Strike back and you could strikeout

June 13, 2013

Between agenda-pushing hacktivists, financially-motivated cyber criminals and spying nation states, there is no shortage of attackers out there breaking into networks, stealing trade secrets and wreaking havoc.
 

Talking cyber security with the UK government

June 11, 2013

It is easy to be critical of the government when it comes to cyber security, but the truth is that up against attacks, a lack of funding and an increasingly able adversary, what it is achieving is not all that bad.
 

Diluting the threat of identity pollution

June 10, 2013

Identity pollution has created a breeding ground for fraudulent activity.
 

DDoS attacks to knock you offline - when, not if?

June 03, 2013

In a story I did a month ago, I looked at research that suggested that distributed denial-of-service (DDoS) attacks were not being taken seriously at all levels of business.
 

OSINT Tools: The foundation for social engineering and phishing attacks

June 03, 2013

Have you ever wondered how someone 7,300 miles away without legitimate access to a network can learn more about an organisation than its own employees?
 

Intellectual property theft - detection is the best prevention

May 31, 2013

Intellectual property (IP) is no longer safe and businesses are losing their competitive edge as a result.
 

Cyber crime and popcorn anyone?

May 23, 2013

You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.
 

After the crime: content-based forensic triage in practice

May 20, 2013

The digitisation of all aspects of business and growing volumes of digital storage are causing the global digital forensics industry to expand rapidly.
 

Abuse of privilege

May 17, 2013

Visitors to the recent Infosecurity Europe show were bombarded by vendors offering to secure their infrastructures from the outside.
 

Online Ownership

May 15, 2013

The cloud has been a somewhat nebulous concept for a few years.
 

Are you prepared for an incident?

May 13, 2013

Increased media attention on cyber incidents, strong data protection legislation and regulatory interest in security has brought increasing investment and progressive improvement in proactive security within companies.
 

You've been breached: Who should be held accountable?

Jody Brazil May 10, 2013

With the ever increasing threat of cyber crime knocking on one's door, many large organisations are reliant on IT security teams to protect their vast network from attack.
 

Building defences for BYOD

May 08, 2013

The insatiable consumer appetite for technology and the proliferation of mobile devices in people's personal lives has driven enterprises to adapt their ways of working.
 

Security at the enterprise edge

May 07, 2013

There's no doubt that doing business in this day and age is exciting.
 

Effective cyber threat defence requires clear security focus

May 02, 2013

Cyber risk has time and time again been identified as one of the top risks facing organisations, irrespective of their size or industry sector.
 

Why Facebook, Google and Apple have got authentication wrong

April 30, 2013

We've known that the password hasn't been secure for quite some time.
 

Professional monitor in association with (ISC)2: Infosec professionals need to work with law enforcement

Victoria Baines April 22, 2013

Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief.
 

Lock down your Macs

April 22, 2013

Pay attention to the Macs in your office, especially if they are used by people unaware of the risks they present.
 

Don't judge potential and existing employees through automated analysis

April 22, 2013

Neither automated analysis, nor the manual reading of Twitter posts, is a useful practice for HR to engage in.
 

The art of cyber war in six steps

April 19, 2013

As the number and severity of cyber crimes continues to grow, it is important to understand the actual process an attacker follows when compromising a targeted computer or network.
 

Mind the gap - CEOs need to address their lack of cyber security knowledge

April 18, 2013

In early 2012, with the Olympics looming, I was a civil servant trying to explain cyber security issues to more senior civil servants.
 

Would you like chips with that outsource?

April 18, 2013

Many organisations faced with increasing in-house IT infrastructure and staffing costs look at other organisations with outsourced operations with envy.
 

Information super highway becomes super-fast

April 17, 2013

The pattern of network and internet usage today is undergoing a tremendous shift that is nothing short of a life style change, demanding a transformation in security capability.
 

How to secure the virtual world

April 16, 2013

Cloud computing has been taking the IT world by storm - according to recent figures from Gartner, the industry grew by nearly 20 per cent globally last year.
 

E-Biometrics - Has your keyboard been faithful?

April 12, 2013

For decades, we have relied on a simple 'two-pronged key' to allow us into virtually any computer system on the planet: the veritable userID/password combination.
 

Why are you failing to meet your portable data security responsibilities?

April 12, 2013

Organisations across the UK are of course aware of the need to secure personal and corporate data within their business.
 

Why encryption comes of age

April 02, 2013

Over the past few years, the IT market has become commoditised, dominated by the larger distributors.
 

Big data propels SIEM into an era of security analytics

April 02, 2013

In the past few years, a stunning range of government agencies and prominent corporations have succumbed to stealthy, tailored cyber attacks designed to exploit vulnerabilities, disrupt operations and steal valuable information.
 

The new skeleton key: changing the locks in your network environment

April 02, 2013

While attending school in Helsinki, I discovered a password 'sniffer' attack in our university network.
 

Is the UK really prepared for cyber attack mitigation?

April 02, 2013

The claims in the National Audit Office's (NAO) report are made in spite of recent action taken by the government to develop a robust cyber strategy - including GCHQ's formation of the UK's first academic research institute set up to arm the nation with the necessary tools in the growing struggle against cyber attacks.
 

Fighting blind: The convergence of modern applications, SSL and advanced threats

March 28, 2013

Modern attackers, by necessity, have become highly adaptable and customised to avoid traditional security, producing threats that are more sophisticated than ever.
 

The great token debate

March 28, 2013

I read this week that one of the One Direction boys was bemoaning the fact that he had not been able to tweet for a week as he had no signal, not sure where he was but it just goes to show that you can't always rely on using your mobile phone.
 

Behavioural patterns of mobile users

March 27, 2013

In 2012, mobile threats were a relatively small but growing percentage of overall web traffic.
 

Monster of the week - why the government struggles with cyber security messaging

March 27, 2013

The US government is suddenly getting serious about cyber security.
 

To store or not to store?

March 26, 2013

The PCI Security Standards Council recently issued some cloud computing guidelines aimed at demystifying this oft-misunderstood area of IT and the kinds of processes and applications it should be used to support.
 

Integrating people, process and technology

March 22, 2013

Being in and remaining in a 'secure state' requires a continuous process of awareness, preparedness and readiness.
 

Does Windows 8 Surface Pro's security credentials signal the decline of MDM?

March 22, 2013

According to Forrester's recently launched 2013 Mobile Workforce Adoption Trends report, the demand for Microsoft's Surface Pro tablet is rife.
 

Authentication: the Text Factor

March 21, 2013

'Simplicity is the ultimate sophistication', said Leonardo da Vinci.
 

How to thwart hackers in the cloud

March 20, 2013

Cloud computing is a familiar term in the enterprise market.
 

Vaccination theory - can cyber crime be eradicated?

March 19, 2013

If you've been in the world of information security for a while, you've undoubtedly seen an article or two comparing biological and computer viruses, and proposing ways of mimicking the biological immune system in the world of computers.
 

A place for learning and development

March 18, 2013

Last week I was delighted to attend the Centre for Secure Information Technologies (CSIT) summit in Belfast, in its third year of operating as a think tank and speaker conference.
 

Getting to grips with the social enterprise

March 15, 2013

More of us have social media accounts like Facebook, LinkedIn or Twitter which we use to share experiences or opinions and maintain relationships with friends, family and colleagues.
 

Hitting a moving target?

March 14, 2013

On 1st February the UK government removed all GSi Code of Connection (GCSx) Connectivity from the GCF catalogue. On 7th February, The European Digital Directive was published' - so how can CISOs ensure that their organisations remain compliant when the targets keep moving?
 

DDoS in the enterprise: the threat snapshot

March 12, 2013

In the past 15 years, we've gone from dial-up internet to massive high bandwidth pipes that have connected and even flattened the world.
 

Ham and eggs on the application security menu

March 11, 2013

Attacks on applications succeed because they are still not secure.
 

Retail security in the age of big data

March 11, 2013

Today's retailers and their customers are embracing and using technology through an array of devices and channels.
 

China in your band(width)

March 07, 2013

Put simply - politically motivated hacking is no longer 'the next threat' to national security.
 

Balancing on the tight-rope between digital opportunities and security

March 07, 2013

Whether or not the internet is your business, your business is on the net.
 

Ransomware: the threat of 2013

March 06, 2013

One of the most successful lines of defence when dealing with today's cyber criminals is to understand the mechanics of an attack.
 

Translating the value of information security

March 04, 2013

In December 2012, I attended an event that included a large number of security executives from various US federal government departments.
 

Security threats towards nations' critical infrastructures

February 27, 2013

For any nation, protecting critical infrastructure is, as the term suggests, critical.
 

Professional monitor in association with (ISC)2: Women in Security

February 20, 2013

Women in Security, recently launched by (ISC)2's London chapter, is actively encouraging women to join the profession and take on those roles for which they are often overlooked.
 

The trouble with re-using passwords

February 20, 2013

Password re-use, not to mention default and blank passwords, can bring your whole network to its knees.
 

Dual-use technology isn't all bad

February 20, 2013

We shouldn't let the potential misuse of a product in the wrong hands blind us to its benefits in the right ones.
 

A matter of trust

February 18, 2013

"That won't happen to us, 'cause it's always been a matter of trust." This line from Billy Joel's 1986 hit single could easily describe the approach that many organisations have taken over the past five years to safeguarding the personal, confidential data that they hold.
 

The keys to IT security are already in your pocket

February 17, 2013

The recent spate of high-profile spear-phishing attacks has put pay to any illusions that large organisations and their imposing defences are impenetrable.
 

Combining cloud-based DDoS protection and managed DNS services to thwart large attacks

February 15, 2013

As businesses continue to move critical operations online, distributed denial of service (DDoS) attacks are increasing in frequency, sophistication and range of targets.
 

Being human - behaviour that needs to be on board

February 11, 2013

On the night of April 14th, 1912, the RMS Titanic scraped an iceberg and sank to the bottom of the ocean in only two hours and 40 minutes resulting in the death of 1,517 people.
 

Risk-managed approaches to information security

February 04, 2013

Adoption of a 'risk-managed' approach to information security is extremely fashionable amongst the organisations that I work with.
 

From data leak prevention to information stewardship

January 30, 2013

Organisations depend on information to operate, thrive and prosper and the information itself is increasingly the core of the business.
 

Towards a new defence doctrine

January 22, 2013

The threat landscape today is more advanced than ever before, and shows no signs of slowing down. Malware has proliferated and increased in complexity, while hackers have become more cooperative with each other.
 

On a knife edge - are businesses ready for the proposed new EU data protection legislation?

January 21, 2013

A year on since the EU Commission announced proposals to revise data protection legislation, businesses are in a state of flux as they prepare for potential change.
 

Who cares about protecting small merchants from a security breach?

January 14, 2013

Security is not just for merchants and card users to take care of. Central government at both national and European level and the payments industry should step up and take responsibility too.
 

Watering hole attacks - a false warning?

January 09, 2013

Since the emergence of the zero-day vulnerability in Internet Explorer over the Christmas period, I have seen a new term become more and more used.
 

Professional monitor in association with (ISC)2: Convergence of physical and IT security

Eduard Emde January 07, 2013

The convergence of physical and IT security calls for infosec practitioners to adopt 'a design principle', says Eduard Emde, president of professional body ASIS International.
 

The threat of network tunnelling to businesses

January 07, 2013

Sensitive data can be tunnelled out of your network in many ways. Fortunately, there are just as many ways to stop it.
 

BMWs: Gone in 60 keystrokes

January 07, 2013

The vulnerability of BMWs to 'no key' theft is a case study in what happens if the lessons of IT security are ignored.
 

'Generation Tech' - young, gifted but a long way from bad

January 04, 2013

They have been variously described as technology's 'Generation Y' or 'Generation Tech', an undisciplined, impulsive, entitled horde of 20-something workers older heads are inclined to see as one of the biggest security challenges ever to hit corporate networks.
 

Analysing industry reactions to AETs

December 21, 2012

Advanced Evasive Threats (AETs) have come a long way since our research team here at Stonesoft went public on the security problem in October of 2010.
 

Business logic abuse attacks: undetected threats costing UK businesses precious revenue

December 18, 2012

In a world where a lot of business transactions now take place online, cyber criminals are posing a real risk to businesses' annual revenue.
 

Will Dell be accepted into the security market?

December 17, 2012

This year has seen Dell move firmly into the security market after a number of key acquisitions and this has led to the formation of its software group.
 

Is anti-virus dead, yet again?

December 06, 2012

It's a rare week when anti-virus doesn't get a beating somewhere for being ineffective or useless against catching viruses.
 

Corporate cyber crime response requires clear focus

December 06, 2012

It is universally accepted that if you become a victim of crime, you turn to the police.
 

Virtualisation - the big picture

December 06, 2012

The IT industry is often guilty of talking-up new technologies and emerging trends so insistently and exclusively that to the untrained eye it might look like everyone's singing from the same hymn sheet.
 

Mobile security: let's get some perspective

November 27, 2012

In a recent mobile security scare, researchers from Leibniz University of Hanover and the Philipps University of Marburg announced their discovery that Android apps can be 'tricked' into revealing personal data.
 

Can PCI compliance keep pace with the rise of m-payments?

David Froud October 29, 2012

Consumers increasingly rely on their handheld or tablet devices to carry out everyday tasks while on the move. It is no surprise that the mobile payment (m-payment) industry is experiencing exponential growth to meet this change in behaviour. Gartner predicts that in 2016 there will be 448 million m-payment users, in a market worth $617 billion.
 

Professional monitor in association with (ISC)2: Global Information Security Workforce Study

Richard Nealon October 23, 2012

Richard Nealon, information security assurance manager and co-chairman of the (ISC)2 EMEA Advisory Board, explains why the organisation's Workforce Study is so important.
 

What does your phone say about you?

October 23, 2012

Wireless sniffing tools can tell you - and potential wrongdoers - a lot about users of mobile devices.
 

44Con: bigger, better, uncut

October 23, 2012

This year's 44Con did the industry proud, from the new attack on Enigma to the caffeine-infused BlackBerry Lounge.
 

Why in-flight encryption is a vital service opportunity for network service providers

October 23, 2012

We live in an age where security demands to be at the centre of public and private life.
 

Joining forces in the fight for cyber safety

October 22, 2012

The past 20 years has witnessed the boom of commercial internet and, as a result, the development of an interconnected and global digital network.
 

Contagion: collaborating to fight the malware pandemic

October 18, 2012

"A characteristic feature of pandemics is their rapid spread to all parts of the world ... We are all in this together, and we will all get through this, together." Dr Margaret Chan, director-general of the World Health Organisation said this at the start of the 2009 H1N1 'swine flu' pandemic. However, she could just as easily have been talking about malware outbreaks.
 

Evaluating security from the threat actors perspective: how to achieve a higher ROI

October 15, 2012

While it's maybe too harsh to classify IT security and Return on Investment (ROI) as an oxymoron, it is fair to say that efforts to specify an ROI or Return on Security Investment (ROSI) have fallen short of perfection, despite the best intentions of the industry.
 

The real cost of DDoS

October 09, 2012

Recent distributed denial-of-service (DDoS) assaults are just the latest example of what network professionals have known for a long time - attacks are becoming more prevalent and the costs are mounting.
 

Apple users beware: viruses are not the only way to lose data

October 04, 2012

There's a commonly held belief that Apple personal devices are immune to viruses and don't need anti-malware software to protect data and for a long time, this was true.
 

Regulators pull their head out of the cloud

September 28, 2012

This week saw the European Commission (EC) and the Information Commissioner's Office (ICO) both release guidance on security within cloud computing.
 

Hard tokens and the difficult choice for retail banks

September 18, 2012

In the world of technology it is inevitable that some solutions will succeed and some will fail, but it isn't always the best that wins through.
 

The UK government will benefit from being forensically ready

September 12, 2012

The backlash against coalition plans to give MI6 and MI5 unprecedented 'email snooping' powers, illustrates the fact that people simply do not trust the government with their personal data.
 

If the Government talks about cyber security, will anyone listen?

September 06, 2012

One of the key stories in cyber security from this week has been around GCHQ advising businesses on how to protect against cyber threats.
 

BYOD requires clear strategy and enforcement

September 04, 2012

The consumerisation of corporate IT, fuelled by a blurring of the lines between personal and work-related devices, could pose one of the most significant challenges to face information security professionals for some time.
 

Professional monitor in association with (ISC)2: Infosec professionals need multiple skills

September 03, 2012

Effective security requires winning hearts and minds, says Colette Hanley, head of information security compliance at online communications brand Skype.
 

Tricks of the infosec trade

September 03, 2012

Sending hackers on a wild goose chase, and 'playing dead' in front of thieves, are brilliant ploys - but they're not enough.
 

Tossing the cyber

September 03, 2012

Stuxnet-fuelled talk of the dawn of cyber warfare is, alas, misguided. Sadly, keyboards will never replace guns.
 

Security versus performance: a tug of war?

August 31, 2012

As security threats have evolved over the past ten years, IT professionals responsible for network security have been under increasing pressure to protect digital properties without impacting performance levels, all on a budget.
 

The five layers of online banking security

August 23, 2012

Ensuring both consumer and corporate banking customers can access their accounts with the highest reasonable security and with an approachable process is a primary concern for financial institutions worldwide.
 

It's your data - just owned by someone else

August 22, 2012

At a recent CISO roundtable I attended, the question was asked 'what keeps you awake at night' and one answer made the attendees shudder - Dropbox.
 

Blue pill, red pill or kill pill?

August 17, 2012

In the recent Data on the Move survey SC Magazine undertook in association with Egress, one of the key statistics said that 74.5 per cent of the 160 respondents had received a 'recall' message.
 

Accidental espionage

August 15, 2012

Corporate espionage is a term that conjures up a world of high-tech gadgets, intelligence agents in trench coats and organised criminal gangs.
 

The passage of data to the cloud - who protects it and who manages that protection?

August 10, 2012

Research was released earlier this week around encrypting data in the cloud and the management of it.
 

The evolving threat landscape - from mischievous attacks to cyber war and espionage

July 30, 2012

Cyber attacks are becoming increasingly visible to the public, with high-profile breaches and ongoing commentary from large organisations such as Google and the UN frequently making headlines.
 

SC Webcasts

Security beyond the (fire)wall

Streaming live on 19th June at 3pm BST

This webcast addresses the technological challenges of maintaining full control of your most sensitive information - even once it goes beyond the firewall - while maintaining the freedom and flexibility necessary to allow your staff and other stakeholders to work as efficiently as possible. Tune in for free to hear from our regular and popular guest speaker, Bola Rotibi from (ISC)2 application security advisory board. To secure your place, please click here.

The truth about vulnerability management: Compliance checkbox or real protection?

Streaming live 2nd July at 3pm BST

How often are you assessing network vulnerabilties? Is your current vulnerability management program merely a compliance checkbox for auditors? Tune into this webcast live to hear from Joerg Weber, head of attack monitoring, Barclays, Lee Barney, an information risk consultant, and Skybox's Michelle Cobb on how you can prioritise vulnerabilities in a way that makes sense for your specific threat posture. Secure your free place here.

SC Whitepapers

Ponemon 2012 Global Encryption Trends Study

In Ponemon's recent Global Encryption Study, the organisation surveyed 4,205 information security professionals across seven countries to examine how encryption has evolved over the last eight years. The study focused on data protection priorities, budgeted expenditures for encryption and the types of encryption technologies involved, with the findings revealing some interesting insight into the relationship between encryption and its impact on the security position of organisations. To read the full report for free, please download it here.

Home | News | Products | Whitepapers | Jobs | Subscribe | Contact Us | About Us | Advertising | Sitemap | Editorial | Subscribe to our RSS feeds RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions