Tom Read points out key recommendations one should consider when reviewing their information security strategy
Amichai Shulman demonstrates the role that social engineering plays in the life of a cyber-attacker.
Stess testing has become an essential activity rather than simply best practice says Martijn Groot who adds that banks require comprehensive data management capabilities to reduce the operational risk of unknown data.
Ed Macnair addresses the need to strengthen cyber-security in businesses and schools to take a step in the right direction in the fight against terrorism.
Darren White looks at how organisations can prioritise email security to protect their customers online.
In the run up to the year-end, SC will run publish projections from different commentators on what's in store for the cyber-security industry in 2016. First up Adam Boone ranges over IoT to mitigation in breached systems.
Purchasing cyber-insurance without a proven security system will leave businesses out of pocket, while absence of cover is a false economy says Steve Watts.
A malicious insider has the potential to be an organisation's worst nightmare. Márton Illés looks at how user behaviour analytics can be implemented to help close the gap on insider threats.
Lars Thyroff discusses the importance of best practices for intelligent digital security in a connected car to enable trust in the device, data and network.
Mike Fey recalls the European Court of Justice invalidating the agreement between EU and US organisations on data transfer on 6 October.
Steve Armstrong considers why breaches like TalkTalk continue to occur and notes how the associated costs exceed the cost of encryption, testing and more secure coding.
Anthony Di Bello explains how it is necessary to understand the scale of various security incidents and their ramifications to provide a measured response.
Cindy Truyens highlights how businesses fail to protect themselves by not comprehending the impact GDPR has on data management and other processes.
John Smith, looks at the wealth of data churned up by cyber-security analytics and how vendors have a responsibility to make the numbers actionable.
George Davies highlights the risks and considerations necessary to keep in mind prior to outsourcing your IT to a third party.
Awareness of the risks that come with cloud computing is essential for any business that utilises it says Luke Brown.
Professor Chris Hankin demonstrates that with the advancement of cyber technology, our methods of connecting with and traveling between each other grow more sophisticated as well.
There are legal issues and technical vulnerabilties aound the use of fingerprint scanners on mobiles, hence, Anthony Neary says, it is vital to have a mix of solutions which enable maximum possible security.
SMEs are at greater risk from the consequences of cyber-attack, less able to recover, with more mission-critical data on a single machine, so educating themselves about mitigating the risk is essential says Andrew Conway.
Traditional email sandboxing techniques are increasingly unable to defend all employees against evolving threats, says Neil Murray
Securing the device is only the first step in reducing the risk of mobile employees says Eldar Tuvey, noting we need to secure and monitor both the hardware and the endpoint activity and implement a multi-level approach.
A common-sense approach to cloud storage will ensure your valuable data remains safe and secure, says Thomas Chappelow.
Luke Brown explains why today's cyber-security strategy needs to focus more on data protection technologies and strategies.
What's lacking in many organisations' cyber-defences is cyber-situational-awareness that provides a more holistic and specific view of threats and vulnerabilities relevant to your organisation says Alastair Paterson.
Experian breach is more than just another hack as cross referencing of data sets opens up even more scope for ciminal activity says Max Vetter
Pete Shoard asks how powerful are less developed countries such as North Korea when it comes to cyber-threats, and can it be regarded as a major player in cyber-warfare anyway for the impact it has achieved?
Users need to realise that cloud services can be more secure, not less, but it is a new security model where we need to be clear what we want to do and how we plan to do it says Russell Spitler.
Luke Potter looks at four of the most basic security oversights identified during penetration testing
Torben Andersen warns of the danger of corporates relying on passwords alone to protect their businesses...
Norman Shaw looks at the latest data breaches, their causes, what the Safe Harbour ruling could mean for data protection and what you should be doing now to protect your company and yourself.
Steve Watts considers options for two-factor identificaiton and suggests Near Field Communication (NFC)-based mobile authentication as a possible solution.
Anomaly-based detection, rather than signatures or threat intelligence, is more likely to detect nation-state and advanced criminal 'Super Hackers' before they can gain a significant foothold on networks says Peter Cohen.
Give your new graduates mentoring support and challenge them, rather than just giving them menial tasks if you want to attract and retain the best says Dr. Scott McVicar.
Anthony Neary describes what he sees as the six main reasons why the UK a top target for cyber-criminals.
Having to carry around two mobile devices - one for personal use and the other for corporate business - is an anachronism, says Sebastian Goodwin.
Intelligent and analytical identification of anomalies in DNS activity is key to stopping threats before they become a real problem says Dr Malcolm Murphy, systems engineering manager, Infoblox
Staff need ongoing training in defending against the latest threats - which currently includes LinkedIn says Andrew Tang, service director, security at MTI Technology
Security is a reasonable concern when considering moving your IT services to the cloud, but four key questions can help you assess the risk, says Chris Pace.
If they can't identify attacks when they happen, how can financial organisations effectively combat them, asks Ron Miller.
In the wake of the SYNful Knock attack on its routers, Cisco should re-engineer its devices to prevent future attacks, says Raimund Genes.
Using individual user's behaviour patterns can identify both the individual and Bot activity to thwart RATs says Uri Rivner
Kane Hardy explores how the rise of automated attacks dictates the need for automated defence.
Never underestimate just how valuable enterprise data is to cyber-criminals, from low-level thieves to extremely well-funded (and therefore, well-armed) state-sponsored attackers, says Matt Middleton-Leal.
It didn't take much time following internet connections on mobile phones to become commonplace for scammers to realise they had another avenue for phishing attacks, says Claire Cassar.
A leak, a hack, or a simple mistake can blow up any M&A deal carefully crafted over months or even years, says Stephen Dearing.
It's impossible to know how your latest IoT-enabled device is going to be used by the purchaser, so make sure that security is designed into your products from the beginning, says Paddy Srinivasan
When cyber-criminals start to leverage the full power of the internet, it's only natural that they would turn to e-commerce to spread their wares, says Grayson Milbourne.
It is a testament to the sustained evolution of the cybersecurity landscape that we are still regularly seeing the emergence of new threats, says Gad Elkin.
As organisations struggle to find solutions to the user authentication problem, one company has gone as far as suggesting the use of emojis, an idea worthy of consideration, says Ben West.
By learning to translate their concerns into the language of business risk, cyber-security professionals will find that their messages are heard - and heeded - more readily, says Piers Wilson.
Statistics show that cyber-crime activity waxes and wanes with the activity of employees, dropping at night and increasing during the day, but that's no excuse to drop your guard at the weekends, says Stuart Reed.
As cyber-attacks become increasingly common, it's important that businesses understand the true cost of data breaches, says Wieland Alge.
The Payment Card Industry Data Security Standard (PCI DSS) is intended to help organisations ensure the safe handling of sensitive payment card data. But it can also present significant (and potentially expensive) regulatory hurdles, says Matthew Bryars.
Given the far-reaching implications of their work, it's time for cyber-security professionals to consider creating an oath to uphold ethical standards, says Stephen Cox.
Cyber situational awareness can help protect against cyber-attacks, loss of intellectual property and loss of brand and reputational integrity, says Alastair Paterson.
As software becomes increasingly complex, we must start addressing security as a key component at an early stage to prevent long-term costs from spiralling up, says Lev Lesokhin.
Cyber defence tactics are constantly evolving to meet new threats - but one area that has been undervalued up until now is the Domain Name System (DNS), says Simon McCalla.
An holistic view of security is increasingly important, says Thomas Richards.
The Carphone Warehouse cyber-attack shows the potential cost of a cyber-attack but cyber-insurance can help mitigate it, says Simon Gilbert.
Predictive analytics can scrutinise employees' network activities to forestall fraud and other insider threats, says Paul Dyson.
Last August, a trove of private images leaked online following a series of targeted brute force attacks against celebrity accounts in iCloud, says Silvio Kutic.
Take steps now to protect your data ahead of changes to the General Data Protection Regulations in Europe, says Andy Hardy.
Chris Mayers provides warnings and advice for firms to help them stay safe as more workers log on when on holiday.
Given the difficulty of preventing them, we should focus instead on minimising the damage from cyber-attacks, says Philip Lieberman.
The old saying "failing to prepare, is preparing to fail" is never more appropriate than when applied to disaster recovery (DR), says Oscar Arean.
When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.
As more and more business is conducted remotely, users need to adopt solutions that will address security weaknesses inherent in Wi-Fi, says John Knopf.
Despite growing awareness of cyber-based attacks on industrial control systems, many IT security models continue to adhere to the outdated belief that physically isolating systems and 'security by obscurity' is enough, says David Emm.
Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.
Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.
Cyber-attacks are a top threat to organisations today; however, despite an increased effort to keep up with the rising scale and complexity of threats, IT teams are struggling to defend their networks, says Mike Smart.
Will your organisation wake up to a data protection nightmare in 2017, asks Stephen Midgley.
In the changing online world, new measures must be put in place to protect intangible assets, says Margee Abrams.
Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.
Industrial environments are becoming increasingly automated and interconnected, with control systems often networked over the Internet. This growing computerisation exposes industrial control systems to a number of threats - with potentially disastrous consequences, says Florian Malecki.
Paul Stokes explains how a recent proposal by the UK government to regulate digital currencies presents a huge opportunity for the UK to become a leader in the area.
Chris Marrison considers the importance of looking at security threats already inside the network - rather than just what's trying to get in.
The bulk of the software on which we rely has not been written with sufficient rigour and we are paying the price, says Tony Dyhouse.
With concerns over data privacy growing apace, how do you prove to a user that their sensitive personal data has been erased, asks Pat Clawson.
The number of data breaches has continued to grow in 2015. Barely a day goes by without a company or country falling victim to a cyber-security attack, says Gary Newe.
Small doses of poison can add up to a lethal cocktail of DDoS in what is being called the ping of death, says Sophie Davidson.
Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.
As mobility introduces changes in workplace dynamics, Charles Milton looks at how to shift power in favour of the CISO while securing the borderless enterprise.
Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.
Botnet takedowns make good headlines and earn kudos for law enforcement and companies like Microsoft but are they worth the time and effort, asks Dan Holden.
Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.
IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.
Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.
In the age of connected objects, social networks, smartphones and new consumer behaviours, the IT security department has an increasingly important role for enterprises across all sectors, says Thierry Bettini.
New platforms such as Hadoop are pushing IT professionals to find innovative solutions to ensure data security, says Greg Hanson.
Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.
With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.
Responsibility for securing data is now increasingly shifting towards the board leading to a change in role for the IT department, says Terry Greer-King.
Commercial mobile surveillance kits are a growing security threat. Michael Shaulov looks at the scale of mRAT infestations, and how to avoid them.
Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company, says Tim Ramsey.
Don't end up as the weakest member of the herd following the end of official support for Microsoft Windows Server 2003, says Ian Trump.
Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.
Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.
As Bitcoin grows in popularity, could the crypto-currency be the solution to online fraud, asks Akif Khan.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Social engineering: hacker tricks that make recipients click
- Security researcher blasts United Airlines' bug bounty programme
- Video: Young and gifted codebreakers compete in cyber-security masterclass final
- Win32/CompromisedCert.D is now certifiably Dell-stroyed
- Five last minute retail risk mitigations for Black Friday weekend
- ISSE Berlin: Germany to promote 'digital sovereignty'
- Purchasing cyber-insurance without a proven security system will leave businesses out of pocket
- Sophisticated Apple Phishing Email making the rounds
- ISSE Berlin: Safe Harbour II initial agreement expected
- 2015 worst year in history for Mac malware