Avoid security breaches during reorganis​ation and mergers

Avoid security breaches during reorganis​ation and mergers

Paul Bonner advises companies merging to take the best security practice from each component company, and not impose the practices of the dominant player - or resistance is likely.

Is your website fit and secure for King Consumer?

Is your website fit and secure for King Consumer?

B2B websites could learn a lot about security from their consumer facing compatriots suggests Bob Tarzey.

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Why the cloud wasn't 'Shellshocked' and how to prepare for the next vulnerability

Companies should reconsider cloud-security perceptions says Pathik Patel, noting that recent software vulnerabilities such as Shellshock had less affect on cloud-based services than premises-based apps.

Establishing habits of a highly effective security professional

Establishing habits of a highly effective security professional

Preparation and organisation can enable effective security for one man SOCs or small teams explains Joe Schreiber.

Information security assurance from a resilience perspective

Information security assurance from a resilience perspective

A holistic approach to information security is needed to overcome the shortcomings of a Risk Management approach says David Stubley.

Major cyber security mistakes and how to avoid them

Major cyber security mistakes and how to avoid them

James Solyom, head of cyber protect and cyber respond at Control Risks, examines how organisations can avoid making expensive mistakes that leave them open to cyber-attack.

How the threat landscape challenges authentication - old and new

How the threat landscape challenges authentication - old and new

The growing cyber-threat landscape poses some awkward questions for present and future authentication methods, argues Barry Scott.

Defending online games from piracy, cheating and fraud

Defending online games from piracy, cheating and fraud

The video games industry generates billions of revenue, but only 20 percent achieve profit, due to cheats breaching security, hence the need for stricter implementation and enforcement of controls says Amit Sethi and Rennie Allen.

Is the Isle of Man the world's crypto-currency capital?

Is the Isle of Man the world's crypto-currency capital?

Regulation and infrastructure from off-shore finance and gaming industries are being leveraged to make the Isle of Man a centre for cypto-currencies says Peter Greenhill.

Out with the old, in with the cloud

Out with the old, in with the cloud

Moving to the cloud is inevitable, but it demands new ways of thinking about data security, and new approaches to secure this new border says Martin Borrett.

Why smart meters need smarter security

Why smart meters need smarter security

Internet-connected smart meters are gaining traction in the energy space but security must be considered, says Rueven Harrison.

Our digital breadcrumbs offer both security opportunities and threats

Our digital breadcrumbs offer both security opportunities and threats

Your future lies before you like a field of driven snow. Be careful how you tread it, for every step will show. Luke Aaron considers our trail of digital breadcrumbs.

2 MINUTES ON: 'Cybercrime-as-a-service'

2 MINUTES ON: 'Cybercrime-as-a-service'

Doug Drinkwater takes a two minute look at cybercrime-as-a-service, the new business model for hackers

Breach fatigue: do we even need notification laws?

Breach fatigue: do we even need notification laws?

Notification laws haven't stemed the tide of breaches in the US, so will the new EU regulations serve any purpose here? Ross Dyer says, Yes, and they're coming soon, so get ready.

Protecting the Crown Jewels

Protecting the Crown Jewels

Despite the value of critical enterprise data, many organisations are not aware of what their 'crown jewels' information is, says Carmina Lees, director of security services in UK & Ireland, IBM

Halloween cyber-security nightmares - experts reveal their fears

Halloween cyber-security nightmares - experts reveal their fears

Halloween nightmares for CISOs come in many shapes and sizes, and our commentators tell us what scares them on the network.

Step by step through the 'Phishing Kill Chain'

Step by step through the 'Phishing Kill Chain'

Stop the kill-chain higher up to increase chances fo preventing an attack says Patrick Peterson.

Combating 'malvertising'

Combating 'malvertising'

Web sites that take advertising need to protect against inadvertently delivering malware to their users, before, during and after an attack, explains Terry Greer-King.

Should flexible working result in flexible security?

Should flexible working result in flexible security?

Flexible working can bring security pitfalls, according to Imation's Nick Banks.

Guarding against insider misuse

Guarding against insider misuse

Track and audit changes on the network, especially by privileged users, and make it known that monitoring happens in order to reduce misuse says Michael Fimin.

Women in cyber security: Changing pathways and perceptions

Women in cyber security: Changing pathways and perceptions

Security consultant Dr Jessica Barker says that the next step to getting more women into cyber security hinges on changing minds and career pathways.

Zeroing in on zero-day vulnerabilities with looping

Zeroing in on zero-day vulnerabilities with looping

Zero-day vulnerabilities are a fact of life in cyber-security, which is why looping is so essential, says Darren Anstee.

Humanise outsourcing with a Pay As You Go CISO

Humanise outsourcing with a Pay As You Go CISO

Outsourcing your CISO is an option medium sized organisations should consider says Carl Shallow, who advises a Pay As You Go model to buy in expertise.

Security - why it's the burning issue of the HPC future

Security - why it's the burning issue of the HPC future

New approaches are needed to overcome security concerns related to use of big data analysis suggests Andy Grant, with 'containerising' data and merging data on the fly among options suggested.

Controlling mobile data loss

Controlling mobile data loss

Security strategy to prevent mobile data loss involves careful considerations regarding the user, device, and network. Mike Raggo advises implemening a range of controls including use of an enterprise mobility management platform.

Identity is the foundation of trust: why passwords can no longer be relied upon

Identity is the foundation of trust: why passwords can no longer be relied upon

Passwords have numerous failings, including their ability to be shared or stolen, meaning that they are not a secure way to authenticate identity, and other options must now be adopted says Dana Epp

Should we care about XSS vulnerabilities on eBay?

Should we care about XSS vulnerabilities on eBay?

The ability of attackers to exploit XSS flaws is more an economic issue than a technical one says Ilia Kolochenko who calls for prompt professional action when vulnerabilities are identified.

Securing people: Protection in the age of IoT

Securing people: Protection in the age of IoT

The coming Internet of Things explosion is more than your firewall can cope with says Steven Rosen, advising companies to take additional measures to deal with new threats.

Throwaway tablets threaten our children

Throwaway tablets threaten our children

Used and broken Android tablets often retain access to passwords even when wiped - so be careful how you dispose of them says Ken Munro.

Wearable technology: A secure approach to business

Wearable technology: A secure approach to business

Wearable technology raises many of the same concerns as smart phones and USBs - recording, storing and transmission of data by individuals - and your security policies should include that risk says Paul Martini.

How choosing your own device (CYOD) can help empower your workforce

How choosing your own device (CYOD) can help empower your workforce

If implemented well, choosing your own device (CYOD) brings benefits beyond BOYD or company-imposed mobile devices says David Brady.

Why multi-factor authentication is a security best practice

Why multi-factor authentication is a security best practice

Torben Andersen describes the top eight reasons why multi-factor authentication is a security best practice that CEOs need to ensure is implemented.

Data storage - why the world needs tape more than ever

Data storage - why the world needs tape more than ever

The days of magnetic tape as a storage media need not be over says Christian Toon who makes the case for revisiting its attributes.

Fighting the fraudsters: Why we must get better at data sharing

Fighting the fraudsters: Why we must get better at data sharing

Face-to-face information-sharing with peers is a vital route to learn industry fraud-prevention lessons says Tim Lansdale.

The (grim) reality of password security

The (grim) reality of password security

There are security vulnerabilities when using passwords, but Tyler Moffitt says that there are steps that you can and should take to make sure your data less easy to access.

The new rise of biometrics

The new rise of biometrics

Biometric id options need appropriate mobile computing support to ensure that they too are not compromised says Jon Geater.

Cyber risk management: A boardroom issue

Cyber risk management: A boardroom issue

Having comprehensive cyber risk policies that are not followed can be as detrimental as not having a policy at all says Peter Given.Good who advises that good risk-insurance will demand appropriate procedures are both in place and implemented.

How Edward Snowden boosted infosecurity business and...cybercrime

How Edward Snowden boosted infosecurity business and...cybercrime

Whatever Snowden's motivations, Ilia Kolochenko contends that the industry has misused the resulting information and often sold kit rather than true security solutions and expertise.

Restoring cloud confidence

Restoring cloud confidence

Despite the recent iCloud breach, cloud security is better than its current image suggests - and if you are demanding of your supplier, it can be better still says Jamal Elmellas.

Under lock and key

Under lock and key

Deploying appropriate technology is necessary to protect business critical information stored within racks and cabinets at data centres says Mark Hirst.

Why Big Data means big responsibility

Why Big Data means big responsibility

Individuals want privacy for their data, but they will share it if they can explicitly choose to do so having been told what benefits they will gain says Sachiko Scheuing.

The future of data protection

The future of data protection

Increased consequences for the loss of non-financial data, especially fines from regulators, is expected to drive a more rigorous approach to data protection suggests Fergus Kennedy.

Invite attacks to identify weaknesses

Invite attacks to identify weaknesses

Intelligence-led third party red-teaming testers can identify the blind spots that in-house teams thought they had covered suggests Simon Saunders.

Sorting out the identity crisis

Sorting out the identity crisis

Identity, payment and security need to become seamless and inherently more secure in themselves than anything we currently use for mobile identity, says Nick Barth.

G-Cloud - Using SMEs without hurting government security

G-Cloud - Using SMEs without hurting government security

Moves to increase SME participation in government IT tendering drew criticism, but Peter Groucutt explains how G-Cloud has helped reduce security concerns as one of the objections

How do you stop an Energetic Bear?

How do you stop an Energetic Bear?

Companies must think like a hacker and commit to penetration testing to protect themselves from data breaches, says Chema Alonso.

Is your app secure? Probably not

Is your app secure? Probably not

App vulnerabilities need to be thought about holistically, so the network and database in which they reside also need to be considered says Josh Shaul.

All your vulnerabilities belong to us: The rise of the exploit

All your vulnerabilities belong to us: The rise of the exploit

The growing impact of web exploits isn't just limited to the enterprise market and must be countered on an industry-scale, says Pedro Bustamante.

Is your organisation ready for the next generation of millennials?

Is your organisation ready for the next generation of millennials?

A different attitude to privacy and security among many new workplace entrants is a potential risk that has to be managed says Chris Sullivan.

Why we need a tighter framework for social engineering penetration testing

Why we need a tighter framework for social engineering penetration testing

Protect against real-world threats and test the most likely scenarios using relevant models, including low-tech, says Gavin Watson.

A way forward in information sharing

A way forward in information sharing

Josh Goldfarb asks how can the infosec community move from informal and exclusive trust circles to more mature formal information sharing approaches, without losing agility and effectiveness.

Data residency in a borderless environment

Data residency in a borderless environment

International use of personal data emphasises the differing laws that need to be adhered to, but there are solutions explains Alan Kessler.

Crash testing needed for the connected car

Crash testing needed for the connected car

Technology and standards need to evolve to cope with the rise of the connected car says Fred Kost.

What the Cyber Essentials Scheme means for UK business

What the Cyber Essentials Scheme means for UK business

The government's initiative to set a baseline certification scheme for cyber security, Cyber Essentials, is now underway and John Godwin encourages companies to get certified as soon as possible.

Poor measurement leaves networks dangerously open to attack

Poor measurement leaves networks dangerously open to attack

The ever-changing threat landscape is causing problems, with many business networks unable to keep up with the pace of innovation, argues Gavin Millard.

HeartBleed - further lessons

HeartBleed - further lessons

Further lessons from Heartbleed, beyond the hype, include caution when listening to advice, such as re-setting passwords, says Chris Russell.

Security Partnerships: Engaging at the right level

Security Partnerships: Engaging at the right level

A holistic approach to security management is needed to bridge the gap between stategy and technology says Chris Yule.

Real threats start with humans, not technology

Real threats start with humans, not technology

When the two IPs meet (intellectual property and internet protocol) the value of the business becomes vulnerable says Dave King, with IT often just providing a sticking plaster to hide C-suite ignorance.

Securing the energy industry: is success a dead CERT?

Securing the energy industry: is success a dead CERT?

Industry needs a brighter collaborative approach to help bring it out of the dark ages says Alan Carter

The science behind DDoS extortion

The science behind DDoS extortion

Don't capitulate, have a plan in place, and of course, prevention is better than cure when it comes to tackling the prospect of DDoS ransom attacks says Dan Holden.

Critical National Infrastructure: how to reduce industrial-scale risk

Critical National Infrastructure: how to reduce industrial-scale risk

Nation-state attacks on CNI will be faciliated by the internet of things, and government regulation is needed to set standards, but the actual likelihood of CNI attacks remains very low says Raimund Genes.

Insiders can use whistleblowing tools to steal data without a trail

Insiders can use whistleblowing tools to steal data without a trail

The tools exist to by-pass many data leakage programmes and facilitate mass exfiltration of data, so enable internal whistelblowing - to avoid external access says Edward Parsons.

Know thy neighbour: Dealing with third-party cyber attacks

Know thy neighbour: Dealing with third-party cyber attacks

It's not enough to protect your own network, you also have to be prepared to cope with third party negligence, says Brian Foster.

The dungeon of the 'Deep Web'; where even the spiders dare not travel

The dungeon of the 'Deep Web'; where even the spiders dare not travel

Charles Sweeney asks, are your staff inadvertently leaving the back door open via an innocent lunch-time browse?

Regulatory compliance and risk includes third-parties

Regulatory compliance and risk includes third-parties

Third Party IT services suppliers must reassess governance, risk management and compliance responsibilities.

The need for resilience

The need for resilience

The ability to detect and respond when your security is breached are of paramount importance in ensuring organisational resilience says Alan Calder.

Using spreadsheets to manage risk is risky business

Using spreadsheets to manage risk is risky business

Spreadsheets should be banned from the risk management process as they are no longer up to the job says Keith Ricketts.

Heartbleed (remediation) has improved open source cybersecurity

Heartbleed (remediation) has improved open source cybersecurity

The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.

Losing data and facing the ICO

Losing data and facing the ICO

Dated data protection laws, punitive punishments and an inability to classify data are problems for businesses in the age of ever-increasing data breaches, says Martin Sugden.

The top 8 ways that privileged accounts are exploited

The top 8 ways that privileged accounts are exploited

Failure to properly monitor and update privileged access is a key vulnerability and Chris Stoneff highlights the leading weaknesses.

Why traditional antivirus is facing increasing criticism

Why traditional antivirus is facing increasing criticism

Traditional antivirus (AV) products have been taking a beating in the media recently, but why? The reason is simple; they cannot and do not protect you from new malware.

Stuxnet, just the beginning?

Stuxnet, just the beginning?

As we rush into the Internet of Things, Mike Ellis suggests we remember Stuxnet, and how the data transferred between objects needs to be protected.

Wearable technology - don't let security be the trade-off for mobility and convenience

Wearable technology - don't let security be the trade-off for mobility and convenience

Wearable technology is already appearing in the workplace, so get your policies in place now says Sean Newman.

Women in IT security: Carpe Diem

Women in IT security: Carpe Diem

Mentoring and promotion of success can increase the presence and profile of women in security, but mostly, women must seize their own opportunities says Barbara Nelson.

Talent has no gender

Talent has no gender

In the current print issue, SC Magazine UK talks to women in the industry about their experience, asks if data is secure when held by a cloud provider and assesses how ready we are for the new EU Data Protection Regulation.

Native versus HTML5 security - is there a third way?

Native versus HTML5 security - is there a third way?

"We need a mobile app" is a common phrase ushered in business, but the options for doing this aren't confined to native and web-based HTML5.

Cloud surveillance and encryption lessons from Edward Snowden

Cloud surveillance and encryption lessons from Edward Snowden

To ensure the security of your cloud data, bring your own encryption, and keep sole control of the keys, says Paige Leidig.

Keeping the cyber bandits at bay with Big Data

Keeping the cyber bandits at bay with Big Data

Big Data security analytics could trump SIEM solutions in the battle to keep out cyber attackers.

Protecting data - the changing role of the CSO

Protecting data - the changing role of the CSO

Risks have changed and both physical and digital security need to come under one remit suggests Troy Fulton who says organisations needs to adopt a holistic approach to security.

Office in the cloud: What are you waiting for?

Office in the cloud: What are you waiting for?

Concerns are largely unfounded, and cloud services are already being used by many companies without them realising says Aidan Simister.

Why driverless cars demand new rules of the road

Why driverless cars demand new rules of the road

There's issues around the big data emitted by driverless cars, security issues related to control of the cars, but it's the 'governance framework' that needs to be put in place first suggests Raimund Genes.

Rex Mundi: How did Domino's incident response line up?

Rex Mundi: How did Domino's incident response line up?

Get your incident response plan in place, and practice it if you want to ensure you're back up and running quickly following a breach says Ted Julian.

Open Heartbleed surgery - securing against further vulnerabilities

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

Blurring the lines between business and home

Blurring the lines between business and home

What are the risks posed by apps and hardware that cross the business/home divide? Dr Guy Bunker asks what policies and security approaches are required?

Jailbroken devices are a threat to the enterprise

Jailbroken devices are a threat to the enterprise

First step, identify jailbroken devices on your network, says Vince Arneja, then alter data processing and execution modes to protect your data.

10 steps to mitigate a DDoS attack in real-time

10 steps to mitigate a DDoS attack in real-time

Get your contingency plan in place before you suffer a DDoS attack, says Gary Newe, suggesting that you prioritise revenue generators and work through the plan calmly and systematically.

How to benefit from a cyber playbook

How to benefit from a cyber playbook

Prepare and automate your responses for standard attacks, so that analysts can focus efforts on the more sophisticated attacks suggests Paul Nguyen.

The role of cyber war games in developing advanced cyber defence

The role of cyber war games in developing advanced cyber defence

The emerging concept in preparation of advanced cyber defence is cyber war games.

The death of anti-virus

The death of anti-virus

Symantec's announcement that 'anti-virus is dead' shouldn't surprise anyone. What's shocking is how long it took to admit it.

Improving real-world security: Think resiliency

Improving real-world security: Think resiliency

Resiliency is moving up the agenda, for both attackers and defenders, says Fred Kost, who adds that systems need to be built - and tested - to assure safety.

The inherent security risks of temporary staff

The inherent security risks of temporary staff

The rise in casual and contract workers has been accompanied by a rise in employee fraud leading Ching Liu to suggest that this temporary solution could create a permanent problem for many businesses.

Security Baubles

Security Baubles

When choosing what matters most, don't let compliance alone distract from keeping actual security risks as the top priority says Andrew Jutson

If MDM is failing, what's the solution?

If MDM is failing, what's the solution?

Jamie Bodley-Scott asks, how can organisations protect data on mobile devices if the MDM market were to die - as some suggest it might?

HeartBleed - How we failed!

HeartBleed - How we failed!

The speed of reaction to Heartbleed was not matched by the quality of response, says Russ Spitler who calls for more and better education to effectively share knowlege that benefits us all.

Don't blame PCI - we need to deal with the card data

Don't blame PCI - we need to deal with the card data

Use of tokens is one of the ways we might limit the amount of sensitive data linked to our cards suggests Tim Critchley.

The threat of shared privileged accounts on social media

The threat of shared privileged accounts on social media

Secure your social media platforms or risk brand damage and worse says Matt Middleton-Leal.

Learning to love the Cloud

Learning to love the Cloud

You can use the cloud with confidence says John Sidhu, so long as you do your homework about what regulations apply, put appropriate safeguards in place then ensure you implement them.

Why web application security testing fails globally?

Why web application security testing fails globally?

Information security is too low down the corporate agenda suggests Ilia Kolochenko who advocates 'security consciousness' throughout the organisation.

It's not about the money

It's not about the money

Andrew McLean explains why security is the new differentiator for the cloud.

Using analytics to secure your network

Using analytics to secure your network

Knowing what's normal on the network will help identify attacks says Dirk Paessler

Sign up to our newsletters