Intelligent and analytical identification of anomalies in DNS activity is key to stopping threats before they become a real problem says Dr Malcolm Murphy, systems engineering manager, Infoblox
Staff need ongoing training in defending against the latest threats - which currently includes LinkedIn says Andrew Tang, service director, security at MTI Technology
Security is a reasonable concern when considering moving your IT services to the cloud, but four key questions can help you assess the risk, says Chris Pace.
If they can't identify attacks when they happen, how can financial organisations effectively combat them, asks Ron Miller.
In the wake of the SYNful Knock attack on its routers, Cisco should re-engineer its devices to prevent future attacks, says Raimund Genes.
Using individual user's behaviour patterns can identify both the individual and Bot activity to thwart RATs says Uri Rivner
Kane Hardy explores how the rise of automated attacks dictates the need for automated defence.
Never underestimate just how valuable enterprise data is to cyber-criminals, from low-level thieves to extremely well-funded (and therefore, well-armed) state-sponsored attackers, says Matt Middleton-Leal.
It didn't take much time following internet connections on mobile phones to become commonplace for scammers to realise they had another avenue for phishing attacks, says Claire Cassar.
A leak, a hack, or a simple mistake can blow up any M&A deal carefully crafted over months or even years, says Stephen Dearing.
It's impossible to know how your latest IoT-enabled device is going to be used by the purchaser, so make sure that security is designed into your products from the beginning, says Paddy Srinivasan
When cyber-criminals start to leverage the full power of the internet, it's only natural that they would turn to e-commerce to spread their wares, says Grayson Milbourne.
It is a testament to the sustained evolution of the cybersecurity landscape that we are still regularly seeing the emergence of new threats, says Gad Elkin.
As organisations struggle to find solutions to the user authentication problem, one company has gone as far as suggesting the use of emojis, an idea worthy of consideration, says Ben West.
By learning to translate their concerns into the language of business risk, cyber-security professionals will find that their messages are heard - and heeded - more readily, says Piers Wilson.
Statistics show that cyber-crime activity waxes and wanes with the activity of employees, dropping at night and increasing during the day, but that's no excuse to drop your guard at the weekends, says Stuart Reed.
As cyber-attacks become increasingly common, it's important that businesses understand the true cost of data breaches, says Wieland Alge.
The Payment Card Industry Data Security Standard (PCI DSS) is intended to help organisations ensure the safe handling of sensitive payment card data. But it can also present significant (and potentially expensive) regulatory hurdles, says Matthew Bryars.
Given the far-reaching implications of their work, it's time for cyber-security professionals to consider creating an oath to uphold ethical standards, says Stephen Cox.
Cyber situational awareness can help protect against cyber-attacks, loss of intellectual property and loss of brand and reputational integrity, says Alastair Paterson.
As software becomes increasingly complex, we must start addressing security as a key component at an early stage to prevent long-term costs from spiralling up, says Lev Lesokhin.
Cyber defence tactics are constantly evolving to meet new threats - but one area that has been undervalued up until now is the Domain Name System (DNS), says Simon McCalla.
An holistic view of security is increasingly important, says Thomas Richards.
The Carphone Warehouse cyber-attack shows the potential cost of a cyber-attack but cyber-insurance can help mitigate it, says Simon Gilbert.
Predictive analytics can scrutinise employees' network activities to forestall fraud and other insider threats, says Paul Dyson.
Last August, a trove of private images leaked online following a series of targeted brute force attacks against celebrity accounts in iCloud, says Silvio Kutic.
Take steps now to protect your data ahead of changes to the General Data Protection Regulations in Europe, says Andy Hardy.
Chris Mayers provides warnings and advice for firms to help them stay safe as more workers log on when on holiday.
Given the difficulty of preventing them, we should focus instead on minimising the damage from cyber-attacks, says Philip Lieberman.
The old saying "failing to prepare, is preparing to fail" is never more appropriate than when applied to disaster recovery (DR), says Oscar Arean.
When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.
As more and more business is conducted remotely, users need to adopt solutions that will address security weaknesses inherent in Wi-Fi, says John Knopf.
Despite growing awareness of cyber-based attacks on industrial control systems, many IT security models continue to adhere to the outdated belief that physically isolating systems and 'security by obscurity' is enough, says David Emm.
Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.
Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.
Cyber-attacks are a top threat to organisations today; however, despite an increased effort to keep up with the rising scale and complexity of threats, IT teams are struggling to defend their networks, says Mike Smart.
Will your organisation wake up to a data protection nightmare in 2017, asks Stephen Midgley.
In the changing online world, new measures must be put in place to protect intangible assets, says Margee Abrams.
Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.
Industrial environments are becoming increasingly automated and interconnected, with control systems often networked over the Internet. This growing computerisation exposes industrial control systems to a number of threats - with potentially disastrous consequences, says Florian Malecki.
Paul Stokes explains how a recent proposal by the UK government to regulate digital currencies presents a huge opportunity for the UK to become a leader in the area.
Chris Marrison considers the importance of looking at security threats already inside the network - rather than just what's trying to get in.
The bulk of the software on which we rely has not been written with sufficient rigour and we are paying the price, says Tony Dyhouse.
With concerns over data privacy growing apace, how do you prove to a user that their sensitive personal data has been erased, asks Pat Clawson.
The number of data breaches has continued to grow in 2015. Barely a day goes by without a company or country falling victim to a cyber-security attack, says Gary Newe.
Small doses of poison can add up to a lethal cocktail of DDoS in what is being called the ping of death, says Sophie Davidson.
Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.
As mobility introduces changes in workplace dynamics, Charles Milton looks at how to shift power in favour of the CISO while securing the borderless enterprise.
Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.
Botnet takedowns make good headlines and earn kudos for law enforcement and companies like Microsoft but are they worth the time and effort, asks Dan Holden.
Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.
IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.
Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.
In the age of connected objects, social networks, smartphones and new consumer behaviours, the IT security department has an increasingly important role for enterprises across all sectors, says Thierry Bettini.
New platforms such as Hadoop are pushing IT professionals to find innovative solutions to ensure data security, says Greg Hanson.
Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.
With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.
Responsibility for securing data is now increasingly shifting towards the board leading to a change in role for the IT department, says Terry Greer-King.
Commercial mobile surveillance kits are a growing security threat. Michael Shaulov looks at the scale of mRAT infestations, and how to avoid them.
Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company, says Tim Ramsey.
Don't end up as the weakest member of the herd following the end of official support for Microsoft Windows Server 2003, says Ian Trump.
Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.
Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.
As Bitcoin grows in popularity, could the crypto-currency be the solution to online fraud, asks Akif Khan.
Paul Lipman explains why he thinks that the cloud offers a way forward for securing the complex interconnected world.
Alex Vovk explains how to leverage security policy and ensure it's performing correctly to prevent a data breach.
University networks are becoming increasingly more attractive targets, as witness last week's attack on Harvard University in America, says James Burns.
The return of a decade-old attack vector, the malicious macro, requires a granular, policy-based approach to managing email at the gateway, says Greg Sim.
Businesses of all sizes have begun to consider iPad POS as a viable option, but what are the security implications, asks Josh Smith.
Utilities face thousands of cyber-attacks every day, but we are not prepared for a successful take-down despite the very real threat says Oliver Eckel
Norman Shaw looks at the causes of data breaches, what it costs and what the market needs to consider in order to protect itself.
Protecting yourself against malware that's aware of anti-virus programs and can self destruct to avoid detection is tricky, says Corey Nachreiner.
Less stick more carrot: EU relaxation of Data Protection Regulation reform is a positive development, says James Henry.
Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.
How can businesses enable Office 365 and its rich ecosystem of supporting apps securely without risking security issues or data loss, asks Eduard Meelhuysen.
Alexander Pope said, "To err is human; to forgive, divine." Could he have been thinking of the infamous Bank of England email leak when he said that, asks Rainer Gawlick.
Cloud computing is no longer in the sole charge of the IT team as organisations vie to take advantage of new cloud services, says Ian Finlay.
The problem with targeted attacks, of course, is that they are designed to stay hidden, as we learned from a recent hacking case, says Kev Pearce.
Wave upon wave of data breaches are putting company IT security measures under the microscope worldwide, says Chris Sullivan.
The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.
Living in a networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks, says Salo Fajer
While Snowden, high-profile data breaches and hacking dominate the headlines, the more pernicious risk to business continues to be simple human error, says Tony Pepper.
Identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy, says Andrew Thomas.
Defenders in the cyber-domain need to abandon the Cold War principle of 'need-to-know' - a gratifyingly simple but effective maxim, says Alister Shepherd.
According to the old adage, failing to plan is planning to fail, and as Matt Kingswood says, recent events in Holborn, London are a timely reminder of what can happen.
Prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security, says Paul Hampton.
Despite the objective of releasing greater business value from information, most businesses prioritise locking it down, says Sue Trombley
Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk
Dieter Lott discusses the security and networking solutions market and how organisations should be adopting a new proactive approach to security breaches given that IT infrastructure is in a constant state of change.
Teach children to code and, yes, even to hack so they learn about the power and potential perils of the internet, says Nick Banks.
Patrick Peterson examines why organisations need to focus on both external and internal assets to address the phishing threat.
It must be hard as an IT security professional not to feel overwhelmed by the sheer scale and sophistication of the threats facing your organisation, as the language used to describe modern cyber-attacks has become increasingly militaristic.
Preference for technical solutions, rather than organisational change is resulting in over-investment in stopping cyber-attacks rather than detecting attacks and defending data says James Henry.
Companies should build a holistic and forward-looking cyber-security programme capable of forecasting potential security threats and alleviating those risks before they cause serious damage says Piyush Pant.
The new government needs a new cyber-security policy as a priority - with sufficient resources - and drawn up by people with a good understanding of the issues, says Raimund Genes.
Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network explains Roman Foeckl
We must monitor cyber-criminal connections to follow attackers back to their source and have mechanisms − technical or legal − to stop them resuming their activities elsewhere says Neil Campbell.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Updated: Safe Harbour ruled invalid by European Court of Justice
- Zero day vulnerability found in VMware product
- Backdoor in MS Outlook webmail raises security doubts
- Snowden smartphone allegations - security world unimpressed
- IP Expo Europe: The Internet of Identities can help manage myriad IoT devices
- ICYMI: Safe Harbour, VMware vulnerability, Outlook backdoor, Snowden and DDoS attacks
- IP Expo Europe: They know how we operate - what cyber-crime looks like these days
- IP Expo Europe: The threat to the UK banking system
- Fake LinkedIn profiles, 'convincing' network linked to Iran-based group
- CloudPiercer tool discloses DDoS defence providers