Meeting the new vulnerability disclosure challenge

Meeting the new vulnerability disclosure challenge

Michael Fimin considers the impact new EU General Data Protection Regulation (GDPR) laws will have on current vulnerability disclosure practices and recommends a number of best practices to help organisations measure up to the challenge.

The BYOD explosion: How much of a threat do personal devices really pose to your network?

The BYOD explosion: How much of a threat do personal devices really pose to your network?

How much of a risk is BYOD to network security? No more than company-issued hardware - provided businesses follow these four essential steps says Lee Painter.

The Snooper's Charter is a tricky subject, not least because of its double standards

The Snooper's Charter is a tricky subject, not least because of its double standards

Brian Chappell looks at why the backdoors of the Snooper's Charter are so repugnant to tech firms and how it can't be reconciled with the government's own directive to businesses to protect people's personal data.

Bracing your browser: how to keep the fraudsters at bay

Bracing your browser: how to keep the fraudsters at bay

Whether through loss of financial assets or damage to an organisation's brand, online fraud is becoming more of a problem and has the capacity to significantly and negatively impact a business, says Gad Elkin.

Ensure that your employment contracts are fit for purpose for cyber-security

Ensure that your employment contracts are fit for purpose for cyber-security

Katherine Maxwell says most organisations don't include cyber/data negligence within their employment contracts, and it is often not given the same respect as other employment issues.

Have retailers secured themselves against the Insider threat before you head to the checkout?

Have retailers secured themselves against the Insider threat before you head to the checkout?

The entire company must be aware of security risks, and their role, with safeguards in place to make it harder for mistakes to happen, as well as training to raise awareness of the consequences of a leak says Jens Puhle.

Four Tips to kick-start your web application security effort

Four Tips to kick-start your web application security effort

Ian Muscat offers four crucial tips on securing web applications - with the general theme of being prepared.

How will the new EU-US privacy shield fit with the upcoming General Data Protection Regulation?

How will the new EU-US privacy shield fit with the upcoming General Data Protection Regulation?

Tracey Stretton and Lauren Grest look at the EU-US Privacy Shield and the consequences of the Schrems judgement for international data transfers and how it (or any successor) fits into the EU GDPR.

Leading the fight against loyalty fraud

Leading the fight against loyalty fraud

Loyalty points have value. And when something has value, criminals will want to get their hands on it. So retailers and consumers have to work to keep these loyalty programmes safe according to Don Bush.

Last Word: GDPR could help Europe take the lead for breach notification

Last Word: GDPR could help Europe take the lead for breach notification

Companies operating in Europe have until 2018 to comply with compulsory breach notification under the EU GDPR or face heavy fines, but Gant Redmon says this could be a good thing for the industry and provide a global legislative model

Identity management in the post-Persona world

Identity management in the post-Persona world

The impending demise of Mozilla's identity management system, Persona, doesn't thange the fact that a sound blend of password management and unified authentication is the future of identity management says V Balasubramanian.

Three reasons to consider Managed Security Services

Three reasons to consider Managed Security Services

Jeff Finch offers reasons for organisations to take advantage of Managed Security Services (MSS).

Biometrics deployed with a fallback password: statistics on false sense of security

Biometrics deployed with a fallback password: statistics on false sense of security

Hitoshi Kokumai provides follow-up statistical data regarding "False sense of security" confirming eroneous perceptions exist regarding identity verification when two factors are used but not not linked.

Governments, criminals and personal privacy - the question of encryption

Governments, criminals and personal privacy - the question of encryption

Two recent events have highlighted the issue of whether service providers should be forced to find a way to give government agencies access to encrypted, private communications says Richard Anstey.

Cyber-security - Kryptonite for lawyers

Cyber-security - Kryptonite for lawyers

Analysis of the website of Mossack Fonseca, of Panama Papers 'fame', reveals glaring security weaknesses. The firm is not the only one to have been targeted by cyber-attacks. Emily Taylor suggests law firms are easy targets.

The vulnerability of remote working for financial institutions

The vulnerability of remote working for financial institutions

Claus Rosendal says financial services are a hot target for cyber-criminals, and observes that they may consistently gain access via remote workers.

C-level cyber-awareness: the disconnect

C-level cyber-awareness: the disconnect

Bridging the gap between executive awareness and enterprise security requires teams to provide greater visibility into programme performance and regularly communicate about emerging threats says Matt Middleton-Leal

Disaster recovery confidence crisis is wholly avoidable

Disaster recovery confidence crisis is wholly avoidable

A lack of rigorous disaster recovery testing by UK organisations is leaving a large chunk of plans unfit for purpose says Peter Groucutt.

How the GDPR could help Europe take the lead for breach notification

How the GDPR could help Europe take the lead for breach notification

Companies operating in Europe have until 2018 to comply with compulsory breach notification under the EU GDPR or face heavy fines, but Gant Redmon says this could be a good thing and provide a legislative model.

Why companies using SCADA systems need to wake up to the increased threat of cyber-attacks

Why companies using SCADA systems need to wake up to the increased threat of cyber-attacks

Ukraine's power supply suffered one of the most high profile targeted cyber-attacks on infrastructure ever- but the route - via phishing - is one of the oldest, emphaising the need for increased staff awareness says Mark Logsdon.

The Apple hack: A problem specifically engineered to protect us

The Apple hack: A problem specifically engineered to protect us

The FBI got around ordering Apple to cooperate in breaking its own security, but when the next case arises, and it will, should the company refuse to help, the outcome will have far reaching implications says Chris Peel.

Organisation: Know thy employees to detect and mitigate security risks

Organisation: Know thy employees to detect and mitigate security risks

Cyber-security threats are continuing to increase around the globe, including at small and large organisations in the United Kingdom says Mat Ludlam.

Privacy by design: Ensuring GDPR achieves its security goals

Privacy by design: Ensuring GDPR achieves its security goals

Compliance is sometimes described as a box-ticking exercise. Bruce Jubb explains why the GDPR must be more than that.

What's your approach to cyber-security?

What's your approach to cyber-security?

Richard Beck takes a look at how UK businesses plan to tackle cyber-threats to corporate security over the coming year.

The end of password expiry

The end of password expiry

Changing passwords is no longer advised by CESG and Barry Scott says businesses should be encouraging users to think about how passwords are used and adopt additional security that works in tandem with passwords.

Three reasons CIOs are paying more attention to vendor management

Three reasons CIOs are paying more attention to vendor management

By focusing on key supplier relationships as well as providing transparency deep into the chain of suppliers, a truly strategic VMO can oversee service delivery and value creation across the global business says David England.

Insider threats aren't always malicious: how organisations allow employees to continue to be the weakest link

Insider threats aren't always malicious: how organisations allow employees to continue to be the weakest link

Norman Shaw unpicks the innocent mistakes that employees make which, unlike cyber-security, there's no budget to reduce.

What is the price of healthcare cyber-attacks?

What is the price of healthcare cyber-attacks?

Cyber-attacks that harvest data have been gaining momentum, increasing in destructiveness and targeting progressively higher-profile organisations. However, this is not a problem limited to consumer-facing corporations says Ian Trump.

Old computing code puts millions at risk as glibc vulnerability exposed

Old computing code puts millions at risk as glibc vulnerability exposed

Anyone running glibc 2.9 or above should upgrade to a later version or apply a vendor patch now as malware authors will be looking at this bug closely given its remote code execution capabilities says Carl Leonard.

The four cornerstones of a smart workplace

The four cornerstones of a smart workplace

Drone deliveries, mobile car parking assistance, keyless building access. They're all possible now but Mark Furness asks how much is necessity and how much is pure hype?

Where do you start when building an insider-threat programme?

Where do you start when building an insider-threat programme?

Identify and prioritise your critical data, where it's held and who has access to it as the first steps to build your insider-threat programme advises Keith Lowry, and look at it as a business and not a technology issue.

Throwaway security terms and the danger to businesses

Throwaway security terms and the danger to businesses

As the headlines continue to be filled with stories of sophisticated cyber-attacks and high-profile data breaches, businesses are beginning to realise that they could easily be the next victim says Brent Kozjak.

Have liberated workers become a security nightmare for law firms?

Have liberated workers become a security nightmare for law firms?

The digital revolution has freed data from the office to multiple devices, bringing with it issues of secure acess, compliance and reputational integrity, which even smaller law firms must now address explains David Meyer.

Seven points to understand about cloud security

Seven points to understand about cloud security

By recognising and addressing the specific risks associated with use of cloud solutions, companies can overcome their fears and shift from a strategy built around minimising change to one optimised for change says Gordon Haff.

The reality of targeted cyber-attacks

The reality of targeted cyber-attacks

To tackle targeted cyber-attacks, Bob Tarzey says research and experience concur: put measures in place to prevent attacks happening, take action when one is underway and the clear up after the event when one succeeds.

Short term gain, long term pain: Avoiding IoT security shortcuts

Short term gain, long term pain: Avoiding IoT security shortcuts

In the rush to be first to market many organisations overlook basic IoT security principles, putting users at risk. Thomas Fischer urges, take time to build robust security protocols into products, rather than trying to retroft them.

Privacy's new clothes

Privacy's new clothes

Timothy Edgar suggests that the new Privacy Shield set replace the US-European Union Safe Harbour framework, is no shield at all and will not protect the privacy of European data held in the US.

10 things we can expect in the year ahead

10 things we can expect in the year ahead

Following the huge number of data lapses, last year will be remembered as the 'year of the breach' says Paul McEvatt who advises that we prepare for more frequent and diverse attacks in the year ahead.

The Ransomware threat: How companies can better protect themselves

The Ransomware threat: How companies can better protect themselves

Kevin Foster's advice for actions that companies can take to protect themselves against ransomware may be considered basic - from ensuring back-ups to not clicking on links - but they are actions that many neglect to take.

Secret sharing - The alternate security methodology

Secret sharing - The alternate security methodology

Secret Sharing - taking data and using randomisation to compute different shares (numbers) that only together define the secret/data - could be evolved to become a full-blown authentication protocol says Shlomi Dolev

False sense of security spreading on a gigantic scale

False sense of security spreading on a gigantic scale

Hitoshi Kokumai explains how increased access options improve convenience, but actually reduce security if each autonomously offers access, while creating a false sense of improved security as two factors get mentioned.

EU-US Privacy Shield to replace Safe Harbour

EU-US Privacy Shield to replace Safe Harbour

Pulina Whitaker examines the new EU-US Privacy Shield replacing the Safe Harbour programme

Open source security: know your code

Open source security: know your code

Adopting open source software isn't a question of "if" anymore, but of "when?" suggests Mike Pittenger.

Why passwords alone are not enough

Why passwords alone are not enough

With the rise in phishing and social engineering techniques, even a hard-to-crack password is not enough to combat the risk of compromised user accounts according to Steve Manzuik.

Preparing for the EU GDPR: What You Need To Know

Preparing for the EU GDPR: What You Need To Know

The biggest change in data privacy regulation to date has been ratified by the European Commission says James Walker. How might the new law affect you?

How to deal with the blind spots in your security created by SSL encrypted traffic

How to deal with the blind spots in your security created by SSL encrypted traffic

Robert Arandjelovic provides practical advice for CISOs, examining five of the most common network traffic inspections to protect against attacks that use security holes found in SSL encrypted traffic.

The new security landscape: more encryption, more problems

The new security landscape: more encryption, more problems

The Certificate Authority (CA) model is broken and the value of certificates is being chipped away, resulting in a lack of trust says Kevin Bocek, adding that his might lead users and even the major browsers to begin to rank CAs.

SSL visibility: decrypt and conquer

SSL visibility: decrypt and conquer

As internet traffic is increasingly encrypted, so the need to inspect encrypted traffic grows as that's where the malware will be says Ron Symons, adding that the time to invest in such systems is now.

Video: Building blocks of IT security 4 - Through-Life Operation

Video: Building blocks of IT security 4 - Through-Life Operation

Building blocks of IT security 4: Through Life Operation can be unglamorous and unpopular because it can be where the realities of earlier expedience-driven omissions, reductions in capacity and capability come home to roost, says Tony Collings.

Instilling a culture of security

Instilling a culture of security

Increasing focus on cyber-security once meant buying "yet another box." Gert-Jan Schenk says now businesses need to shift from defence to offence and instil a culture of security which needs to come directly from the CEO.

Apple security trends: What's on the horizon?

Apple security trends: What's on the horizon?

Apple Macs used to be considered near-impenetrable, but Steve Kelly says an evolving threat landscape, maturing marketplace and increase in business use means that reputation is changing rapidly.

While hackers hit the headlines, insider threats should not be forgotten

While hackers hit the headlines, insider threats should not be forgotten

Insiders with authorised access to sensitive information represent credible and growing security threats, which businesses should ignore at their peril says Mark Kendrew.

Why CISOs must act now to lock down third party risk

Why CISOs must act now to lock down third party risk

Third parties are an ignored risk says Raimund Genes who advises, review your contracts and prioritise your third parties based on risk - for example, what kind of data can they access, for what purpose and in what volume?

Video: Building blocks of IT security 3 - Acceptance into service

Video: Building blocks of IT security 3 - Acceptance into service

Having delivered a properly thought through requirement at building block 1 and a mature design with some development testing at block 2, we now move to block 3 where build-out of the design and the intensive programme of testing and acceptance into service is to be achieved, says Tony Collings.

Stop waiting and start hunting

Stop waiting and start hunting

Mav Turner explains why threat hunting is a growing focus for IT security strategies.

Does your MSSP have you covered?

Does your MSSP have you covered?

There are many managed security services on the market - the variety and scope of which can be confusing. Luke Ager considers what matters most.

Sharing Data Securely

Sharing Data Securely

There is a basic tension when it comes to both securing data and having it readily accessible, and this tension needs to be frequently addressed when considering the sharing of big data both within an organisation and outside it says Ted Dunning.

Beating 'defeat devices' in advanced malware

Beating 'defeat devices' in advanced malware

Criminals are developing malware that knows when it's being investigated and actively evades detection. Aatish Pattni describes a new way to protect networks.

Video: Building blocks of IT security 2 - Design and development

Video: Building blocks of IT security 2 - Design and development

In instalment two of his four-part viewpoint series, Tony Collings outlines the design and development phase of the project - the key challenge: getting the solution right.

A data revolution in the Fourth Industrial Revolution

A data revolution in the Fourth Industrial Revolution

Today, as the Fourth Industrial Revolution (Industry 4.0) gathers pace, all areas of industry are experiencing new technological changes at a speed, scale and force unlike anything we have ever seen before says Paul Appleby.

Why passwords will never die

Why passwords will never die

Fundamental issues with the nature of security mean that passwords aren't going anywhere for the foreseeable future says Bill Carey who sees their role remaining as part of multi-factor solutions.

Five cyber-security trends to watch

Five cyber-security trends to watch

Dr Adrian Davis shares his top EMEA technology and security trends to watch this year including changing consumer expectations of data use and privacy as its value becomes apparent.

Into the Mind of a RAT operator

Into the Mind of a RAT operator

Both Dyre and Dridex Trojans now use a combination of local redirection and RAT to effectively escape detection by current anti-fraud and security tools, but Uri Rivner says real-time behaviour analysis can still spot the bad guys.

Video: Building blocks of IT security 1 - Establishing the requirement

Video: Building blocks of IT security 1 - Establishing the requirement

In instalment one of his four-part viewpoint series, Tony Collings outlines the first of his essential building blocks for the successful implementation of an IT project: have you got the business requirement right?

Four key predictions for enterprise security in 2016

Four key predictions for enterprise security in 2016

The threats faced and intelligence needed in enterprise security is always changing and the organisations that stay on top of these trends will be best placed to handle whatever comes their way says Mark Hughes.

Secure Shell (SSH) the key to the post-password world

Secure Shell (SSH) the key to the post-password world

The humble password is often seen as obsolete and ineffective. David Howell suggests that Secure Shell (SSH) key technology has several key advantages and can help to deliver the post-password world.

Security in the age of network virtualisation

Security in the age of network virtualisation

Many enterprise CIOs are learning how Software Defined Networking (SDN) and Network Function Virtualisation (NFV) can bring about business transformation as well as IT efficiencies says Craig D'Abreo.

Three things real-time DNS analysis can reveal about cyber-attacks and vulnerabilities

Three things real-time DNS analysis can reveal about cyber-attacks and vulnerabilities

New tools are making real time data analysis and exploration of DNS traffic possible. This is turning previously ignored data into a source of valuable insight says Chris Griffiths.

TalkTalk's cyber-security lesson

TalkTalk's cyber-security lesson

The TalkTalk breach was not an isolated incident says Clayton Locke who advises companies on the need to monitor user-behaviour for inconsistencies.

Know your enemy: making a business case for identity and access management

Know your enemy: making a business case for identity and access management

If 2015 is anything to benchmark against when it comes to data breaches, then 2016 should be the year that businesses button down against the escalating issue of ID and access management says Paul Trulove.

Data transfers after Schrems: discord in the EU

Data transfers after Schrems: discord in the EU

The EU Court of Justice's Schrems decision essentially declared the US-EU Safe Harbour to be invalid. However, the immediate practical consequences of Schrems remain unclear say lawyers at White & Case.

Are firewalls still relevant to security?

Are firewalls still relevant to security?

With many in the IT security industry predicting the imminent demise of the firewall, Nimmy Reichenberg argues that it remains integral to protecting an organisation's networks.

Keeping abreast of governance risk and compliance goals

Keeping abreast of governance risk and compliance goals

More data is shared online every second today than was available across the entire internet 20 years ago. It is therefore no wonder that thriving in the resulting big data economy requires advanced tools says Lubor Ptacek.

International fraud trends

International fraud trends

As e-commerce opportunities continue to develop, so too do fraud strategies. The fraudsters' approaches are multifaceted and knowing your customer is not enough says Andrew Edem.

Is your reputation at risk?

Is your reputation at risk?

2015 saw businesses worldwide face a formidable challenge when it comes to data security. As a result, companies are quickly realising the risk of cyber-attacks is becoming more and more likely Tim Critchley explains.

Can bug bounties replace traditional web security?

Can bug bounties replace traditional web security?

Bug bounties may appear to be an attractive way to crowd-source security testers and only pay on results, but there may be serious pitfalls for your organisation's cyber-security, says Ilia Kolochenko.

Recognising and combating insider threat

Recognising and combating insider threat

When looking for the insider threat, don't assume you will find a Snowden or Manning in your midst - you may find instead that someone in a trusted position has become an unwitting helper for an outside threat, says Dr Eric Cole

The rise of the political and ideological motivated attack

The rise of the political and ideological motivated attack

Hacking sources are proliferating so organisations need to understand their risk of political or ideological attack, install proactive security defences and be able to detect and contain threats quickly,says Dan Holden.

Protecting personal data during HMRC phishing season

Protecting personal data during HMRC phishing season

While people are wary of shopping on banking online, use of goverment services is potentially more risky due to the nature of information provided explains Brian Spector, with phishing particularly prevelant at tax-return time.

The 'silver lining' of growing cyber-security concerns

The 'silver lining' of growing cyber-security concerns

Oscar Arean predicts that 2016 will be the year that IT managers finally start to see more buy-in from the rest of the business when it comes to cyber-security.

Last Word: A CISO checklist

Last Word: A CISO checklist

Understanding how a breach impacts your business is crucial to deciding how to respond explains Andrew Nanson, CTO cyber at CORVID

2 Minutes On: Safe Harbour ruled invalid

2 Minutes On: Safe Harbour ruled invalid

The data-sharing agreement known as Safe Harbour was ruled invalid on 6 October by the Court of Justice of the European Union, with widespread ramifications for organisations ranging from cloud computing providers to multinational companies that move information across the Atlantic.

Shadow IT and the Middle East - innovation versus risk

Shadow IT and the Middle East - innovation versus risk

The onus on forward-thinking businesses shouldn't be on stamping out shadow IT, says Ed Macnair, but rather encouraging employees to adopt and get the most out of their tools of choice in a secure and productive fashion.

Lessons learned? A look back at five cyber-security trends of 2015

Lessons learned? A look back at five cyber-security trends of 2015

2015 was another big year for cyber-security headlines. In fact, the past 12 months have seen some of the biggest data breaches on record, across a wide range of global industries and sectors notes Luke Brown.

Are backdoors a necessity, or just a 'welcome' sign to hackers?

Are backdoors a necessity, or just a 'welcome' sign to hackers?

In today's age of political instability are backdoors necessary to safeguard national borders, or would it instead increase technical vulnerability and undo the progress that encryption has provided, asks Rick Orloff?

Fighting a war without being at war

Fighting a war without being at war

Cyber-warfare is not replacing conventional warfare, but becoming an integral part of the military toolbox to be used in hybrid-warfare, but - so far, more for disruption than destruction, as Jarno Limnéll explains.

Ensuring IT resilience in the face of change

Ensuring IT resilience in the face of change

Most organisations don't know how their networks can handle the worst hacks or high-stress traffic anomalies. Richard Page suggests new solutions for hardening IT infrastructures and security defences are needed.

The rise of hybrid IT and the implications for CISOs

The rise of hybrid IT and the implications for CISOs

Paul Donovan highlights how Hybrid IT is affecting the user, the CISO and the organisation and what should be done to reduce the security risk that this new game changer poses.

Why password sharing has become a common working practice

Why password sharing has become a common working practice

François Amigorena explains how and why password sharing has become popular in business today

Contain yourself: The new wave of cyber-security

Contain yourself: The new wave of cyber-security

Enterprises spend millions combatting cyber-attacks, but much less on threats inside their systems, says Tom Patterson. Containment via micro segmentation is one way for enterprises to fight back.

Rethinking how we relay risk - why poor cyber-risk reporting is still an issue

Rethinking how we relay risk - why poor cyber-risk reporting is still an issue

Risk may be now on the corporate agenda but cyber-risk reporting remains an issue. So James Henry asks how do we ensure risk becomes actionable intelligence?

Generation Z: A security conundrum

Generation Z: A security conundrum

Generation Z, the internet generation, brings its own devices, but also its own apps and approach into the enterprise; Diana Wong explains how we must adapt our security to recognise and cater for this change.

JD Wetherspoon breach: three data management mistakes that could have been avoided

JD Wetherspoon breach: three data management mistakes that could have been avoided

Following the JD Wetherspoon data breach, there are many questions about the cause and the mistakes that led to it. But the company's mistakes offer valuable lessons for other businesses as Pat Clawson explains.

Social media is more than just a phishing risk

Social media is more than just a phishing risk

Most organisations know about the phishing risks of social media - Ian Trump looks at why social media presents other risks to an employer, and what can be done about it.

Germany's approach to securing critical infrastructure - a benchmark for others?

Germany's approach to securing critical infrastructure - a benchmark for others?

Wolfgang Kandek notes that a key concern for countries securing critical infrastructure is ensuring legislation compliance doesn't limit flexibility, and asks if new German laws might provide a benchmark.

Companies beware: The dark web is easier to find than you think

Companies beware: The dark web is easier to find than you think

Julian Meyrick explains how companies should work toward a better understanding of the Dark Web and have useage policies in place for any rare instances where it is not blocked to employees.

Check Point Security Predictions for 2016

Check Point Security Predictions for 2016

Simon Moor, UK regional director for Check Point gives his security predictions for the coming year, featuring Scada, IoT and wearable attacks increasing but most problems still due to software vulnerabilities unpatched.

It's the tools not the talent: the flip side to the cyber skills debate

It's the tools not the talent: the flip side to the cyber skills debate

Technology, which can offer scale, speed and simplicity, needs to be adopted and, importantly, the benefits need to be understood by the board so that time and education is a dedicated part of staff training says Richard Olver.

Getting smarter vulnerability management by applying some intelligence

Getting smarter vulnerability management by applying some intelligence

Brian Chappell explains how technology can help us make sure we are focusing on the right things that will deliver the biggest bang for our buck, after all, only a small percentage of the vulnerabilities we have are easy to exploit.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US