The security of building management systems has improved over the last few years but many of them aren't set up properly to avoid being hacked, according to security researchers.
To speak meaningfully and to be taken seriously by policy makers about issues like ransomware will require us not just to learn the language of the boardroom but the language of society at large, and of government.
Learning by doing. If you don't have - and practice - a breach recovery plan, then a simulation exercise can demonstrate why you should have one, identify your weak spots, and encourage you to take action to plug the holes.
Former Yahoo chief executive Marissa Mayer apologises for the two massive data breaches at Yahoo that occurred during her tenure and resulted in 3 billion credentials being stolen, blaming Russian agents for at least one of them.
Senior leadership should pursue stronger business outcomes. Theresa Grafenstine says that becomes a much smoother proposition when at least one board member - ideally several - have expertise in governance of technology.
Although Secure Shell (SSH) keys provide the highest levels of administrative access they are routinely untracked, unmanaged and poorly secured according to a recent report by Venafi.
For those businesses that want to reduce the brand risk of cyber-attack, Marc Lueck says more emphasis on recovery is the easiest place to start. It will also go a long way to future proofing organisations against upcoming threats.
Recent cyber-attacks reveal how vulnerable organisations are and that those who actively manage security have limited damage and recovered fastest says Matthias Maier
Survey from consulting firm shows there is still much work to do to identify and protect the 'crown jewels' of mission critical data.
More than half of cyber-security professionals find it difficult to highlight possible security system weaknesses for senior management, while the rest find it more difficult to admit something has gone wrong.
Building blocks of IT security 4: Through Life Operation can be unglamorous and unpopular because it can be where the realities of earlier expedience-driven omissions, reductions in capacity and capability come home to roost, says Tony Collings.
Following the JD Wetherspoon data breach, there are many questions about the cause and the mistakes that led to it. But the company's mistakes offer valuable lessons for other businesses as Pat Clawson explains.
When it comes to information security it's been well documented that everybody has a key role to play in protecting sensitive and valuable information, says Nick Wilding.
Passive inspection is too slow in today's interconnected, data-rich IT environments, says Thibault Reuille.
Workforce collaboration via mobile devices and apps is a positive thing, so long as business options are used says Joseph Do.
You need to delve deeper into the risks in your supply chain to really know what your exposure is says Nick Ford.
Preparation and organisation can enable effective security for one man SOCs or small teams explains Joe Schreiber.
Torben Andersen describes the top eight reasons why multi-factor authentication is a security best practice that CEOs need to ensure is implemented.
A holistic approach to security management is needed to bridge the gap between stategy and technology says Chris Yule.
The way to avoid management by crisis is by having a strategy, goals, and plans to achieve them says Jarno Limnéll & Lior Tabansky.
FireEye have announced that former Symantec CEO Enrique Salem has joined its board of directors.
Until fairly recently, headlines regarding data loss more often than not concerned lost laptops, USB drives and even CD-Roms.