Could your user access mismanagement cost you £2m?

Could your user access mismanagement cost you £2m?

Predictive analytics can scrutinise employees' network activities to forestall fraud and other insider threats, says Paul Dyson.

iCloud's two-factor authentication silver lining

iCloud's two-factor authentication silver lining

Last August, a trove of private images leaked online following a series of targeted brute force attacks against celebrity accounts in iCloud, says Silvio Kutic.

Pre-empt the regulations and safeguard your data NOW!

Pre-empt the regulations and safeguard your data NOW!

Take steps now to protect your data ahead of changes to the General Data Protection Regulations in Europe, says Andy Hardy.

Sun, sea and shadow IT

Sun, sea and shadow IT

Chris Mayers provides warnings and advice for firms to help them stay safe as more workers log on when on holiday.

Privileged identities are at the core of today's cyber attacks

Privileged identities are at the core of today's cyber attacks

Given the difficulty of preventing them, we should focus instead on minimising the damage from cyber-attacks, says Philip Lieberman.

Disaster recovery planning - it's not just how but when

Disaster recovery planning - it's not just how but when

The old saying "failing to prepare, is preparing to fail" is never more appropriate than when applied to disaster recovery (DR), says Oscar Arean.

Why IT service management teams must play a key role in cyber resilience

Why IT service management teams must play a key role in cyber resilience

When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.

Top three network risks for mobile workers and how to counter them

Top three network risks for mobile workers and how to counter them

As more and more business is conducted remotely, users need to adopt solutions that will address security weaknesses inherent in Wi-Fi, says John Knopf.

Five myths of industrial control system security

Five myths of industrial control system security

Despite growing awareness of cyber-based attacks on industrial control systems, many IT security models continue to adhere to the outdated belief that physically isolating systems and 'security by obscurity' is enough, says David Emm.

PCI DSS v3.1 - Are you ready?

PCI DSS v3.1 - Are you ready?

Retailers must migrate to PCI DSS v3.1 by June 2016 which means an overhaul in the way data is encrypted and transmitted, says Kevin Bocek.

How your red team penetration testers can help improve your blue team

How your red team penetration testers can help improve your blue team

Red-team penetration testers can help train your security team to recognise common and not-so-common attack techniques, says Rowland Johnson.

Incident response - time is of the essence

Incident response - time is of the essence

Cyber-attacks are a top threat to organisations today; however, despite an increased effort to keep up with the rising scale and complexity of threats, IT teams are struggling to defend their networks, says Mike Smart.

The information security landscape of the future

The information security landscape of the future

Will your organisation wake up to a data protection nightmare in 2017, asks Stephen Midgley.

Is cyber-security the IP of the 21st century?

Is cyber-security the IP of the 21st century?

In the changing online world, new measures must be put in place to protect intangible assets, says Margee Abrams.

Faster security understanding with visualisation

Faster security understanding with visualisation

Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.

Cyber security of industrial systems: the risks that lie in client machines

Cyber security of industrial systems: the risks that lie in client machines

Industrial environments are becoming increasingly automated and interconnected, with control systems often networked over the Internet. This growing computerisation exposes industrial control systems to a number of threats - with potentially disastrous consequences, says Florian Malecki.

How UK crypto-currency businesses can detect money-laundering

How UK crypto-currency businesses can detect money-laundering

Paul Stokes explains how a recent proposal by the UK government to regulate digital currencies presents a huge opportunity for the UK to become a leader in the area.

It's time to think inside the box

It's time to think inside the box

Chris Marrison considers the importance of looking at security threats already inside the network - rather than just what's trying to get in.

Poor patching is still one of the biggest security issues

Poor patching is still one of the biggest security issues

The bulk of the software on which we rely has not been written with sufficient rigour and we are paying the price, says Tony Dyhouse.

Data protection doesn't have to be a four-letter word

Data protection doesn't have to be a four-letter word

With concerns over data privacy growing apace, how do you prove to a user that their sensitive personal data has been erased, asks Pat Clawson.

Will we ever get ahead of the hackers?

Will we ever get ahead of the hackers?

The number of data breaches has continued to grow in 2015. Barely a day goes by without a company or country falling victim to a cyber-security attack, says Gary Newe.

Ping of Death: How an adorable sounding DDoS attack can wreak havoc

Ping of Death: How an adorable sounding DDoS attack can wreak havoc

Small doses of poison can add up to a lethal cocktail of DDoS in what is being called the ping of death, says Sophie Davidson.

Innovation versus infosecurity

Innovation versus infosecurity

Innovation and security should not be mutually exclusive but unfortunately they often are seen that way, says James Henry.

Cloud security for the 'everywhere enterprise'

Cloud security for the 'everywhere enterprise'

As mobility introduces changes in workplace dynamics, Charles Milton looks at how to shift power in favour of the CISO while securing the borderless enterprise.

Is your summer intern more prepared than you?

Is your summer intern more prepared than you?

Your business needs to secure itself against the new wave of Summer Interns, says Chris Sullivan.

Botnet takedowns: are they worth it?

Botnet takedowns: are they worth it?

Botnet takedowns make good headlines and earn kudos for law enforcement and companies like Microsoft but are they worth the time and effort, asks Dan Holden.

Top of the app charts - Shuabang: automated malware made in China

Top of the app charts - Shuabang: automated malware made in China

Shuabang companies in China sell installs and user ratings to app developers to help boost their profile, which is leading to new forms of malware, says Chema Alonso.

Putting people at the heart of your IT policy: Five tips to get it right

Putting people at the heart of your IT policy: Five tips to get it right

IT security policies must evolve to embrace sensible policies for bring-your-own-device (BYOD), says Chris Mayers.

The future of password managers

The future of password managers

Despite the LastPass security breach, password managers are still the most realistic method for ensuring we all use strong passwords, says Bill Carey.

How overcoming security challenges improved customer experience

How overcoming security challenges improved customer experience

In the age of connected objects, social networks, smartphones and new consumer behaviours, the IT security department has an increasingly important role for enterprises across all sectors, says Thierry Bettini.

Securing Hadoop - inflating the life rafts for big data lakes

Securing Hadoop - inflating the life rafts for big data lakes

New platforms such as Hadoop are pushing IT professionals to find innovative solutions to ensure data security, says Greg Hanson.

The applicability of ISO 27001 across industries

The applicability of ISO 27001 across industries

Dejan Kosutic says ISO 27001 is applicable not only to IT firms, but also to financial organisations, government agencies, telecoms and health organisations.

Data breach alert: the rising threat of contractors

Data breach alert: the rising threat of contractors

With the increasing number of contractors being employed by organisations, it's vital that their access rights are regularly reviewed, says Paul Trulove.

With our data under threat, it's time to set security in for the long-term

With our data under threat, it's time to set security in for the long-term

Responsibility for securing data is now increasingly shifting towards the board leading to a change in role for the IT department, says Terry Greer-King.

Smelling an mRAT: Defeating targeted attacks on enterprise mobiles

Smelling an mRAT: Defeating targeted attacks on enterprise mobiles

Commercial mobile surveillance kits are a growing security threat. Michael Shaulov looks at the scale of mRAT infestations, and how to avoid them.

Look beyond the darknet to manage supply chain risk

Look beyond the darknet to manage supply chain risk

Vetting staff and contractors, including what they are saying on the internet and the darknet, is vital to protecting your company, says Tim Ramsey.

Facing up to the end of Windows Server 2003

Facing up to the end of Windows Server 2003

Don't end up as the weakest member of the herd following the end of official support for Microsoft Windows Server 2003, says Ian Trump.

Mobile fraud: a reality check

Mobile fraud: a reality check

Everyone is talking about mobile fraud but the threat is not as widespread as it is made out to be, says Helen Holmes.

How relevant is Cyber Essentials to your business proposition?

How relevant is Cyber Essentials to your business proposition?

Now starting its second year, Cyber Essentials certification is quickly becoming recognised as an invaluable kite mark and roadmap for organisations wishing to improve their cyber-security, says Chris Stanley.

Is Bitcoin the answer to fraud?

Is Bitcoin the answer to fraud?

As Bitcoin grows in popularity, could the crypto-currency be the solution to online fraud, asks Akif Khan.

The future of security is in the cloud

The future of security is in the cloud

Paul Lipman explains why he thinks that the cloud offers a way forward for securing the complex interconnected world.

Ensuring your security policy works

Ensuring your security policy works

Alex Vovk explains how to leverage security policy and ensure it's performing correctly to prevent a data breach.

Harvard hacked: the impact of educational cybercrime

Harvard hacked: the impact of educational cybercrime

University networks are becoming increasingly more attractive targets, as witness last week's attack on Harvard University in America, says James Burns.

Macro malware epidemic returns

Macro malware epidemic returns

The return of a decade-old attack vector, the malicious macro, requires a granular, policy-based approach to managing email at the gateway, says Greg Sim.

Security considerations when taking iPad POS mainstream

Security considerations when taking iPad POS mainstream

Businesses of all sizes have begun to consider iPad POS as a viable option, but what are the security implications, asks Josh Smith.

Last Word: Cyber-blackout - The dangers within and without the grid

Last Word: Cyber-blackout - The dangers within and without the grid

Utilities face thousands of cyber-attacks every day, but we are not prepared for a successful take-down despite the very real threat says Oliver Eckel

THREAT OF THE MONTH: Cryptolocker

THREAT OF THE MONTH: Cryptolocker

The world of data breaches - and how to avoid being part of it

The world of data breaches - and how to avoid being part of it

Norman Shaw looks at the causes of data breaches, what it costs and what the market needs to consider in order to protect itself.

Rombertik: what you should know about the evolution of destructive malware

Rombertik: what you should know about the evolution of destructive malware

Protecting yourself against malware that's aware of anti-virus programs and can self destruct to avoid detection is tricky, says Corey Nachreiner.

EU relaxes Data Protection Regulation reform

EU relaxes Data Protection Regulation reform

Less stick more carrot: EU relaxation of Data Protection Regulation reform is a positive development, says James Henry.

How to get IT to eat its vegetables

How to get IT to eat its vegetables

Patching can be a significant pain for organisations. Similar to eating our vegetables, it's something we know we should do but is still hard to swallow for various reasons, says Rob Juncker.

How to safely enable Microsoft Office 365

How to safely enable Microsoft Office 365

How can businesses enable Office 365 and its rich ecosystem of supporting apps securely without risking security issues or data loss, asks Eduard Meelhuysen.

BoE email leak: how to solve a problem like human error

BoE email leak: how to solve a problem like human error

Alexander Pope said, "To err is human; to forgive, divine." Could he have been thinking of the infamous Bank of England email leak when he said that, asks Rainer Gawlick.

IT enablers: How CIOs can make the move from gatekeepers

IT enablers: How CIOs can make the move from gatekeepers

Cloud computing is no longer in the sole charge of the IT team as organisations vie to take advantage of new cloud services, says Ian Finlay.

The Sally Beauty hack: a cautionary tale we should all learn from

The Sally Beauty hack: a cautionary tale we should all learn from

The problem with targeted attacks, of course, is that they are designed to stay hidden, as we learned from a recent hacking case, says Kev Pearce.

Cyber-security industry needs benchmarks for access risk

Cyber-security industry needs benchmarks for access risk

Wave upon wave of data breaches are putting company IT security measures under the microscope worldwide, says Chris Sullivan.

The need for industry standards in the fight against cyber-crime

The need for industry standards in the fight against cyber-crime

The CBEST testing framework created by the Bank of England is a positive step but it could be stronger, says Clayton Locke.

Securing your organisation from insider threats

Securing your organisation from insider threats

Living in a networked world has its advantages, but it also leaves organisations vulnerable to exploitation by malware, inadvertent employee actions and malicious attacks, says Salo Fajer

Why a company's greatest vulnerability is its people

Why a company's greatest vulnerability is its people

While Snowden, high-profile data breaches and hacking dominate the headlines, the more pernicious risk to business continues to be simple human error, says Tony Pepper.

Identity management in the new frontier

Identity management in the new frontier

Identity management is a complex task that requires not just a hefty dose of common sense when sharing information on the Internet, but also a reliance on third-party businesses to safeguard that information and respect consumer privacy, says Andrew Thomas.

'Need-to-know' strategy does not pass muster in cyber era

'Need-to-know' strategy does not pass muster in cyber era

Defenders in the cyber-domain need to abandon the Cold War principle of 'need-to-know' - a gratifyingly simple but effective maxim, says Alister Shepherd.

Holborn fire underscores need for business continuity planning

Holborn fire underscores need for business continuity planning

According to the old adage, failing to plan is planning to fail, and as Matt Kingswood says, recent events in Holborn, London are a timely reminder of what can happen.

Using HSMs to prevent RansomWeb attacks

Using HSMs to prevent RansomWeb attacks

Prevention and threat detection tools can only go so far, and should be used as part of a layered approach to data security, says Paul Hampton.

Unexpected obstacles on the road to maximising information value

Unexpected obstacles on the road to maximising information value

Despite the objective of releasing greater business value from information, most businesses prioritise locking it down, says Sue Trombley

Securing the contact centre from the inside out

Securing the contact centre from the inside out

Matthew Bryars, CEO of Aeriandi, analyses the threat of insider fraud and what contact centres can do to minimise risk

'The best defence is a good offence' in evolving security, networking market

'The best defence is a good offence' in evolving security, networking market

Dieter Lott discusses the security and networking solutions market and how organisations should be adopting a new proactive approach to security breaches given that IT infrastructure is in a constant state of change.

Teach children to hack ethically to save them from dark side

Teach children to hack ethically to save them from dark side

Teach children to code and, yes, even to hack so they learn about the power and potential perils of the internet, says Nick Banks.

Protecting your assets from the front lines

Protecting your assets from the front lines

Patrick Peterson examines why organisations need to focus on both external and internal assets to address the phishing threat.

Tracking the cyber kill chain: 'spot and block' no longer enough

Tracking the cyber kill chain: 'spot and block' no longer enough

It must be hard as an IT security professional not to feel overwhelmed by the sheer scale and sophistication of the threats facing your organisation, as the language used to describe modern cyber-attacks has become increasingly militaristic.

Living with the enemy

Living with the enemy

Preference for technical solutions, rather than organisational change is resulting in over-investment in stopping cyber-attacks rather than detecting attacks and defending data says James Henry.

Cyber-insurance: no replacement for locks on doors

Cyber-insurance: no replacement for locks on doors

Companies should build a holistic and forward-looking cyber-security programme capable of forecasting potential security threats and alleviating those risks before they cause serious damage says Piyush Pant.

What the next government's cyber-security policy should look like

What the next government's cyber-security policy should look like

The new government needs a new cyber-security policy as a priority - with sufficient resources - and drawn up by people with a good understanding of the issues, says Raimund Genes.

Why Geofencing will become the next endpoint security innovation

Why Geofencing will become the next endpoint security innovation

Geofencing can restrict access to devices or applications while inside a company's perimeter, making it impossible for devices outside the perimeter to access the network explains Roman Foeckl

Cybersecurity requires stealth, patience and resources on a global scale

Cybersecurity requires stealth, patience and resources on a global scale

We must monitor cyber-criminal connections to follow attackers back to their source and have mechanisms − technical or legal − to stop them resuming their activities elsewhere says Neil Campbell.

THREAT OF THE MONTH: Komodia libraries

THREAT OF THE MONTH: Komodia libraries

Debate: is your money safe online?

Debate: is your money safe online?

Jen Andre and Cameron Camp debate online financial security

2 minutes on: UK bangs the drum for cyber-insurance

2 minutes on: UK bangs the drum for cyber-insurance

Cyber-insurance is the new go-to for large corporations trying to defend themselves from data breaches, but the UK is lagging behind - and that is something the government wants to fix.

Last word: prepare for the end - of MS Extended Support

Last word: prepare for the end - of MS Extended Support

MS Windows 2003 servers (WS2003) reach end of life on 15th July 2015 - but don't panic! They'll still operate in the same way, but could become more susceptible to cyber-attack warns Kevin Linsell

Extracting the weak link in password protection

Extracting the weak link in password protection

Removing human interaction with passwords and automating their selection and frequency of change is certainly a step in the right direction says Richard Walters.

Is your cyber insurance fit for purpose?

Is your cyber insurance fit for purpose?

Due to the complexities of IT security, achieving clarity on cyber-insurance policies is going to be a growing challenge says Rowland Johnson

What immediate action should an SME take to stop a hacker?

What immediate action should an SME take to stop a hacker?

SMEs need to be aware of the risks faced, whilst implementing quick and easy protective measures that will make them more secure than the average victim says Chema Alonso

Taking a trip of discovery into the unknown

Taking a trip of discovery into the unknown

Ben Harknet says security teams need to develop an effective external threat management programme as a core component of their overall security capability to deal with broken SSL certificates and third party app vulnerabilities.

Governments need to protect industry from cyber-espionage - and some do

Governments need to protect industry from cyber-espionage - and some do

Public-private partnerships in cyber-security are needed with governments helping protect their private sector from cyber-espionage - as demonstrated in Finland and Israel

Attention, criminals: DMARC will not get your spam delivered

Attention, criminals: DMARC will not get your spam delivered

Time to set the record straight on email authentication: DMARC won't get spam into the inbox, says Rob Holmes

Securing data where it matters most

Securing data where it matters most

Building a database security strategy is the first step for a company in ensuring security has been addressed inside out says Alan Hartwell.

Fingerprint technology far from foolproof for banking apps

Fingerprint technology far from foolproof for banking apps

A new approach to mobile user protection should focus on self-defending apps that provide an integrated, dedicated and secure solution to cyber-crime threats suggests Tom Lysemose Hansen

Government security initiatives: is the message getting through?

Government security initiatives: is the message getting through?

We need to see all results of government initiatives - both positive and negative - if industry, and especially SMEs are to act on them says Alan Carter.

Alert fatigue: When your security system cries 'wolf.'

Alert fatigue: When your security system cries 'wolf.'

Too many false positives inevitably reduce response times - and even response numbers - so raise the verification bar and thereby limit them says Chandra Sekar.

Organisations are compromised - time to Respond!

Organisations are compromised - time to Respond!

In the wake of successful cyber-attacks, and security incidents taking down some of the biggest brands on the planet, impacting critical infrastructure and banking systems alike, it may be asserted that, when it comes to technology, by evidenced implication, it would seem to be exposed, fragile and vulnerable.

Spear Phishing: Extracting the sting from infected documents

Spear Phishing: Extracting the sting from infected documents

Targeted emails with infected attachments are the hacker's weapon of choice but there are ways to avoid being spiked by spear phishing says Noam Green.

You think you've nothing to steal? Hackers don't agree.

You think you've nothing to steal? Hackers don't agree.

Few understand the value of their website to hackers says Ilia Kolochenko, warning that even an individual blog is potentially at risk.

Prison escape via mobile phone highlights social engineering vulnerability

Prison escape via mobile phone highlights social engineering vulnerability

A prison escape with a fake release note, from a fake website, set up via mobile phone, demonstrates yet again that people are our biggest security vulnerability says Fotis Gagadis.

Network visibility can prevent you from being the next cyber-security headline

Network visibility can prevent you from being the next cyber-security headline

Better understand what's happening on your network and you'll be better prepared to tackle hostile intruders says Corey Nachreiner.

Five steps to creating a secure software defined environment

Five steps to creating a secure software defined environment

Security is needed everywhere within the software-defined data centre as physical security is no longer an adequate defence against current threats says Dr Gerhard Knecht.

Cloud app ecosystems and what they mean for enterprise data

Cloud app ecosystems and what they mean for enterprise data

Unsanctioned subsidiary Apps are coming into the enterprise via sanctioned 'anchor' apps - with 35.1 percent of all app sessions occuring across four main ecosystems of Box, Dropbox, Google Apps, and Salesforce explains Rajneesh Chopra.

Cyber snipers: are you the target?

Cyber snipers: are you the target?

IT staff have greater access privileges - and ironically, even more so when they are junior - making them worthwhile researching by spear-phishers warns Kev Pearce.

A global tour of data regulation

A global tour of data regulation

We're all potentially in the global data market now, so do your research, ensure you know your market, and take every preventative step you can says Jonathan Armstrong.

Force Majeure - insurance for cyber-warfare?

Force Majeure - insurance for cyber-warfare?

Relying on cyber-insurance when your defences are actually negligent will increasingly become unsustainable - and unavailable - says Philip Lieberman.

The second coming of DLP: Learning lessons from the past

The second coming of DLP: Learning lessons from the past

2015 could be the year of DLP, argues Guy Bunker.

Keep your friends close... but your insiders closer

Keep your friends close... but your insiders closer

A well-defined security programme focused around the company's most critical data, combining technology and education powered by metrics, will help businesses reduce insider risk levels says Neil Thacker.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US