the EU GDPR means to them
- Fake Tinder sites lure users to give up financial info
- 65% of IT pros would be grounded by Mum for their messy firewall rules
- Google recieved record 4677 data requests in latest transparency report
- ICYMI: BT outage; Euro CNI vulnerable; 4 rail attacks; Polish telecom hack: ransomware uses cloud
- BlackBerry & Apple rumble: CEO calls helping law enforcement 'civic duty'