Dieter Lott discusses the security and networking solutions market and how organisations should be adopting a new proactive approach to security breaches given that IT infrastructure is in a constant state of change.
Teach children to code and, yes, even to hack so they learn about the power and potential perils of the internet, says Nick Banks.
Patrick Peterson examines why organisations need to focus on both external and internal assets to address the phishing threat.
It must be hard as an IT security professional not to feel overwhelmed by the sheer scale and sophistication of the threats facing your organisation, as the language used to describe modern cyber-attacks has become increasingly militaristic.
Preference for technical solutions, rather than organisational change is resulting in over-investment in stopping cyber-attacks rather than detecting attacks and defending data says James Henry.
Companies should build a holistic and forward-looking cyber-security programme capable of forecasting potential security threats and alleviating those risks before they cause serious damage says Piyush Pant.
The new government needs a new cyber-security policy as a priority - with sufficient resources - and drawn up by people with a good understanding of the issues, says Raimund Genes.
Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network explains Roman Foeckl
We must monitor cyber-criminal connections to follow attackers back to their source and have mechanisms − technical or legal − to stop them resuming their activities elsewhere says Neil Campbell.
Jen Andre and Cameron Camp debate online financial security
Cyber-insurance is the new go-to for large corporations trying to defend themselves from data breaches, but the UK is lagging behind - and that is something the government wants to fix.
MS Windows 2003 servers (WS2003) reach end of life on 15th July 2015 - but don't panic! They'll still operate in the same way, but could become more susceptible to cyber-attack warns Kevin Linsell
Removing human interaction with passwords and automating their selection and frequency of change is certainly a step in the right direction says Richard Walters.
Due to the complexities of IT security, achieving clarity on cyber-insurance policies is going to be a growing challenge says Rowland Johnson
SMEs need to be aware of the risks faced, whilst implementing quick and easy protective measures that will make them more secure than the average victim says Chema Alonso
Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.
Public-private partnerships in cyber-security are needed with governments helping protect their private sector from cyber-espionage - as demonstrated in Finland and Israel
Time to set the record straight on email authentication: DMARC won't get spam into the inbox, says Rob Holmes
Building a database security strategy is the first step for a company in ensuring security has been addressed inside out says Alan Hartwell.
A new approach to mobile user protection should focus on self-defending apps that provide an integrated, dedicated and secure solution to cyber-crime threats suggests Tom Lysemose Hansen
We need to see all results of government initiatives - both positive and negative - if industry, and especially SMEs are to act on them says Alan Carter.
Too many false positives inevitably reduce response times - and even response numbers - so raise the verification bar and thereby limit them says Chandra Sekar.
In the wake of successful cyber-attacks, and security incidents taking down some of the biggest brands on the planet, impacting critical infrastructure and banking systems alike, it may be asserted that, when it comes to technology, by evidenced implication, it would seem to be exposed, fragile and vulnerable.
Targeted emails with infected attachments are the hacker's weapon of choice but there are ways to avoid being spiked by spear phishing says Noam Green.
Few understand the value of their website to hackers says Ilia Kolochenko, warning that even an individual blog is potentially at risk.
A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.
Better understand what's happening on your network and you'll be better prepared to tackle hostile intruders says Corey Nachreiner.
Security is needed everywhere within the software-defined data centre as physical security is no longer an adequate defence against current threats says Dr Gerhard Knecht.
Unsanctioned subsidiary Apps are coming into the enterprise via sanctioned 'anchor' apps - with 35.1 percent of all app sessions occuring across four main ecosystems of Box, Dropbox, Google Apps, and Salesforce explains Rajneesh Chopra.
IT staff have greater access privileges - and ironically, even more so when they are junior - making them worthwhile researching by spear-phishers warns Kev Pearce.
We're all potentially in the global data market now, so do your research, ensure you know your market, and take every preventative step you can says Jonathan Armstrong.
Relying on cyber-insurance when your defences are actually negligent will increasingly become unsustainable - and unavailable - says Philip Lieberman.
2015 could be the year of DLP, argues Guy Bunker.
A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.
Implement a structured response with automated systems to bring down the cost of chasing false positives says Brian Foster.
Monolithic operating systems will attract attackers, and speed to market will trump security, so expect patches and be intelligent about how vulnerabilities are fixed says Raimund Genes.
Should fingerprint-based data leakage protection be declared dead asks Peter Tyrrell, suggesting it just doesn't scale for the hyper-connected world.
IT security issues continue to hit critical services, but do we, the public, ever know for sure if they are due to error, system failure, or an attack?
CISOs are increasingly being asked to take on greater management responsibilities, but are they subsequently being divorced from their firm's true security maturity?
Suspicious activity now needs to be monitored in the entire processing chain, hence implementing PCI DSS 3.0 helps stop attacks before compromises occur says Ross Brewer.
Deal with APT intruders logically, not emotionally, and get the upper-hand - even if that means leaving them on the network says Mike Auty,
Containerisation - separating business and personal data and apps - is an effective way to ensure BYOD doesn't compromise corporate data security says David Brady.
Token-free, multi-factor authentication using mobile phones provides the real-time convenience and flexibility that today's work environment requires says Torben Andersen.
Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.
As the internet of things rolls out into every aspect of our lives, new security issues will arise, and regulators need to ensure minimum standards apply says Geoff Webb.
Combatting tomorrow's cyber-security threats with yesterday's flawed technology approach is an unreliable strategy, says John Suffolk.
Cyber-crime figures are a dime or dozen but are they really improving your security, asks Ken Munro.
Decide on your mobiles policy, then choose the technology that allows that policy to be delivered says Sergio Galindo.
Driverless cars put our lives rather than our data at risk and cyber-security should therefore be a crucial component in design, to deliver trust, says James Knotwell
As terrorist sympathisers hack non-military sites, and oppenents hack back, we are all now potential targets says John Walker.
The economics of cyber-crime make your network an attractive target. Change the economic incentive and you'll reduce the threat says Guarav Banga.
If you don't understand what the benefits of a software-defined data centre are how are you going to know how to secure it asks Kevin Linsell.
Compliance with PCI DSS 3.0 is primarily about enforcing everyday security best practices, but Stuart Facey notes that secure third party access is a key part of that approach.
A good spying programme in the 21st century cannot exist without good covert spyware. So it's time to put a military discipline behind defending our state IT infrastructure says Ralf Benzmüller.
New data sovereignty regulations should not be seen as an obstruction, but as an opportunity to increase market share with innovative offerings says Cameron Burke.
Every sensor has the potential to be used for malicious logging - and anti-virus based systems aren't an effective defence says Janusz Siemienowicz who adovcates monitoring of behaviour.
CISOs and CSOs need to ensure that their staff are aware of and able to tackle all the threats they face, and know how to deploy the most appropriate technology at their disposal says Kalyan Kumar.
Encryption will be used by the bad guys, and so will any back-doors, regardless of legislative bans which would only hit UK business - except its so unworkable it won't happen says Raimund Genes.
The emergence of services such as cloud computing, data analysis, social business and mobility has brought corporate IT to what market research company IDC has dubbed the "third platform". But Wieland Alge asks, what will the third platform mean for the CIO role?
Learn from the misfortunes of your peers and prepare to defend against repeat use of the same cyber-attack techniques as part of your defence planning advises David Stubley.
With the attack surface, or perimeter, expanding exponentially, and attackers inside the network, the focus should now be on finding and stoping them - concentrating on how data leaves the system - says Chris Marrison.
Mobile Application Management, with secure access and separation of work and personal use can establish employee trust in a company's BYOD policy says Alan Hartwell.
Vast volumes of data are travelling to work and back each day stored on employee devices, but in many cases even the most basic protection policies are not in place explains Kelly Brown.
We don't have the levels of government protection from a cyber-attack that we would have if armed men attacked, so we need to make our own plans says Eddie Schwartz.
The personal cloud can be managed in three easy steps and secure the apps that employees are going to use regardless of policy, says Ojas Rege.
The problem with passwords, is users says Francois Amigorena, and overcoming user-error can make passwords fit for purpose once again.
David Reed explains the 'corporate owned, personally enabled' approach taken by PA to manage the mobile devices used by its employees.
2014 was a watershed year for the information security industry when it became a concern for everyone, and Elad Sharf says it is critical that in 2015 we learn the lessons of last year and ensure our data is securely protected.
The UK's National Computer Emergency Response Team (CERT-UK) has shown some promising signs in its first year, with the connected Cyber Security Information Sharing Partnership (CiSP) initiative looking to improve cross-sector information sharing on security threats.
Gareth Lindahl-Wise, CISO, ITC Secure and Quentyn Taylor, director of information security, Canon EMEA debate if CISOs must have a technical background
Time to take stock, audit your assets and their security - including both response plans and staff, and address any outstanding issues says Nick Pollard
For our special Reboot section, we took the opportunity to look back not just on the last 12 months, but the last 25 years SC has been entrenched in the information security space.
Dr Richard Piggin, in a blog published this week, notes how concerns about the vulnerability of control systems have been vindicated following the issuing of details about an attack on a German steelworks.
Christmas is the season for giving, but for IT security teams that can create numerous problems, says Terry Greer-King.
You need to delve deeper into the risks in your supply chain to really know what your exposure is says Nick Ford.
There's no such thing as a PCI DSS compliant solution, and companies, meaning merchants, remain responsible for lost data says Robert Crutchington.
Dense population and its role as a transportation hub has pushed the UK to ensure good security for APIs exposed in use, integrating borders and government agencies, says Jason Macy.
Questions need to be asked of Patch Tuesday and Microsoft's approach to it, says Robert Brown.
Take human memory out of the equation and passwords remain a viable access option says Emmanuel Schalit.
Many IT security professionals are chossing commercial open source solutions for security reasons rather than economy by says Olivier Thierry.
Kirill Slavin explains why focus can beat diversification in a fast-evolving market place.
Eduard Meelhuysen suggests we should consider taking cloud security tips from the world's biggest boy band, and asks: are we heading in the wrong direction on cloud apps?
Sophisticated malware feeds into script kiddie tools, enabling embittered individuals to take on corporations and governments. What are the consequences asks Sarb Sembhi?
When it comes to the Internet of Things (IoT), the presumption is that it just works, but the physical connection and the security behind it cannot be overlooked, says Phillip Keeley.
The sophisticated Regin malware raises new questions about the software we're using, says Tony Dyhouse.
Among the many elements that make up a successful information security programme, street cred is one with many ramifications and consequences says Josh Goldfarb.
Companies must understand how security works inside - and outside - their organisation, argues Seth Berman.
Better understanding of the potential gains offered by the cloud will make the move easier to contemplate says Aidan Simister who outlines what companies should be looking for in a provider.
A pessimistic approach to future threats is advised by Chris McIntosh as the necessary attitude to minimise the extent to which they happen, and bolster our preparedness to cope if and when they do.
Security needs to be a concern throughout the software development cycle, not just a developer issue, nor simply tagged on at the end says Stephen Morrow.
Paul Bonner advises companies merging to take the best security practice from each component company, and not impose the practices of the dominant player - or resistance is likely.
B2B websites could learn a lot about security from their consumer facing compatriots suggests Bob Tarzey.
Companies should reconsider cloud-security perceptions says Pathik Patel, noting that recent software vulnerabilities such as Shellshock had less affect on cloud-based services than premises-based apps.
Preparation and organisation can enable effective security for one man SOCs or small teams explains Joe Schreiber.
A holistic approach to information security is needed to overcome the shortcomings of a Risk Management approach says David Stubley.
James Solyom, head of cyber protect and cyber respond at Control Risks, examines how organisations can avoid making expensive mistakes that leave them open to cyber-attack.
The growing cyber-threat landscape poses some awkward questions for present and future authentication methods, argues Barry Scott.
The video games industry generates billions of revenue, but only 20 percent achieve profit, due to cheats breaching security, hence the need for stricter implementation and enforcement of controls says Amit Sethi and Rennie Allen.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Scone: Bettys Tea Shop loses 122,000 customer records in data breach
- Update: GCHQ and police hackers protected by revised Computer Misuse Act
- UK web admin tool infected to access 'gold mine' of data
- 'Burnt-out' security pros hide breaches, demand bigger budgets
- Freaky 'LogJam' TLS flaw weakens web encryption for MiTM surprise