Predictive analytics can scrutinise employees' network activities to forestall fraud and other insider threats, says Paul Dyson.
Last August, a trove of private images leaked online following a series of targeted brute force attacks against celebrity accounts in iCloud, says Silvio Kutic.
Take steps now to protect your data ahead of changes to the General Data Protection Regulations in Europe, says Andy Hardy.
Chris Mayers provides warnings and advice for firms to help them stay safe as more workers log on when on holiday.
Given the difficulty of preventing them, we should focus instead on minimising the damage from cyber-attacks, says Philip Lieberman.
The old saying "failing to prepare, is preparing to fail" is never more appropriate than when applied to disaster recovery (DR), says Oscar Arean.
When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.
As more and more business is conducted remotely, users need to adopt solutions that will address security weaknesses inherent in Wi-Fi, says John Knopf.
Despite growing awareness of cyber-based attacks on industrial control systems, many IT security models continue to adhere to the outdated belief that physically isolating systems and 'security by obscurity' is enough, says David Emm.
Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.
Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.
Cyber-attacks are a top threat to organisations today; however, despite an increased effort to keep up with the rising scale and complexity of threats, IT teams are struggling to defend their networks, says Mike Smart.
Will your organisation wake up to a data protection nightmare in 2017, asks Stephen Midgley.
In the changing online world, new measures must be put in place to protect intangible assets, says Margee Abrams.
Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.
Industrial environments are becoming increasingly automated and interconnected, with control systems often networked over the Internet. This growing computerisation exposes industrial control systems to a number of threats - with potentially disastrous consequences, says Florian Malecki.
Paul Stokes explains how a recent proposal by the UK government to regulate digital currencies presents a huge opportunity for the UK to become a leader in the area.
Chris Marrison considers the importance of looking at security threats already inside the network - rather than just what's trying to get in.
The bulk of the software on which we rely has not been written with sufficient rigour and we are paying the price, says Tony Dyhouse.
With concerns over data privacy growing apace, how do you prove to a user that their sensitive personal data has been erased, asks Pat Clawson.
The number of data breaches has continued to grow in 2015. Barely a day goes by without a company or country falling victim to a cyber-security attack, says Gary Newe.
Small doses of poison can add up to a lethal cocktail of DDoS in what is being called the ping of death, says Sophie Davidson.
Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.
As mobility introduces changes in workplace dynamics, Charles Milton looks at how to shift power in favour of the CISO while securing the borderless enterprise.
Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.
Botnet takedowns make good headlines and earn kudos for law enforcement and companies like Microsoft but are they worth the time and effort, asks Dan Holden.
Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.
IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.
Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.
In the age of connected objects, social networks, smartphones and new consumer behaviours, the IT security department has an increasingly important role for enterprises across all sectors, says Thierry Bettini.
New platforms such as Hadoop are pushing IT professionals to find innovative solutions to ensure data security, says Greg Hanson.
Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.
With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.
Responsibility for securing data is now increasingly shifting towards the board leading to a change in role for the IT department, says Terry Greer-King.
Commercial mobile surveillance kits are a growing security threat. Michael Shaulov looks at the scale of mRAT infestations, and how to avoid them.
Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company, says Tim Ramsey.
Don't end up as the weakest member of the herd following the end of official support for Microsoft Windows Server 2003, says Ian Trump.
Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.
Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.
As Bitcoin grows in popularity, could the crypto-currency be the solution to online fraud, asks Akif Khan.
Paul Lipman explains why he thinks that the cloud offers a way forward for securing the complex interconnected world.
Alex Vovk explains how to leverage security policy and ensure it's performing correctly to prevent a data breach.
University networks are becoming increasingly more attractive targets, as witness last week's attack on Harvard University in America, says James Burns.
The return of a decade-old attack vector, the malicious macro, requires a granular, policy-based approach to managing email at the gateway, says Greg Sim.
Businesses of all sizes have begun to consider iPad POS as a viable option, but what are the security implications, asks Josh Smith.
Utilities face thousands of cyber-attacks every day, but we are not prepared for a successful take-down despite the very real threat says Oliver Eckel
Norman Shaw looks at the causes of data breaches, what it costs and what the market needs to consider in order to protect itself.
Protecting yourself against malware that's aware of anti-virus programs and can self destruct to avoid detection is tricky, says Corey Nachreiner.
Less stick more carrot: EU relaxation of Data Protection Regulation reform is a positive development, says James Henry.
Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.
How can businesses enable Office 365 and its rich ecosystem of supporting apps securely without risking security issues or data loss, asks Eduard Meelhuysen.
Alexander Pope said, "To err is human; to forgive, divine." Could he have been thinking of the infamous Bank of England email leak when he said that, asks Rainer Gawlick.
Cloud computing is no longer in the sole charge of the IT team as organisations vie to take advantage of new cloud services, says Ian Finlay.
The problem with targeted attacks, of course, is that they are designed to stay hidden, as we learned from a recent hacking case, says Kev Pearce.
Wave upon wave of data breaches are putting company IT security measures under the microscope worldwide, says Chris Sullivan.
The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.
Living in a networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks, says Salo Fajer
While Snowden, high-profile data breaches and hacking dominate the headlines, the more pernicious risk to business continues to be simple human error, says Tony Pepper.
Identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy, says Andrew Thomas.
Defenders in the cyber-domain need to abandon the Cold War principle of 'need-to-know' - a gratifyingly simple but effective maxim, says Alister Shepherd.
According to the old adage, failing to plan is planning to fail, and as Matt Kingswood says, recent events in Holborn, London are a timely reminder of what can happen.
Prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security, says Paul Hampton.
Despite the objective of releasing greater business value from information, most businesses prioritise locking it down, says Sue Trombley
Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk
Dieter Lott discusses the security and networking solutions market and how organisations should be adopting a new proactive approach to security breaches given that IT infrastructure is in a constant state of change.
Teach children to code and, yes, even to hack so they learn about the power and potential perils of the internet, says Nick Banks.
Patrick Peterson examines why organisations need to focus on both external and internal assets to address the phishing threat.
It must be hard as an IT security professional not to feel overwhelmed by the sheer scale and sophistication of the threats facing your organisation, as the language used to describe modern cyber-attacks has become increasingly militaristic.
Preference for technical solutions, rather than organisational change is resulting in over-investment in stopping cyber-attacks rather than detecting attacks and defending data says James Henry.
Companies should build a holistic and forward-looking cyber-security programme capable of forecasting potential security threats and alleviating those risks before they cause serious damage says Piyush Pant.
The new government needs a new cyber-security policy as a priority - with sufficient resources - and drawn up by people with a good understanding of the issues, says Raimund Genes.
Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network explains Roman Foeckl
We must monitor cyber-criminal connections to follow attackers back to their source and have mechanisms − technical or legal − to stop them resuming their activities elsewhere says Neil Campbell.
Jen Andre and Cameron Camp debate online financial security
Cyber-insurance is the new go-to for large corporations trying to defend themselves from data breaches, but the UK is lagging behind - and that is something the government wants to fix.
MS Windows 2003 servers (WS2003) reach end of life on 15th July 2015 - but don't panic! They'll still operate in the same way, but could become more susceptible to cyber-attack warns Kevin Linsell
Removing human interaction with passwords and automating their selection and frequency of change is certainly a step in the right direction says Richard Walters.
Due to the complexities of IT security, achieving clarity on cyber-insurance policies is going to be a growing challenge says Rowland Johnson
SMEs need to be aware of the risks faced, whilst implementing quick and easy protective measures that will make them more secure than the average victim says Chema Alonso
Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.
Public-private partnerships in cyber-security are needed with governments helping protect their private sector from cyber-espionage - as demonstrated in Finland and Israel
Time to set the record straight on email authentication: DMARC won't get spam into the inbox, says Rob Holmes
Building a database security strategy is the first step for a company in ensuring security has been addressed inside out says Alan Hartwell.
A new approach to mobile user protection should focus on self-defending apps that provide an integrated, dedicated and secure solution to cyber-crime threats suggests Tom Lysemose Hansen
We need to see all results of government initiatives - both positive and negative - if industry, and especially SMEs are to act on them says Alan Carter.
Too many false positives inevitably reduce response times - and even response numbers - so raise the verification bar and thereby limit them says Chandra Sekar.
In the wake of successful cyber-attacks, and security incidents taking down some of the biggest brands on the planet, impacting critical infrastructure and banking systems alike, it may be asserted that, when it comes to technology, by evidenced implication, it would seem to be exposed, fragile and vulnerable.
Targeted emails with infected attachments are the hacker's weapon of choice but there are ways to avoid being spiked by spear phishing says Noam Green.
Few understand the value of their website to hackers says Ilia Kolochenko, warning that even an individual blog is potentially at risk.
A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.
Better understand what's happening on your network and you'll be better prepared to tackle hostile intruders says Corey Nachreiner.
Security is needed everywhere within the software-defined data centre as physical security is no longer an adequate defence against current threats says Dr Gerhard Knecht.
Unsanctioned subsidiary Apps are coming into the enterprise via sanctioned 'anchor' apps - with 35.1 percent of all app sessions occuring across four main ecosystems of Box, Dropbox, Google Apps, and Salesforce explains Rajneesh Chopra.
IT staff have greater access privileges - and ironically, even more so when they are junior - making them worthwhile researching by spear-phishers warns Kev Pearce.
We're all potentially in the global data market now, so do your research, ensure you know your market, and take every preventative step you can says Jonathan Armstrong.
Relying on cyber-insurance when your defences are actually negligent will increasingly become unsustainable - and unavailable - says Philip Lieberman.
2015 could be the year of DLP, argues Guy Bunker.
A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.
SC Webcasts UK
Sign up to our newsletters
SC Magazine UK Articles
- Belkin Wi-Fi routers at risk from multiple vulnerabilities
- Aged RC4 cipher to be shunned by security conscious browsers
- Share your contact details with us - and 100s of our customers - says WH Smith
- NCC Group tracks fugitives in new Channel 4 show Hunted
- Rocket Kitten APT threat persists after being outted