Moves to increase SME participation in government IT tendering drew criticism, but Peter Groucutt explains how G-Cloud has helped reduce security concerns as one of the objections
Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.
App vulnerabilities need to be thought about holistically, so the network and database in which they reside also need to be considered says Josh Shaul.
The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.
A different attitude to privacy and security among many new workplace entrants is a potential risk that has to be managed says Chris Sullivan.
Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.
Josh Goldfarb asks how can the infosec community move from informal and exclusive trust circles to more mature formal information sharing approaches, without losing agility and effectiveness.
International use of personal data emphasises the differing laws that need to be adhered to, but there are solutions explains Alan Kessler.
Technology and standards need to evolve to cope with the rise of the connected car says Fred Kost.
The government's initiative to set a baseline certification scheme for cyber security, Cyber Essentials, is now underway and John Godwin encourages companies to get certified as soon as possible.
The ever-changing threat landscape is causing problems, with many business networks unable to keep up with the pace of innovation, argues Gavin Millard.
Further lessons from Heartbleed, beyond the hype, include caution when listening to advice, such as re-setting passwords, says Chris Russell.
A holistic approach to security management is needed to bridge the gap between stategy and technology says Chris Yule.
When the two IPs meet (intellectual property and internet protocol) the value of the business becomes vulnerable says Dave King, with IT often just providing a sticking plaster to hide C-suite ignorance.
Industry needs a brighter collaborative approach to help bring it out of the dark ages says Alan Carter
Don't capitulate, have a plan in place, and of course, prevention is better than cure when it comes to tackling the prospect of DDoS ransom attacks says Dan Holden.
Nation-state attacks on CNI will be faciliated by the internet of things, and government regulation is needed to set standards, but the actual likelihood of CNI attacks remains very low says Raimund Genes.
The tools exist to by-pass many data leakage programmes and facilitate mass exfiltration of data, so enable internal whistelblowing - to avoid external access says Edward Parsons.
It's not enough to protect your own network, you also have to be prepared to cope with third party negligence, says Brian Foster.
Charles Sweeney asks, are your staff inadvertently leaving the back door open via an innocent lunch-time browse?
Third Party IT services suppliers must reassess governance, risk management and compliance responsibilities.
The ability to detect and respond when your security is breached are of paramount importance in ensuring organisational resilience says Alan Calder.
Spreadsheets should be banned from the risk management process as they are no longer up to the job says Keith Ricketts.
The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.
Dated data protection laws, punitive punishments and an inability to classify data are problems for businesses in the age of ever-increasing data breaches, says Martin Sugden.
Failure to properly monitor and update privileged access is a key vulnerability and Chris Stoneff highlights the leading weaknesses.
Traditional antivirus (AV) products have been taking a beating in the media recently, but why? The reason is simple; they cannot and do not protect you from new malware.
As we rush into the Internet of Things, Mike Ellis suggests we remember Stuxnet, and how the data transferred between objects needs to be protected.
Wearable technology is already appearing in the workplace, so get your policies in place now says Sean Newman.
Mentoring and promotion of success can increase the presence and profile of women in security, but mostly, women must seize their own opportunities says Barbara Nelson.
In the current print issue, SC Magazine UK talks to women in the industry about their experience, asks if data is secure when held by a cloud provider and assesses how ready we are for the new EU Data Protection Regulation.
"We need a mobile app" is a common phrase ushered in business, but the options for doing this aren't confined to native and web-based HTML5.
To ensure the security of your cloud data, bring your own encryption, and keep sole control of the keys, says Paige Leidig.
Big Data security analytics could trump SIEM solutions in the battle to keep out cyber attackers.
Risks have changed and both physical and digital security need to come under one remit suggests Troy Fulton who says organisations needs to adopt a holistic approach to security.
Concerns are largely unfounded, and cloud services are already being used by many companies without them realising says Aidan Simister.
There's issues around the big data emitted by driverless cars, security issues related to control of the cars, but it's the 'governance framework' that needs to be put in place first suggests Raimund Genes.
Get your incident response plan in place, and practice it if you want to ensure you're back up and running quickly following a breach says Ted Julian.
David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.
What are the risks posed by apps and hardware that cross the business/home divide? Dr Guy Bunker asks what policies and security approaches are required?
First step, identify jailbroken devices on your network, says Vince Arneja, then alter data processing and execution modes to protect your data.
Get your contingency plan in place before you suffer a DDoS attack, says Gary Newe, suggesting that you prioritise revenue generators and work through the plan calmly and systematically.
Prepare and automate your responses for standard attacks, so that analysts can focus efforts on the more sophisticated attacks suggests Paul Nguyen.
The emerging concept in preparation of advanced cyber defence is cyber war games.
Symantec's announcement that 'anti-virus is dead' shouldn't surprise anyone. What's shocking is how long it took to admit it.
Resiliency is moving up the agenda, for both attackers and defenders, says Fred Kost, who adds that systems need to be built - and tested - to assure safety.
The rise in casual and contract workers has been accompanied by a rise in employee fraud leading Ching Liu to suggest that this temporary solution could create a permanent problem for many businesses.
When choosing what matters most, don't let compliance alone distract from keeping actual security risks as the top priority says Andrew Jutson
Jamie Bodley-Scott asks, how can organisations protect data on mobile devices if the MDM market were to die - as some suggest it might?
The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.
Use of tokens is one of the ways we might limit the amount of sensitive data linked to our cards suggests Tim Critchley.
Secure your social media platforms or risk brand damage and worse says Matt Middleton-Leal.
You can use the cloud with confidence says John Sidhu, so long as you do your homework about what regulations apply, put appropriate safeguards in place then ensure you implement them.
Information security is too low down the corporate agenda suggests Ilia Kolochenko who advocates 'security consciousness' throughout the organisation.
Andrew McLean explains why security is the new differentiator for the cloud.
Knowing what's normal on the network will help identify attacks says Dirk Paessler
PCI compliance is like meeting food safefy standards, explains Tim Lansdale, its there for the benefit of customers.
Raimund Genes asks, If even Obama's ditching the BlackBerry, what hope does the IT department have?
Unless shortcomings are resolved and benefits trumpeted, the potential advantages of the G-Cloud will remain largely ignored says Campbell Williams.
If you don't classify your data, you don't know what needs protecting says Martin Sugden, suggesting the latest GSC scheme emphasises the importance of data.
The cycle of updating software at the end of life has, itself, reached its end of life with managed services the way ahead says Kevin Linsell
We currently provide our personal details free to data-gathering giants like Facebook and Google, but that won't always be the case, writes Daniel de Bruin.
Companies will have to get used to third-party assessments of their information security risk, says Simon Saunders
The evolving threat of cyber-espionage and how to address it, the onslaught of BYOD in the office and cyber insurance are all on this summer's horizon.
Security and the Internet of Things (IoT) were the top themes of "Embedded World 2014" in Nuremberg, Germany, earlier this year, reports Roland Ackerman
CeBIT further sharpened its profile as one of the world's leading IT events for decision-makers, reports Roland Ackermann
Concerted cooperative effort by defenders should at least match that of attackers, suggests Daniel Shugrue
The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.
As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell
Oganisations need to cooperate and share threat intelligence in order to increase the cost of cyber attacks for hackers suggests Russ Spitler, VP product management, AlienVault
Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.
If you don't want your security training to be as compelling as an airplane safety presentation, vary the content and make an emotional connection says Scott Greaux.
Cyber security can't remain an IT issue. It needs to be addressed and filtered from the C-suite throughout the business, explains Rangu Salgame, CEO of growth ventures at Tata Communications.
Being alert to the danger of outside attacks is one thing, but like charity, security begins at home. Expect the unexpected, warns Geoff Sweeney, CTO of Tier-3.
Precautions must be taken to protect your Bitcoin horde, says LogRhythm's Mark Vankempen
Some may say that the lack of a recognised entry qualification for the information security industry is a good thing, for while professionalising ensures a baseline of competence, it can also be a barrier to talent from unexpected quarters.
A modest DNS investment can pay significant dividends in reducing the impact of DDoS attacks suggests Bruce Van Nice.
Cloud storage is itself under a cloud following Snowden, yet ironically its where the leaked data remains most secure says Campbell Williams
The way to avoid management by crisis is by having a strategy, goals, and plans to achieve them says Jarno Limnéll
Its time to take back third party remote access and increase visibility on the network says Stuart Facey
Amir Lehr asks, What happens when your mobile ends up in someone else's hands?
Consumers need to get smart and be wary when installing and running 'dumb', but connected devices explains Keith Bird
How do they get any sleep at all asks Andy Aplin who advises CISOs to deploy dynamic security systems and strategies and choose an approach which complements the organisation's specific business needs and vulnerabilities
If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning argues David Rimmer
The tools that organizations have relied on to protect their networks are antiquated and no longer work.
Today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether.
Cloud storage will be a hacking magnet suggests David Emm, with the most vulnerable point of entry for attackers being staff.
For those of us tasked with managing the security of the digital world for the enterprise, there are serious ramifications to this evolution of identity. Specifically, how we manage identity must evolve.
Its time for a reality check regarding security vulnerabilities on your wearables says Raimund Genes who suggests that they are not about to cause serious data losses any time soon.
SecureData's Alan Carter asks what was learned from Waking Shark II, and questions whether there be a sequel, or spin-offs of the franchise into other sectors of the economic and physical infrastructure.
From being drawn in by a honypot, through to being compromised, lessons from life can have parallels with what happens online suggests Calum MacLeod.
Jason Jones at ASERT, which discovered the Madness Pro DDoS bot, explains why this malware posses such an ongoing threat
Selecting an appropriate cloud security solution can be simplified by ensuring cloud providers offer different environments with appropriate controls that align with actual risks faced suggests John Godwin
Paul Midian asks, 'How much are you prepared to 'give of yourself' so that algorithms can predict your wants and make your life easier? '
The BOYD focus should be on securing data wherever, rather than being preoccupied with specific devices recommends Dr. Paul Steiner
Security stress testing needs to happen at the development stage says Grayson Milbourne, Director of Security Intelligence at Webroot, who looks at the lessons learned from Snapchat
Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc
Protecting enterprise endpoints in a rapidly evolving threat landscape
2014 could be set to become the year of PTH suggests Calum MacLeod, VP of EMEA at Lieberman Software Corporation
Encryption integrity is called into question following NSA leaks, says Alan Kessler, CEO of Vormetric