This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Winning strategies in cyber warfare

Winning strategies in cyber warfare

The adversary has enormous capabilities in the cyber world, but it too is not without its vulnerabilities, and these must be exploited says Calum MacLeod.

Getting to the heart of the problem

Getting to the heart of the problem

As the Heartbleed bug demonstrates, passwords - especially the way they are commonly used across sites - are inherently vulnerable suggests Chris Russell

Changing the cost of cybercrime

Changing the cost of cybercrime

Oganisations need to cooperate and share threat intelligence in order to increase the cost of cyber attacks for hackers suggests Russ Spitler, VP product management, AlienVault

Internet of Things - Top Ten concerns

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

Why immersive training works

Why immersive training works

If you don't want your security training to be as compelling as an airplane safety presentation, vary the content and make an emotional connection says Scott Greaux.

Out of the bunker: A view from the C-suite

Out of the bunker: A view from the C-suite

Cyber security can't remain an IT issue. It needs to be addressed and filtered from the C-suite throughout the business, explains Rangu Salgame, CEO of growth ventures at Tata Communications.

The enemy within - beware the insider threat

The enemy within - beware the insider threat

Being alert to the danger of outside attacks is one thing, but like charity, security begins at home. Expect the unexpected, warns Geoff Sweeney, CTO of Tier-3.

Bitcoin: Protection in demand

Bitcoin: Protection in demand

Precautions must be taken to protect your Bitcoin horde, says LogRhythm's Mark Vankempen

A race for supremacy in information security

A race for supremacy in information security

Some may say that the lack of a recognised entry qualification for the information security industry is a good thing, for while professionalising ensures a baseline of competence, it can also be a barrier to talent from unexpected quarters.

Meet the new DoS - not the same as the old DoS

Meet the new DoS - not the same as the old DoS

A modest DNS investment can pay significant dividends in reducing the impact of DDoS attacks suggests Bruce Van Nice.

Don't let Snowden leaks chill cloud adoption

Don't let Snowden leaks chill cloud adoption

Cloud storage is itself under a cloud following Snowden, yet ironically its where the leaked data remains most secure says Campbell Williams

The challenge for cybersecurity is to find leadership

The challenge for cybersecurity is to find leadership

The way to avoid management by crisis is by having a strategy, goals, and plans to achieve them says Jarno Limnéll

Third-party access adds vulnerability

Third-party access adds vulnerability

Its time to take back third party remote access and increase visability on the network says Stuart Facey

BYOD - the hidden dangers

BYOD - the hidden dangers

Amir Lehr asks, What happens when your mobile ends up in someone else's hands?

Beware of Suspect Devices

Beware of Suspect Devices

Consumers need to get smart and be wary when installing and running 'dumb', but connected devices explains Keith Bird

What keeps IT managers awake at night?

How do they get any sleep at all asks Andy Aplin who advises CISOs to deploy dynamic security systems and strategies and choose an approach which complements the organisation's specific business needs and vulnerabilities

Forensic readiness - the new 'business continuity'

Forensic readiness - the new 'business continuity'

If you don't have good forensic readiness planning and testing in place, you are neglecting a core requirement of good organisational planning, no less than if you failed to have disaster recovery or business continuity planning argues David Rimmer

Security at scale for the enterprise: Borrowing a page from home security handbooks

Security at scale for the enterprise: Borrowing a page from home security handbooks

The tools that organizations have relied on to protect their networks are antiquated and no longer work.

Find, freeze and fix fast: What your team needs at the advanced threat gunfight

Find, freeze and fix fast: What your team needs at the advanced threat gunfight

Today's targeted attacks use advanced malware designed to defeat IT security controls through a variety of approaches that either confuse or avoid them altogether.

Why businesses fear the cloud

Why businesses fear the cloud

Cloud storage will be a hacking magnet suggests David Emm, with the most vulnerable point of entry for attackers being staff.

Redefining identity management in the digital world

Redefining identity management in the digital world

For those of us tasked with managing the security of the digital world for the enterprise, there are serious ramifications to this evolution of identity. Specifically, how we manage identity must evolve.

Secure your smartphones, not your wearables

Secure your smartphones, not your wearables

Its time for a reality check regarding security vulnerabilities on your wearables says Raimund Genes who suggests that they are not about to cause serious data losses any time soon.

Waking Shark II results lack bite

Waking Shark II results lack bite

SecureData's Alan Carter asks what was learned from Waking Shark II, and questions whether there be a sequel, or spin-offs of the franchise into other sectors of the economic and physical infrastructure.

Honeypot Valentine

Honeypot Valentine

From being drawn in by a honypot, through to being compromised, lessons from life can have parallels with what happens online suggests Calum MacLeod.

Can I play with Madness?

Can I play with Madness?

Jason Jones at ASERT, which discovered the Madness Pro DDoS bot, explains why this malware posses such an ongoing threat

What security level is appropriate in the cloud?

What security level is appropriate in the cloud?

Selecting an appropriate cloud security solution can be simplified by ensuring cloud providers offer different environments with appropriate controls that align with actual risks faced suggests John Godwin

Anticipating challenges

Anticipating challenges

Paul Midian asks, 'How much are you prepared to 'give of yourself' so that algorithms can predict your wants and make your life easier? '

BYOD: Protect the device, or the data?

BYOD: Protect the device, or the data?

The BOYD focus should be on securing data wherever, rather than being preoccupied with specific devices recommends Dr. Paul Steiner

Snapchat hack - a lesson almost learnt

Snapchat hack - a lesson almost learnt

Security stress testing needs to happen at the development stage says Grayson Milbourne, Director of Security Intelligence at Webroot, who looks at the lessons learned from Snapchat

Tech Goliath vs. innovative and secure David

Tech Goliath vs. innovative and secure David

Is the introduction of new technologies adding to security, or undermining it, asks Toby Flaxman, Senior Technical Security Consultant, IRM plc

Think like an attacker:

Think like an attacker:

Protecting enterprise endpoints in a rapidly evolving threat landscape

Pass the hash - again

Pass the hash - again

2014 could be set to become the year of PTH suggests Calum MacLeod, VP of EMEA at Lieberman Software Corporation

Of cryptography and conspiracy stories

Of cryptography and conspiracy stories

Encryption integrity is called into question following NSA leaks, says Alan Kessler, CEO of Vormetric

Context is king

Context is king

Context-aware security can make intelligent decisions while allowing mobile users to get the job done.

BYOD: Facing up to the inevitable

BYOD: Facing up to the inevitable

Businesses can accept employee device promiscuity without causing difficulties for IT management, says Centrify's Darren Gross.

New threats or old? It's both

New threats or old? It's both

It's a New Year with a new editor and new team members on SC. Thanks for the warm welcome from everyone we've met and we'll be talking to more of you throughout the year.

Why security is the next challenge for Bitcoin

Why security is the next challenge for Bitcoin

Since its launch in 2009, Bitcoin has continued to dominate news headlines, for both good and bad reasons.

Cooperation is key to Africa's security future

Cooperation is key to Africa's security future

Top 5 most common security development errors

Top 5 most common security development errors

Keeping it simple and ensuring the basics are properly covered is likely to result in the biggest improvement in software security, says Cigital's Paco Hope.

Compliance and the cloud: a culture clash

Compliance and the cloud: a culture clash

With the right approach, it is possible to ensure compliance AND take advantage of the cloud says Garry Sidaway

PRISM fiasco highlights the dangers of password sharing

PRISM fiasco highlights the dangers of password sharing

Snowden has highlighted the need for staff training to ensure password sharing is prevented explains Francois Amigorena, CEO of IS Decisions

Get your BYOD policies wrapped up by Christmas

Many more personal mobile devices will arrive in the office after Chrismas, so sort out your security policies now advises Leon Ward.

Can the cloud be secure?

Can the cloud be secure?

Blaming cloud providers for giving in to the demands of US intelligence is a naive approach to a complex issue.

Clarity sought inside the cloud

Clarity sought inside the cloud

Mobile and cloud security, along with insider threats continued to dominate concerns over the past 12 months -impacted by the increased attention resulting from the Snowden revelations and concerns about back doors - but despite these concerns, this year the cloud really did become pervasive.

Sun, sea and network vulnerabilities

As the Bring Your Own Device trend continues to grow we are seeing that many people using their smartphones at work are blurring the lines between professional and personal use, which is creating an 'always-on' trend. This change in culture means that now more than ever people find themselves logging on and checking emails and working from home, or even abroad.

Last word: Action stations

Last word: Action stations

The government has done its bit for cyber security - now it's up to businesses to take action, and quickly.

Viewpoint: Sell yourself better

Viewpoint: Sell yourself better

Having a hard time getting security budget approval? Start by being relevant and communicating.

Editorial: Help us keep SC at the cutting edge

Editorial: Help us keep SC at the cutting edge

You can't stop change, but you can help define it. SC Magazine has been around for well over 20 years now. And, as the leading information resource for everything cyber security, we've covered it all - from 1992's 'Michelangelo' virus to 1999's 'Melissa' worm to today's APTs, hacktivist attacks, compliance mandates and more.

How to investigate, identify and eradicate shadow IT

Shadow IT is an ever growing trend and one that can have a very real impact on a company's data and reputation, departmental spend and efficiency, and even its position as an IT leader.

How to make the most of mobile without compromising business data

How to make the most of mobile without compromising business data

The rise of mobile in the workplace shows no signs of abating. The trend is largely driven by consumers being used to using mobile devices, from tablets to smartphones, in their everyday lives.

The forecast: clouds gathering over Europe

The forecast: clouds gathering over Europe

Allen Scott, managing director of F-Secure UK & Ireland, dissects an extensive piece of global research into the cloud to discover the state of the cloud industry in the UK compared with Europe and the rest of the world.

Viewpoint: Industry must help academia value security fundamentals

Given the number of publicised high-profile security exploits, it is not unreasonable to expect that everyone involved in IT would be aware of the need to address security fundamentals, yet this does not seem to be the case.

BYOD 2.0 - dare we say it?

BYOD 2.0 - dare we say it?

When a term gets boring but is still relevant, it may be time to rebrand it and look at a new way to make it matter and heard.

A tipping point for effective corporate security measures?

A tipping point for effective corporate security measures?

It's a truism that a business is only as secure as its weakest point, so businesses should have security systems in place because staff members are going to mess up at some point.

Watching the Watchmen

Watching the Watchmen

Over at Cryptome, the cypherpunks have been busy looking at how the National Security Agency watches us.

Cloud security, sensitive data and the responsibility question

Cloud security, sensitive data and the responsibility question

As more and more organisations transfer sensitive or confidential data to the cloud, whether it is encrypted or not, important questions about who is responsible for securing and protecting this data are being asked.

Is social sign-on the next step for online security?

Is social sign-on the next step for online security?

Han van Meegeren was born at the end of the 19th Century in the Netherlands and went on to become one of the world's most prolific art forgers.

Why the boardroom is just like mission command

Why the boardroom is just like mission command

Whether top brass in the military, or CEO of a company, leaders have a lot in common.

The new duty of care

The new duty of care

All companies have a duty of care to their customers and employees while ensuring their business runs profitably.

Identity is the new currency

Identity is the new currency

The internet has evolved to become a vast social and interactive space, and with this evolution, new threats have emerged which are designed to target business and users' identity and trust in online services.

Seeking answers with NAC

Seeking answers with NAC

Corporate bring your own device (BYOD) growth is prompting enterprises to take a closer look at their networks and their approach to security.

Cyber security: the magic box myth

Cyber security: the magic box myth

The increasingly shrill headlines on security breaches have made cyber security a top priority among policy makers and in boardrooms.

Why iOS jailbreak detection is a fundamentally flawed security process

Why iOS jailbreak detection is a fundamentally flawed security process

I was recently speaking with a company about their concerns regarding security and the topic of jailbreak detection came up.

Put users in the zone to enable secure BYOD

Put users in the zone to enable secure BYOD

In the world of enterprise security, what used to be a fairly contained universe - with the ability to put effective controls at critical physical and online entry points — is now an exploding, constantly expanding target.

Professional monitor in association with (ISC)2: Understanding the impact of cloud computing

Professional monitor in association with (ISC)2: Understanding the impact of cloud computing

Understanding cloud computing's impact on all aspects of IT is vital, and this requires a broader set of skills and knowledge that meet the rapid evolution of the industry head on.

Keeping ahead of the threats

Keeping ahead of the threats

Using the incident pit technique in the wake of an attack is the best way to see off future threats to your organisation.

Anti-virus products should pack a punch

Anti-virus products should pack a punch

Believe an anti-virus vendor's marketing spiel and you might end up with a naff product - so do your homework.

Fun in the sun at April's infosec events

Fun in the sun at April's infosec events

We are always spoilt in April with not only Infosec, but 44Cafe and BSides London too - and this year was another corker.

UK healthcare is changing - do you know who is protecting your data?

UK healthcare is changing - do you know who is protecting your data?

The effects of leaked personal health information can be exceptionally damaging.

New doesn't always mean better

New doesn't always mean better

What do we really mean when we talk about 'legacy' systems? The dictionary definition is clear; a legacy is an inheritance or, used as an adjective, it's 'something outdated or discontinued'.

Has Prism scattered trust in IT security?

Has Prism scattered trust in IT security?

In the IT security and communications markets, it's been difficult recently to escape exposure to what's known as 'lawful interception'.

Strike back and you could strikeout

Strike back and you could strikeout

Between agenda-pushing hacktivists, financially-motivated cyber criminals and spying nation states, there is no shortage of attackers out there breaking into networks, stealing trade secrets and wreaking havoc.

Talking cyber security with the UK government

Talking cyber security with the UK government

It is easy to be critical of the government when it comes to cyber security, but the truth is that up against attacks, a lack of funding and an increasingly able adversary, what it is achieving is not all that bad.

Diluting the threat of identity pollution

Diluting the threat of identity pollution

Identity pollution has created a breeding ground for fraudulent activity.

DDoS attacks to knock you offline - when, not if?

DDoS attacks to knock you offline - when, not if?

In a story I did a month ago, I looked at research that suggested that distributed denial-of-service (DDoS) attacks were not being taken seriously at all levels of business.

OSINT Tools: The foundation for social engineering and phishing attacks

OSINT Tools: The foundation for social engineering and phishing attacks

Have you ever wondered how someone 7,300 miles away without legitimate access to a network can learn more about an organisation than its own employees?

Intellectual property theft - detection is the best prevention

Intellectual property theft - detection is the best prevention

Intellectual property (IP) is no longer safe and businesses are losing their competitive edge as a result.

Cyber crime and popcorn anyone?

Cyber crime and popcorn anyone?

You can't watch a Hollywood blockbuster these days without some character, good or villainous, hacking into someone else's network.

After the crime: content-based forensic triage in practice

After the crime: content-based forensic triage in practice

The digitisation of all aspects of business and growing volumes of digital storage are causing the global digital forensics industry to expand rapidly.

Abuse of privilege

Abuse of privilege

Visitors to the recent Infosecurity Europe show were bombarded by vendors offering to secure their infrastructures from the outside.

Online Ownership

Online Ownership

The cloud has been a somewhat nebulous concept for a few years.

Are you prepared for an incident?

Are you prepared for an incident?

Increased media attention on cyber incidents, strong data protection legislation and regulatory interest in security has brought increasing investment and progressive improvement in proactive security within companies.

You've been breached: Who should be held accountable?

You've been breached: Who should be held accountable?

With the ever increasing threat of cyber crime knocking on one's door, many large organisations are reliant on IT security teams to protect their vast network from attack.

Building defences for BYOD

Building defences for BYOD

The insatiable consumer appetite for technology and the proliferation of mobile devices in people's personal lives has driven enterprises to adapt their ways of working.

Security at the enterprise edge

Security at the enterprise edge

There's no doubt that doing business in this day and age is exciting.

Effective cyber threat defence requires clear security focus

Effective cyber threat defence requires clear security focus

Cyber risk has time and time again been identified as one of the top risks facing organisations, irrespective of their size or industry sector.

Why Facebook, Google and Apple have got authentication wrong

Why Facebook, Google and Apple have got authentication wrong

We've known that the password hasn't been secure for quite some time.

Professional monitor in association with (ISC)2: Infosec professionals need to work with law enforcement

Professional monitor in association with (ISC)2: Infosec professionals need to work with law enforcement

Collaboration between infosec professionals and law enforcement agencies is vital, says Victoria Baines, the European Cybercrime Centre's strategy and prevention chief.

Lock down your Macs

Lock down your Macs

Pay attention to the Macs in your office, especially if they are used by people unaware of the risks they present.

Don't judge potential and existing employees through automated analysis

Don't judge potential and existing employees through automated analysis

Neither automated analysis, nor the manual reading of Twitter posts, is a useful practice for HR to engage in.

The art of cyber war in six steps

The art of cyber war in six steps

As the number and severity of cyber crimes continues to grow, it is important to understand the actual process an attacker follows when compromising a targeted computer or network.

Mind the gap - CEOs need to address their lack of cyber security knowledge

Mind the gap - CEOs need to address their lack of cyber security knowledge

In early 2012, with the Olympics looming, I was a civil servant trying to explain cyber security issues to more senior civil servants.

Would you like chips with that outsource?

Would you like chips with that outsource?

Many organisations faced with increasing in-house IT infrastructure and staffing costs look at other organisations with outsourced operations with envy.

Information super highway becomes super-fast

Information super highway becomes super-fast

The pattern of network and internet usage today is undergoing a tremendous shift that is nothing short of a life style change, demanding a transformation in security capability.

How to secure the virtual world

How to secure the virtual world

Cloud computing has been taking the IT world by storm - according to recent figures from Gartner, the industry grew by nearly 20 per cent globally last year.

E-Biometrics - Has your keyboard been faithful?

E-Biometrics - Has your keyboard been faithful?

For decades, we have relied on a simple 'two-pronged key' to allow us into virtually any computer system on the planet: the veritable userID/password combination.

Why are you failing to meet your portable data security responsibilities?

Why are you failing to meet your portable data security responsibilities?

Organisations across the UK are of course aware of the need to secure personal and corporate data within their business.

Why encryption comes of age

Why encryption comes of age

Over the past few years, the IT market has become commoditised, dominated by the larger distributors.

Big data propels SIEM into an era of security analytics

Big data propels SIEM into an era of security analytics

In the past few years, a stunning range of government agencies and prominent corporations have succumbed to stealthy, tailored cyber attacks designed to exploit vulnerabilities, disrupt operations and steal valuable information.

The new skeleton key: changing the locks in your network environment

The new skeleton key: changing the locks in your network environment

While attending school in Helsinki, I discovered a password 'sniffer' attack in our university network.

Newsletters