Cyber Security News, Articles and Updates

Cyber resilience and the emergence of prescriptive security:

From reactive network security capabilities we moved to developing predictive capabilities and now we are now able to achieve prescriptive security capability, intervening autonomously or flagging up issues to assist human decisions.

NHS needs to develop cyber-sec culture to reap benefits of digitisation

GDPR-ready but prioritising cyber-security, including education and training for all staff to develop cyber-security culture, will enable delivery of significant financial savings.

Hackers scanning for unsecured SSH private keys on WordPress sites

Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.

News Feature: Gambling machine guru Blaine Graboyes bets big on security

Has the one-armed bandit met its match in the sophisticated cyber-thief?

Enterprise security budgets slashed by a third; is spend appropriate?

Enterprises seem to be getting the message, at last, that security posture cannot be measured by pocket depth as budgets get cut by a third.

The cause of recent cyber-attacks: complacency.

When it comes to cyber-security, the problem is that while businesses and IT leaders are prioritising cyber-security investment, the investment in that security has always been responsive, rather than preventative says Steve Inglessis.

SSH privileged access has minimal control at most organisations

Although Secure Shell (SSH) keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured according to a recent report by Venafi.

Contractor's only IT technician steals 30GB of Australian defence secrets

30GB of data stolen from a small Australian military defence contractor which included technical information on jet fighters, transport aircraft, 'smart bomb kits.' Culprit, the lone IT technician.

Shining a light into encrypted tunnels - 5 worst things attackers can do

Organisations must secure their encrypted tunnels or risk leaving themselves at the mercy of cyber-attackers says Nick Hunter who insists they can, and must, implement centralised intelligence and automated systems.

Before chewing through Compliance, nibble the Critical Security Controls

Unlike compliance mandates, the Center for Internet Security's Critical Security Controls enable you to easily see where holes exist in your current security armoury before you engage external expertise says Mark Kedgley

How to combat Business Email Compromise

Oliver Fay examines the rise of Business Email Compromise (BEC) and describes a series of measures that even the smallest companies can put in place to help better protect themselves against BEC.

The drive for more skills, greater professionalism and better balance

Piers Wilson, director of the Institute of Information Security Professionals (IISP) looks at the people challenges for an industry in the spotlight

NCSC 1st year: 1,000 attacks - 'shocking' level, or 'is that all?'

NCSC annual review: 1,131 attacks reported - thus two significant attacks per day, with 590 classed as significant and more than 30 requiring a cross-government response - industry reaction varies.

National Lottery hit by DDoS attack - down 90 mins at peak demand time

On Saturday the UK National Lottery's website was down - just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash - thanks to a DDoS attack.

How the UK can create its very own Silicon Valley?

Silicon Valley is a globally renowned hallmark of technology, success and innovation whose companies define huge elements of our lives. David Howorth asks, why is there no equivalent in the UK, and how can we change that?

4G vulnerabilities put mobile users and even Smart Cities at risk, study

Despite keeping the world constantly connected, 4G networks are still plagued with weaknesses that leave entire mobile networks and future "Smart Cities" open to fraud and other attacks.

How the next cyber breach could cost you 4% of revenues: Defensive options

Itay Glick runs through some of the protections and their effectiveness against becoming not just the victim of a data breach, but also an early casualty of swinging GDPR fines.

How to avert overlay attacks - deploy built-in app security

Applications themselves should have security built in that detects that the application is being pushed to the background says Giovanni Verhaeghe. Then any user input should be blocked and the placing overlay eliminated

Apple patches a potentially critical vulnerability with iOS 11.0.01 update

Apple's iOS 11.01 seems to have addressed previous problems that prevented users from sending emails from Outlook.com and Exchange accounts along with at least one potentially critical security flaw.

Can your employees identify a phishing attack?

Latest round of cyber-attacks underscore the need for regular security awareness training says Eldon Sprickerhoff.

Are SOCs failing? People-centric security is key in attack detection

In order for an organisation to see a clear return on its SOC investment - an investment that can currently see millions spent and effectively nothing gained - it needs to ask where its efforts are best focused says Luke Jennings

Rate of data compromise revealed: 121 records per sec; defenders lagging

More data records have been breached in the first six months of 2017 than the whole of 2016. The Gemalto Breach Level Index reports that this amounts to an astonishing 121 records lost or stolen every second of every day.

How can the legal industry address the threat of online scams?

More than a quarter of law firms in England and Wales were targeted by fraudsters in 2016, with most attempted scams taking place online, but there are a number of steps which can be taken to prevent attacks says Peter Groucutt

Protecting the cloud - a GDPR issue that can't simply be outsourced

With increasing reliance on cloud applications, businesses must start taking the issue of security in the cloud seriously. They must start asking the right questions about the service providers they are looking at says Joe Pindar

Protecting your network hive: 4 security trends you need to know about

In our connected society, securing the network "hive" is very much a team effort. Only by assessing and defining the landscape in the first instance can a successful security strategy be put in place says Russell Crampin

Threat hunting? Ditch the SIEM and use the principles of Big Data

The human is the most essential part of any security programme and they need frictionless ways to work with data, be more productive, secure their environments, and apply their own methods to their tools says Josh Mayfield.

The steps you must take to keep malware right outside your organisation

Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table says Sam Hutton.

Balancing digital good / bad - ensure visibility, take responsibility

Cloud gives certain tools. We need to understand as organisations where our core competence is and for many companies, it's not infrastructure." But he added that you do need visibility about what is going on.

100% of breached PCI certified companies failed PCI compliance audit

PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."

Companies need to adopt a culture-shift to ensure cyber-threat awareness

To combat cyber-attacks we need to look at a cultural change within the company and shunt Cyber Security higher up the agenda. A great start could be ISO/IEC 27001 Information Security Management standard says Tim Schraider.