The second coming of DLP: Learning lessons from the past

The second coming of DLP: Learning lessons from the past

2015 could be the year of DLP, argues Guy Bunker.

Keep your friends close... but your insiders closer

Keep your friends close... but your insiders closer

A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.

The true cost of false positives

The true cost of false positives

Implement a structured response with automated systems to bring down the cost of chasing false positives says Brian Foster.

Wiping the flaws: Why it's time to get smarter about patch management

Wiping the flaws: Why it's time to get smarter about patch management

Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.

Are digital loss prevention and signature-based anti-virus living on borrowed time?

Are digital loss prevention and signature-based anti-virus living on borrowed time?

Should fingerprint-based data leakage protection be declared dead asks Peter Tyrrell, suggesting it just doesn't scale for the hyper-connected world.

Change management - security vulnerability or scapegoat?

Change management - security vulnerability or scapegoat?

IT security issues continue to hit critical services, but do we, the public, ever know for sure if they are due to error, system failure, or an attack?

2 minutes on... CISO: The balancing act?

2 minutes on... CISO: The balancing act?

CISOs are increasingly being asked to take on greater management responsibilities, but are they subsequently being divorced from their firm's true security maturity?

How does PCI DSS 3.0 affect you?

How does PCI DSS 3.0 affect you?

Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.

Turning the tide on APTs and nation state attackers

Turning the tide on APTs and nation state attackers

Deal with APT intruders logically, not emotionally, and get the upper-hand - even if that means leaving them on the network says Mike Auty,

Ensuring mobile data remains secure

Ensuring mobile data remains secure

Containerisation - separating business and personal data and apps - is an effective way to ensure BYOD doesn't compromise corporate data security says David Brady.

Securing remote Access with token-free authentication

Securing remote Access with token-free authentication

Token-free, multi-factor authentication using mobile phones provides the real-time convenience and flexibility that today's work environment requires says Torben Andersen.

How BYOD and collaboration trends solve corporate incident management

How BYOD and collaboration trends solve corporate incident management

Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.

Smart TVs, wearables and sheep: online and hackable

Smart TVs, wearables and sheep: online and hackable

As the internet of things rolls out into every aspect of our lives, new security issues will arise, and regulators need to ensure minimum standards apply says Geoff Webb.

Software-defined defences - keeping the cyber-risk at bay

Software-defined defences - keeping the cyber-risk at bay

Combatting tomorrow's cyber-security threats with yesterday's flawed technology approach is an unreliable strategy, says John Suffolk.

Lies, damned lies and statistics

Lies, damned lies and statistics

Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.

Is BYOD a four-letter word in your organisation?

Is BYOD a four-letter word in your organisation?

Decide on your mobiles policy, then choose the technology that allows that policy to be delivered says Sergio Galindo.

Driverless vehicles and digital trust

Driverless vehicles and digital trust

Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell

War of the hacktivists

War of the hacktivists

As terrorist sympathisers hack non-military sites, and oppenents hack back, we are all now potential targets says John Walker.

Cyber-security: changing the economics!

Cyber-security: changing the economics!

The economics of cyber-crime make your network an attractive target. Change the economic incentive and you'll reduce the threat says Guarav Banga.

What the software defined data centre means for IT security

What the software defined data centre means for IT security

If you don't understand what the benefits of a software-defined data centre are how are you going to know how to secure it asks Kevin Linsell.

PCI DSS 3.0, responsibility and protecting against third party access

PCI DSS 3.0, responsibility and protecting against third party access

Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.

Who could deny that spies now use covert spyware?

Who could deny that spies now use covert spyware?

A good spying programme in the 21st century cannot exist without good covert spyware. So it's time to put a military discipline behind defending our state IT infrastructure says Ralf Benzmüller.

What data jurisdiction means for cloud providers: Satisfy local, grow global

What data jurisdiction means for cloud providers: Satisfy local, grow global

New data sovereignty regulations should not be seen as an obstruction, but as an opportunity to increase market share with innovative offerings says Cameron Burke.

Sound and webcam loggers

Sound and webcam loggers

Every sensor has the potential to be used for malicious logging - and anti-virus based systems aren't an effective defence says Janusz Siemienowicz who adovcates monitoring of behaviour.

Reminding the cyber-criminals you're king of the castle

Reminding the cyber-criminals you're king of the castle

CISOs and CSOs need to ensure that their staff are aware of and able to tackle all the threats they face, and know how to deploy the most appropriate technology at their disposal says Kalyan Kumar.

Why Cameron's encryption plans would take the UK back to the Dark Ages

Why Cameron's encryption plans would take the UK back to the Dark Ages

Encryption will be used by the bad guys, and so will any back-doors, regardless of legislative bans which would only hit UK business - except its so unworkable it won't happen says Raimund Genes.

Beginning of the end for IT departments

Beginning of the end for IT departments

The emergence of services such as cloud computing, data analysis, social business and mobility has brought corporate IT to what market research company IDC has dubbed the "third platform". But Wieland Alge asks, what will the third platform mean for the CIO role?

Cool in a crisis

Cool in a crisis

Learn from the misfortunes of your peers and prepare to defend against repeat use of the same cyber-attack techniques as part of your defence planning advises David Stubley.

The end of penetration testing in sight?

The end of penetration testing in sight?

With the attack surface, or perimeter, expanding exponentially, and attackers inside the network, the focus should now be on finding and stoping them - concentrating on how data leaves the system - says Chris Marrison.

Trust, company culture and BYOD security

Trust, company culture and BYOD security

Mobile Application Management, with secure access and separation of work and personal use can establish employee trust in a company's BYOD policy says Alan Hartwell.

The reality of data loss - and how to mitigate it

The reality of data loss - and how to mitigate it

Vast volumes of data are travelling to work and back each day stored on employee devices, but in many cases even the most basic protection policies are not in place explains Kelly Brown.

Lessons from the Sony breach: Four things that need to happen now

Lessons from the Sony breach: Four things that need to happen now

We don't have the levels of government protection from a cyber-attack that we would have if armed men attacked, so we need to make our own plans says Eddie Schwartz.

Three stages for securing the personal cloud

Three stages for securing the personal cloud

The personal cloud can be managed in three easy steps and secure the apps that employees are going to use regardless of policy, says Ojas Rege.

In defence of the humble password

In defence of the humble password

The problem with passwords, is users says Francois Amigorena, and overcoming user-error can make passwords fit for purpose once again.

Why security was the deciding factor in choosing COPE over BYOD

Why security was the deciding factor in choosing COPE over BYOD

David Reed explains the 'corporate owned, personally enabled' approach taken by PA to manage the mobile devices used by its employees.

Lessons from 2014 - the year of the cyber-criminal

Lessons from 2014 - the year of the cyber-criminal

2014 was a watershed year for the information security industry when it became a concern for everyone, and Elad Sharf says it is critical that in 2015 we learn the lessons of last year and ensure our data is securely protected.

2 min on: CERT-UK opens the door to cross-sector information sharing

2 min on: CERT-UK opens the door to cross-sector information sharing

The UK's National Computer Emergency Response Team (CERT-UK) has shown some promising signs in its first year, with the connected Cyber Security Information Sharing Partnership (CiSP) initiative looking to improve cross-sector information sharing on security threats.

Debate: CISOs must have a technical background

Debate: CISOs must have a technical background

Gareth Lindahl-Wise, CISO, ITC Secure and Quentyn Taylor, director of information security, Canon EMEA debate if CISOs must have a technical background

New Year resolution 1: A cyber-security health check

New Year resolution 1: A cyber-security health check

Time to take stock, audit your assets and their security - including both response plans and staff, and address any outstanding issues says Nick Pollard

Take the ride: 25 years of covering IT security

For our special Reboot section, we took the opportunity to look back not just on the last 12 months, but the last 25 years SC has been entrenched in the information security space.

Industry predictions for 2015

Industry predictions for 2015

Sophisticated hack causes massive damage to steelworks

Sophisticated hack causes massive damage to steelworks

Dr Richard Piggin, in a blog published this week, notes how concerns about the vulnerability of control systems have been vindicated following the issuing of details about an attack on a German steelworks.

Preparing for the festive IT headache

Preparing for the festive IT headache

Christmas is the season for giving, but for IT security teams that can create numerous problems, says Terry Greer-King.

Supplier risk: The tip of the iceberg

Supplier risk: The tip of the iceberg

You need to delve deeper into the risks in your supply chain to really know what your exposure is says Nick Ford.

Five things you should know about PCI DSS

Five things you should know about PCI DSS

There's no such thing as a PCI DSS compliant solution, and companies, meaning merchants, remain responsible for lost data says Robert Crutchington.

Why the UK leads the way in API security

Why the UK leads the way in API security

Dense population and its role as a transportation hub has pushed the UK to ensure good security for APIs exposed in use, integrating borders and government agencies, says Jason Macy.

Who polices the security service?

Who polices the security service?

Questions need to be asked of Patch Tuesday and Microsoft's approach to it, says Robert Brown.

Passwords aren't going anywhere any time soon

Passwords aren't going anywhere any time soon

Take human memory out of the equation and passwords remain a viable access option says Emmanuel Schalit.

Is commercial open source more secure than proprietary alternatives?

Is commercial open source more secure than proprietary alternatives?

Many IT security professionals are chossing commercial open source solutions for security reasons rather than economy by says Olivier Thierry.

Why diversify or die' doesn't always ring true

Why diversify or die' doesn't always ring true

Kirill Slavin explains why focus can beat diversification in a fast-evolving market place.

Are we heading in the 'wrong direction' on cloud apps?

Are we heading in the 'wrong direction' on cloud apps?

Eduard Meelhuysen suggests we should consider taking cloud security tips from the world's biggest boy band, and asks: are we heading in the wrong direction on cloud apps?

A shift in the balance of power

A shift in the balance of power

Sophisticated malware feeds into script kiddie tools, enabling embittered individuals to take on corporations and governments. What are the consequences asks Sarb Sembhi?

Can you depend on Wi-Fi to enable the Internet of Things securely?

Can you depend on Wi-Fi to enable the Internet of Things securely?

When it comes to the Internet of Things (IoT), the presumption is that it just works, but the physical connection and the security behind it cannot be overlooked, says Phillip Keeley.

Regin shines new light on old software problems

Regin shines new light on old software problems

The sophisticated Regin malware raises new questions about the software we're using, says Tony Dyhouse.

The importance of Street Cred

The importance of Street Cred

Among the many elements that make up a successful information security programme, street cred is one with many ramifications and consequences says Josh Goldfarb.

Manage suppliers to increase your cyber-resilience

Manage suppliers to increase your cyber-resilience

Companies must understand how security works inside - and outside - their organisation, argues Seth Berman.

You need to understand the cloud to embrace the cloud

You need to understand the cloud to embrace the cloud

Better understanding of the potential gains offered by the cloud will make the move easier to contemplate says Aidan Simister who outlines what companies should be looking for in a provider.

EU regulations - Always expect the worst as it's already happening

EU regulations - Always expect the worst as it's already happening

A pessimistic approach to future threats is advised by Chris McIntosh as the necessary attitude to minimise the extent to which they happen, and bolster our preparedness to cope if and when they do.

Start with security

Start with security

Security needs to be a concern throughout the software development cycle, not just a developer issue, nor simply tagged on at the end says Stephen Morrow.

Avoid security breaches during reorganis​ation and mergers

Avoid security breaches during reorganis​ation and mergers

Paul Bonner advises companies merging to take the best security practice from each component company, and not impose the practices of the dominant player - or resistance is likely.

Is your website fit and secure for King Consumer?

Is your website fit and secure for King Consumer?

B2B websites could learn a lot about security from their consumer facing compatriots suggests Bob Tarzey.

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Companies should reconsider cloud-security perceptions says Pathik Patel, noting that recent software vulnerabilities such as Shellshock had less affect on cloud-based services than premises-based apps.

Establishing habits of a highly effective security professional

Establishing habits of a highly effective security professional

Preparation and organisation can enable effective security for one man SOCs or small teams explains Joe Schreiber.

Information security assurance from a resilience perspective

Information security assurance from a resilience perspective

A holistic approach to information security is needed to overcome the shortcomings of a Risk Management approach says David Stubley.

Major cyber security mistakes and how to avoid them

Major cyber security mistakes and how to avoid them

James Solyom, head of cyber protect and cyber respond at Control Risks, examines how organisations can avoid making expensive mistakes that leave them open to cyber-attack.

How the threat landscape challenges authentication - old and new

How the threat landscape challenges authentication - old and new

The growing cyber-threat landscape poses some awkward questions for present and future authentication methods, argues Barry Scott.

Defending online games from piracy, cheating and fraud

Defending online games from piracy, cheating and fraud

The video games industry generates billions of revenue, but only 20 percent achieve profit, due to cheats breaching security, hence the need for stricter implementation and enforcement of controls says Amit Sethi and Rennie Allen.

Is the Isle of Man the world's crypto-currency capital?

Is the Isle of Man the world's crypto-currency capital?

Regulation and infrastructure from off-shore finance and gaming industries are being leveraged to make the Isle of Man a centre for cypto-currencies says Peter Greenhill.

Out with the old, in with the cloud

Out with the old, in with the cloud

Moving to the cloud is inevitable, but it demands new ways of thinking about data security, and new approaches to secure this new border says Martin Borrett.

Why smart meters need smarter security

Why smart meters need smarter security

Internet-connected smart meters are gaining traction in the energy space but security must be considered, says Rueven Harrison.

Our digital breadcrumbs offer both security opportunities and threats

Our digital breadcrumbs offer both security opportunities and threats

Your future lies before you like a field of driven snow. Be careful how you tread it, for every step will show. Luke Aaron considers our trail of digital breadcrumbs.

2 MINUTES ON: 'Cybercrime-as-a-service'

2 MINUTES ON: 'Cybercrime-as-a-service'

Doug Drinkwater takes a two minute look at cybercrime-as-a-service, the new business model for hackers

Breach fatigue: do we even need notification laws?

Breach fatigue: do we even need notification laws?

Notification laws haven't stemed the tide of breaches in the US, so will the new EU regulations serve any purpose here? Ross Dyer says, Yes, and they're coming soon, so get ready.

Protecting the Crown Jewels

Protecting the Crown Jewels

Despite the value of critical enterprise data, many organisations are not aware of what their 'crown jewels' information is, says Carmina Lees, director of security services in UK & Ireland, IBM

Halloween cyber-security nightmares - experts reveal their fears

Halloween cyber-security nightmares - experts reveal their fears

Halloween nightmares for CISOs come in many shapes and sizes, and our commentators tell us what scares them on the network.

Step by step through the 'Phishing Kill Chain'

Step by step through the 'Phishing Kill Chain'

Stop the kill-chain higher up to increase chances fo preventing an attack says Patrick Peterson.

Combating 'malvertising'

Combating 'malvertising'

Web sites that take advertising need to protect against inadvertently delivering malware to their users, before, during and after an attack, explains Terry Greer-King.

Should flexible working result in flexible security?

Should flexible working result in flexible security?

Flexible working can bring security pitfalls, according to Imation's Nick Banks.

Guarding against insider misuse

Guarding against insider misuse

Track and audit changes on the network, especially by privileged users, and make it known that monitoring happens in order to reduce misuse says Michael Fimin.

Women in cyber security: Changing pathways and perceptions

Women in cyber security: Changing pathways and perceptions

Security consultant Dr Jessica Barker says that the next step to getting more women into cyber security hinges on changing minds and career pathways.

Zeroing in on zero-day vulnerabilities with looping

Zeroing in on zero-day vulnerabilities with looping

Zero-day vulnerabilities are a fact of life in cyber-security, which is why looping is so essential, says Darren Anstee.

Humanise outsourcing with a Pay As You Go CISO

Humanise outsourcing with a Pay As You Go CISO

Outsourcing your CISO is an option medium sized organisations should consider says Carl Shallow, who advises a Pay As You Go model to buy in expertise.

Security - why it's the burning issue of the HPC future

Security - why it's the burning issue of the HPC future

New approaches are needed to overcome security concerns related to use of big data analysis suggests Andy Grant, with 'containerising' data and merging data on the fly among options suggested.

Controlling mobile data loss

Controlling mobile data loss

Security strategy to prevent mobile data loss involves careful considerations regarding the user, device, and network. Mike Raggo advises implemening a range of controls including use of an enterprise mobility management platform.

Identity is the foundation of trust: why passwords can no longer be relied upon

Identity is the foundation of trust: why passwords can no longer be relied upon

Passwords have numerous failings, including their ability to be shared or stolen, meaning that they are not a secure way to authenticate identity, and other options must now be adopted says Dana Epp

Should we care about XSS vulnerabilities on eBay?

Should we care about XSS vulnerabilities on eBay?

The ability of attackers to exploit XSS flaws is more an economic issue than a technical one says Ilia Kolochenko who calls for prompt professional action when vulnerabilities are identified.

Securing people: Protection in the age of IoT

Securing people: Protection in the age of IoT

The coming Internet of Things explosion is more than your firewall can cope with says Steven Rosen, advising companies to take additional measures to deal with new threats.

Throwaway tablets threaten our children

Throwaway tablets threaten our children

Used and broken Android tablets often retain access to passwords even when wiped - so be careful how you dispose of them says Ken Munro.

Wearable technology: A secure approach to business

Wearable technology: A secure approach to business

Wearable technology raises many of the same concerns as smart phones and USBs - recording, storing and transmission of data by individuals - and your security policies should include that risk says Paul Martini.

How choosing your own device (CYOD) can help empower your workforce

How choosing your own device (CYOD) can help empower your workforce

If implemented well, choosing your own device (CYOD) brings benefits beyond BYOD or company-imposed mobile devices says David Brady.

Why multi-factor authentication is a security best practice

Why multi-factor authentication is a security best practice

Torben Andersen describes the top eight reasons why multi-factor authentication is a security best practice that CEOs need to ensure is implemented.

Data storage - why the world needs tape more than ever

Data storage - why the world needs tape more than ever

The days of magnetic tape as a storage media need not be over says Christian Toon who makes the case for revisiting its attributes.

Fighting the fraudsters: Why we must get better at data sharing

Fighting the fraudsters: Why we must get better at data sharing

Face-to-face information-sharing with peers is a vital route to learn industry fraud-prevention lessons says Tim Lansdale.

The (grim) reality of password security

The (grim) reality of password security

There are security vulnerabilities when using passwords, but Tyler Moffitt says that there are steps that you can and should take to make sure your data less easy to access.

The new rise of biometrics

The new rise of biometrics

Biometric id options need appropriate mobile computing support to ensure that they too are not compromised says Jon Geater.

Cyber risk management: A boardroom issue

Cyber risk management: A boardroom issue

Having comprehensive cyber risk policies that are not followed can be as detrimental as not having a policy at all says Peter Given.Good who advises that good risk-insurance will demand appropriate procedures are both in place and implemented.

How Edward Snowden boosted infosecurity business and...cybercrime

How Edward Snowden boosted infosecurity business and...cybercrime

Whatever Snowden's motivations, Ilia Kolochenko contends that the industry has misused the resulting information and often sold kit rather than true security solutions and expertise.

Restoring cloud confidence

Restoring cloud confidence

Despite the recent iCloud breach, cloud security is better than its current image suggests - and if you are demanding of your supplier, it can be better still says Jamal Elmellas.

Under lock and key

Under lock and key

Deploying appropriate technology is necessary to protect business critical information stored within racks and cabinets at data centres says Mark Hirst.

Why Big Data means big responsibility

Why Big Data means big responsibility

Individuals want privacy for their data, but they will share it if they can explicitly choose to do so having been told what benefits they will gain says Sachiko Scheuing.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US