This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Real threats start with humans, not technology

Real threats start with humans, not technology

When the two IPs meet (intellectual property and internet protocol) the value of the business becomes vulnerable says Dave King, with IT often just providing a sticking plaster to hide C-suite ignorance.

Securing the energy industry: is success a dead CERT?

Securing the energy industry: is success a dead CERT?

Industry needs a brighter collaborative approach to help bring it out of the dark ages says Alan Carter

The science behind DDoS extortion

The science behind DDoS extortion

Don't capitulate, have a plan in place, and of course, prevention is better than cure when it comes to tackling the prospect of DDoS ransom attacks says Dan Holden.

Critical National Infrastructure: how to reduce industrial-scale risk

Critical National Infrastructure: how to reduce industrial-scale risk

Nation-state attacks on CNI will be faciliated by the internet of things, and government regulation is needed to set standards, but the actual likelihood of CNI attacks remains very low says Raimund Genes.

Insiders can use whistleblowing tools to steal data without a trail

Insiders can use whistleblowing tools to steal data without a trail

The tools exist to by-pass many data leakage programmes and facilitate mass exfiltration of data, so enable internal whistelblowing - to avoid external access says Edward Parsons.

Know thy neighbour: Dealing with third-party cyber attacks

Know thy neighbour: Dealing with third-party cyber attacks

It's not enough to protect your own network, you also have to be prepared to cope with third party negligence, says Brian Foster.

The dungeon of the 'Deep Web'; where even the spiders dare not travel

The dungeon of the 'Deep Web'; where even the spiders dare not travel

Charles Sweeney asks, are your staff inadvertently leaving the back door open via an innocent lunch-time browse?

Regulatory compliance and risk includes third-parties

Regulatory compliance and risk includes third-parties

Third Party IT services suppliers must reassess governance, risk management and compliance responsibilities.

The need for resilience

The need for resilience

The ability to detect and respond when your security is breached are of paramount importance in ensuring organisational resilience says Alan Calder.

Using spreadsheets to manage risk is risky business

Using spreadsheets to manage risk is risky business

Spreadsheets should be banned from the risk management process as they are no longer up to the job says Keith Ricketts.

Heartbleed (remediation) has improved open source cybersecurity

Heartbleed (remediation) has improved open source cybersecurity

The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.

Losing data and facing the ICO

Losing data and facing the ICO

Dated data protection laws, punitive punishments and an inability to classify data are problems for businesses in the age of ever-increasing data breaches, says Martin Sugden.

The top 8 ways that privileged accounts are exploited

The top 8 ways that privileged accounts are exploited

Failure to properly monitor and update privileged access is a key vulnerability and Chris Stoneff highlights the leading weaknesses.

Why traditional antivirus is facing increasing criticism

Why traditional antivirus is facing increasing criticism

Traditional antivirus (AV) products have been taking a beating in the media recently, but why? The reason is simple; they cannot and do not protect you from new malware.

Stuxnet, just the beginning?

Stuxnet, just the beginning?

As we rush into the Internet of Things, Mike Ellis suggests we remember Stuxnet, and how the data transferred between objects needs to be protected.

Wearable technology - don't let security be the trade-off for mobility and convenience

Wearable technology - don't let security be the trade-off for mobility and convenience

Wearable technology is already appearing in the workplace, so get your policies in place now says Sean Newman.

Women in IT security: Carpe Diem

Women in IT security: Carpe Diem

Mentoring and promotion of success can increase the presence and profile of women in security, but mostly, women must seize their own opportunities says Barbara Nelson.

Talent has no gender

Talent has no gender

In the current print issue, SC Magazine UK talks to women in the industry about their experience, asks if data is secure when held by a cloud provider and assesses how ready we are for the new EU Data Protection Regulation.

Native versus HTML5 security - is there a third way?

Native versus HTML5 security - is there a third way?

"We need a mobile app" is a common phrase ushered in business, but the options for doing this aren't confined to native and web-based HTML5.

Cloud surveillance and encryption lessons from Edward Snowden

Cloud surveillance and encryption lessons from Edward Snowden

To ensure the security of your cloud data, bring your own encryption, and keep sole control of the keys, says Paige Leidig.

Keeping the cyber bandits at bay with Big Data

Keeping the cyber bandits at bay with Big Data

Big Data security analytics could trump SIEM solutions in the battle to keep out cyber attackers.

Protecting data - the changing role of the CSO

Protecting data - the changing role of the CSO

Risks have changed and both physical and digital security need to come under one remit suggests Troy Fulton who says organisations needs to adopt a holistic approach to security.

Office in the cloud: What are you waiting for?

Office in the cloud: What are you waiting for?

Concerns are largely unfounded, and cloud services are already being used by many companies without them realising says Aidan Simister.

Why driverless cars demand new rules of the road

Why driverless cars demand new rules of the road

There's issues around the big data emitted by driverless cars, security issues related to control of the cars, but it's the 'governance framework' that needs to be put in place first suggests Raimund Genes.

Rex Mundi: How did Domino's incident response line up?

Rex Mundi: How did Domino's incident response line up?

Get your incident response plan in place, and practice it if you want to ensure you're back up and running quickly following a breach says Ted Julian.

Open Heartbleed surgery - securing against further vulnerabilities

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

Blurring the lines between business and home

Blurring the lines between business and home

What are the risks posed by apps and hardware that cross the business/home divide? Dr Guy Bunker asks what policies and security approaches are required?

Jailbroken devices are a threat to the enterprise

Jailbroken devices are a threat to the enterprise

First step, identify jailbroken devices on your network, says Vince Arneja, then alter data processing and execution modes to protect your data.

10 steps to mitigate a DDoS attack in real-time

10 steps to mitigate a DDoS attack in real-time

Get your contingency plan in place before you suffer a DDoS attack, says Gary Newe, suggesting that you prioritise revenue generators and work through the plan calmly and systematically.

How to benefit from a cyber playbook

How to benefit from a cyber playbook

Prepare and automate your responses for standard attacks, so that analysts can focus efforts on the more sophisticated attacks suggests Paul Nguyen.

The role of cyber war games in developing advanced cyber defence

The role of cyber war games in developing advanced cyber defence

The emerging concept in preparation of advanced cyber defence is cyber war games.

The death of anti-virus

The death of anti-virus

Symantec's announcement that 'anti-virus is dead' shouldn't surprise anyone. What's shocking is how long it took to admit it.

Improving real-world security: Think resiliency

Improving real-world security: Think resiliency

Resiliency is moving up the agenda, for both attackers and defenders, says Fred Kost, who adds that systems need to be built - and tested - to assure safety.

The inherent security risks of temporary staff

The inherent security risks of temporary staff

The rise in casual and contract workers has been accompanied by a rise in employee fraud leading Ching Liu to suggest that this temporary solution could create a permanent problem for many businesses.

Security Baubles

Security Baubles

When choosing what matters most, don't let compliance alone distract from keeping actual security risks as the top priority says Andrew Jutson

If MDM is failing, what's the solution?

If MDM is failing, what's the solution?

Jamie Bodley-Scott asks, how can organisations protect data on mobile devices if the MDM market were to die - as some suggest it might?

HeartBleed - How we failed!

HeartBleed - How we failed!

The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.

Don't blame PCI - we need to deal with the card data

Don't blame PCI - we need to deal with the card data

Use of tokens is one of the ways we might limit the amount of sensitive data linked to our cards suggests Tim Critchley.

The threat of shared privileged accounts on social media

The threat of shared privileged accounts on social media

Secure your social media platforms or risk brand damage and worse says Matt Middleton-Leal.

Learning to love the Cloud

Learning to love the Cloud

You can use the cloud with confidence says John Sidhu, so long as you do your homework about what regulations apply, put appropriate safeguards in place then ensure you implement them.

Why web application security testing fails globally?

Why web application security testing fails globally?

Information security is too low down the corporate agenda suggests Ilia Kolochenko who advocates 'security consciousness' throughout the organisation.

It's not about the money

It's not about the money

Andrew McLean explains why security is the new differentiator for the cloud.

Using analytics to secure your network

Using analytics to secure your network

Knowing what's normal on the network will help identify attacks says Dirk Paessler

PCI compliance - how basic website hygiene can add business value

PCI compliance - how basic website hygiene can add business value

PCI compliance is like meeting food safefy standards, explains Tim Lansdale, its there for the benefit of customers.

Reducing risk in a post-BlackBerry world

Reducing risk in a post-BlackBerry world

Raimund Genes asks, If even Obama's ditching the BlackBerry, what hope does the IT department have?

G-Cloud: more to be done to make it work

G-Cloud: more to be done to make it work

Unless shortcomings are resolved and benefits trumpeted, the potential advantages of the G-Cloud will remain largely ignored says Campbell Williams.

Government classification scheme acts as learning point

Government classification scheme acts as learning point

If you don't classify your data, you don't know what needs protecting says Martin Sugden, suggesting the latest GSC scheme emphasises the importance of data.

Breaking the refresh cycle

Breaking the refresh cycle

The cycle of updating software at the end of life has, itself, reached its end of life with managed services the way ahead says Kevin Linsell

If you want my data, reward me

If you want my data, reward me

We currently provide our personal details free to data-gathering giants like Facebook and Google, but that won't always be the case, writes Daniel de Bruin.

Viewpoint: Transferring the risk

Viewpoint: Transferring the risk

Companies will have to get used to third-party assessments of their information security risk, says Simon Saunders

A long, hot summer looms

A long, hot summer looms

The evolving threat of cyber-espionage and how to address it, the onslaught of BYOD in the office and cyber insurance are all on this summer's horizon.

Security of 'Things' to be embedded

Security of 'Things' to be embedded

Security and the Internet of Things (IoT) were the top themes of "Embedded World 2014" in Nuremberg, Germany, earlier this year, reports Roland Ackerman

CeBIT 2014 sees Anglo-German cooperation

CeBIT 2014 sees Anglo-German cooperation

CeBIT further sharpened its profile as one of the world's leading IT events for decision-makers, reports Roland Ackermann

Last word: Cracking the cyber crime code

Last word: Cracking the cyber crime code

Concerted cooperative effort by defenders should at least match that of attackers, suggests Daniel Shugrue

Winning strategies in cyber warfare

Winning strategies in cyber warfare

The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.

Getting to the heart of the problem

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell

Changing the cost of cybercrime

Changing the cost of cybercrime

Oganisations need to cooperate and share threat intelligence in order to increase the cost of cyber attacks for hackers suggests Russ Spitler, VP product management, AlienVault

Internet of Things - Top Ten concerns

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

Why immersive training works

Why immersive training works

If you don't want your security training to be as compelling as an airplane safety presentation, vary the content and make an emotional connection says Scott Greaux.

Out of the bunker: A view from the C-suite

Out of the bunker: A view from the C-suite

Cyber security can't remain an IT issue. It needs to be addressed and filtered from the C-suite throughout the business, explains Rangu Salgame, CEO of growth ventures at Tata Communications.

The enemy within - beware the insider threat

The enemy within - beware the insider threat

Being alert to the danger of outside attacks is one thing, but like charity, security begins at home. Expect the unexpected, warns Geoff Sweeney, CTO of Tier-3.

Bitcoin: Protection in demand

Bitcoin: Protection in demand

Precautions must be taken to protect your Bitcoin horde, says LogRhythm's Mark Vankempen

A race for supremacy in information security

A race for supremacy in information security

Some may say that the lack of a recognised entry qualification for the information security industry is a good thing, for while professionalising ensures a baseline of competence, it can also be a barrier to talent from unexpected quarters.

Meet the new DoS - not the same as the old DoS

Meet the new DoS - not the same as the old DoS

A modest DNS investment can pay significant dividends in reducing the impact of DDoS attacks suggests Bruce Van Nice.

Don't let Snowden leaks chill cloud adoption

Don't let Snowden leaks chill cloud adoption

Cloud storage is itself under a cloud following Snowden, yet ironically its where the leaked data remains most secure says Campbell Williams

The challenge for cybersecurity is to find leadership

The challenge for cybersecurity is to find leadership

The way to avoid management by crisis is by having a strategy, goals, and plans to achieve them says Jarno Limnéll

Third-party access adds vulnerability

Third-party access adds vulnerability

Its time to take back third party remote access and increase visibility on the network says Stuart Facey

BYOD - the hidden dangers

BYOD - the hidden dangers

Amir Lehr asks, What happens when your mobile ends up in someone else's hands?

Beware of Suspect Devices

Beware of Suspect Devices

Consumers need to get smart and be wary when installing and running 'dumb', but connected devices explains Keith Bird

What keeps IT managers awake at night?

How do they get any sleep at all asks Andy Aplin who advises CISOs to deploy dynamic security systems and strategies and choose an approach which complements the organisation's specific business needs and vulnerabilities

Forensic readiness - the new 'business continuity'

Forensic readiness - the new 'business continuity'

If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning argues David Rimmer

Security at scale for the enterprise: Borrowing a page from home security handbooks

Security at scale for the enterprise: Borrowing a page from home security handbooks

The tools that organizations have relied on to protect their networks are antiquated and no longer work.

Find, freeze and fix fast: What your team needs at the advanced threat gunfight

Find, freeze and fix fast: What your team needs at the advanced threat gunfight

Today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether.

Why businesses fear the cloud

Why businesses fear the cloud

Cloud storage will be a hacking magnet suggests David Emm, with the most vulnerable point of entry for attackers being staff.

Redefining identity management in the digital world

Redefining identity management in the digital world

For those of us tasked with managing the security of the digital world for the enterprise, there are serious ramifications to this evolution of identity. Specifically, how we manage identity must evolve.

Secure your smartphones, not your wearables

Secure your smartphones, not your wearables

Its time for a reality check regarding security vulnerabilities on your wearables says Raimund Genes who suggests that they are not about to cause serious data losses any time soon.

Waking Shark II results lack bite

Waking Shark II results lack bite

SecureData's Alan Carter asks what was learned from Waking Shark II, and questions whether there be a sequel, or spin-offs of the franchise into other sectors of the economic and physical infrastructure.

Honeypot Valentine

Honeypot Valentine

From being drawn in by a honypot, through to being compromised, lessons from life can have parallels with what happens online suggests Calum MacLeod.

Can I play with Madness?

Can I play with Madness?

Jason Jones at ASERT, which discovered the Madness Pro DDoS bot, explains why this malware posses such an ongoing threat

What security level is appropriate in the cloud?

What security level is appropriate in the cloud?

Selecting an appropriate cloud security solution can be simplified by ensuring cloud providers offer different environments with appropriate controls that align with actual risks faced suggests John Godwin

Anticipating challenges

Anticipating challenges

Paul Midian asks, 'How much are you prepared to 'give of yourself' so that algorithms can predict your wants and make your life easier? '

BYOD: Protect the device, or the data?

BYOD: Protect the device, or the data?

The BOYD focus should be on securing data wherever, rather than being preoccupied with specific devices recommends Dr. Paul Steiner

Snapchat hack - a lesson almost learnt

Snapchat hack - a lesson almost learnt

Security stress testing needs to happen at the development stage says Grayson Milbourne, Director of Security Intelligence at Webroot, who looks at the lessons learned from Snapchat

Tech Goliath vs. innovative and secure David

Tech Goliath vs. innovative and secure David

Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc

Think like an attacker:

Think like an attacker:

Protecting enterprise endpoints in a rapidly evolving threat landscape

Pass the hash - again

Pass the hash - again

2014 could be set to become the year of PTH suggests Calum MacLeod, VP of EMEA at Lieberman Software Corporation

Of cryptography and conspiracy stories

Of cryptography and conspiracy stories

Encryption integrity is called into question following NSA leaks, says Alan Kessler, CEO of Vormetric

Context is king

Context is king

Context-aware security can make intelligent decisions while allowing mobile users to get the job done.

BYOD: Facing up to the inevitable

BYOD: Facing up to the inevitable

Businesses can accept employee device promiscuity without causing difficulties for IT management, says Centrify's Darren Gross.

New threats or old? It's both

New threats or old? It's both

It's a New Year with a new editor and new team members on SC. Thanks for the warm welcome from everyone we've met and we'll be talking to more of you throughout the year.

Why security is the next challenge for Bitcoin

Why security is the next challenge for Bitcoin

Since its launch in 2009, Bitcoin has continued to dominate news headlines, for both good and bad reasons.

Cooperation is key to Africa's security future

Cooperation is key to Africa's security future

Top 5 most common security development errors

Top 5 most common security development errors

Keeping it simple and ensuring the basics are properly covered is likely to result in the biggest improvement in software security, says Cigital's Paco Hope.

Compliance and the cloud: a culture clash

Compliance and the cloud: a culture clash

With the right approach, it is possible to ensure compliance AND take advantage of the cloud says Garry Sidaway

PRISM fiasco highlights the dangers of password sharing

PRISM fiasco highlights the dangers of password sharing

Snowden has highlighted the need for staff training to ensure password sharing is prevented explains Francois Amigorena, CEO of IS Decisions

Get your BYOD policies wrapped up by Christmas

Many more personal mobile devices will arrive in the office after Chrismas, so sort out your security policies now advises Leon Ward.

Can the cloud be secure?

Can the cloud be secure?

Blaming cloud providers for giving in to the demands of US intelligence is a naive approach to a complex issue.

Clarity sought inside the cloud

Clarity sought inside the cloud

Mobile and cloud security, along with insider threats continued to dominate concerns over the past 12 months -impacted by the increased attention resulting from the Snowden revelations and concerns about back doors - but despite these concerns, this year the cloud really did become pervasive.

Sun, sea and network vulnerabilities

As the Bring Your Own Device trend continues to grow we are seeing that many people using their smartphones at work are blurring the lines between professional and personal use, which is creating an 'always-on' trend. This change in culture means that now more than ever people find themselves logging on and checking emails and working from home, or even abroad.

Last word: Action stations

Last word: Action stations

The government has done its bit for cyber security - now it's up to businesses to take action, and quickly.

Sign up to our newsletters