From reactive network security capabilities we moved to developing predictive capabilities and now we are now able to achieve prescriptive security capability, intervening autonomously or flagging up issues to assist human decisions.
GDPR-ready but prioritising cyber-security, including education and training for all staff to develop cyber-security culture, will enable delivery of significant financial savings.
Lack of key security allows criminals keys to the kingdom after scanning 25,000 systems per day to find unsecured SSH private keys.
Has the one-armed bandit met its match in the sophisticated cyber-thief?
Enterprises seem to be getting the message, at last, that security posture cannot be measured by pocket depth as budgets get cut by a third.
When it comes to cyber-security, the problem is that while businesses and IT leaders are prioritising cyber-security investment, the investment in that security has always been responsive, rather than preventative says Steve Inglessis.
Although Secure Shell (SSH) keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured according to a recent report by Venafi.
30GB of data stolen from a small Australian military defence contractor which included technical information on jet fighters, transport aircraft, 'smart bomb kits.' Culprit, the lone IT technician.
Organisations must secure their encrypted tunnels or risk leaving themselves at the mercy of cyber-attackers says Nick Hunter who insists they can, and must, implement centralised intelligence and automated systems.
Unlike compliance mandates, the Center for Internet Security's Critical Security Controls enable you to easily see where holes exist in your current security armoury before you engage external expertise says Mark Kedgley
Oliver Fay examines the rise of Business Email Compromise (BEC) and describes a series of measures that even the smallest companies can put in place to help better protect themselves against BEC.
Piers Wilson, director of the Institute of Information Security Professionals (IISP) looks at the people challenges for an industry in the spotlight
NCSC annual review: 1,131 attacks reported - thus two significant attacks per day, with 590 classed as significant and more than 30 requiring a cross-government response - industry reaction varies.
On Saturday the UK National Lottery's website was down - just as those players who stake online, rather than in retailers, were trying to pick their numbers and part with their cash - thanks to a DDoS attack.
Silicon Valley is a globally renowned hallmark of technology, success and innovation whose companies define huge elements of our lives. David Howorth asks, why is there no equivalent in the UK, and how can we change that?
Despite keeping the world constantly connected, 4G networks are still plagued with weaknesses that leave entire mobile networks and future "Smart Cities" open to fraud and other attacks.
Itay Glick runs through some of the protections and their effectiveness against becoming not just the victim of a data breach, but also an early casualty of swinging GDPR fines.
Applications themselves should have security built in that detects that the application is being pushed to the background says Giovanni Verhaeghe. Then any user input should be blocked and the placing overlay eliminated
Apple's iOS 11.01 seems to have addressed previous problems that prevented users from sending emails from Outlook.com and Exchange accounts along with at least one potentially critical security flaw.
Latest round of cyber-attacks underscore the need for regular security awareness training says Eldon Sprickerhoff.
In order for an organisation to see a clear return on its SOC investment - an investment that can currently see millions spent and effectively nothing gained - it needs to ask where its efforts are best focused says Luke Jennings
More data records have been breached in the first six months of 2017 than the whole of 2016. The Gemalto Breach Level Index reports that this amounts to an astonishing 121 records lost or stolen every second of every day.
More than a quarter of law firms in England and Wales were targeted by fraudsters in 2016, with most attempted scams taking place online, but there are a number of steps which can be taken to prevent attacks says Peter Groucutt
With increasing reliance on cloud applications, businesses must start taking the issue of security in the cloud seriously. They must start asking the right questions about the service providers they are looking at says Joe Pindar
In our connected society, securing the network "hive" is very much a team effort. Only by assessing and defining the landscape in the first instance can a successful security strategy be put in place says Russell Crampin
The human is the most essential part of any security programme and they need frictionless ways to work with data, be more productive, secure their environments, and apply their own methods to their tools says Josh Mayfield.
Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table says Sam Hutton.
Cloud gives certain tools. We need to understand as organisations where our core competence is and for many companies, it's not infrastructure." But he added that you do need visibility about what is going on.
PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."
To combat cyber-attacks we need to look at a cultural change within the company and shunt Cyber Security higher up the agenda. A great start could be ISO/IEC 27001 Information Security Management standard says Tim Schraider.