Just one in ten only allow corporately provisioned and approved BYOD IT devices & many firms still do not have sufficient data security measures in place. These steps can reduce the risk of a significant breach....
Use of deepfake videos in spear-phishing and impersonation attacks is just one of several ways in which AI can be employed for criminal gain. AI could enable malware to change its behaviour and characteristics
With the final months of Windows 7 support ticking down, the time is now for organisations to take control and effectively manage their enterprise migrations to Windows 10.
Registry breaches, domain hijacking, phishing or the use of malware illustrate the need for organisations to implement the correct security procedures to protect their DNS and safeguard their organisation.
Asset management is a security issue: How ITAM and security should work together for complete visibility
Discovery in the IT asset management field hasn't kept up with the cultural and technological shift that has occurred in other areas such as development, security and operations.
Combining EPM, SSO, and MFA into a single cloud-based identity solution addresses many of the pain points that both IT teams and employees highlight with security solutions.
In CTI security & intelligence professionals are still exchanging information through ineffective means. This kind of interaction would benefit from a protocol to help create a common framework for idea sharing.
Passwords alone are too straightforward, even with additional numbers or special characters. Businesses relying on traditional passwords risk employee & customer personal data being compromised.
Interconnected & collaborative Saas applications are a major target for attackers, allowing compromise of an entire company through a single breach, but AI can contexualise unusual activity to spot these threats.
Alarm bells should be ringing for all companies who do not safeguard consumers' data or are monetising it in ways their customers didn't consent to as EU regulators start to collaborate and ramp up enforcement.
Companies who adopt a cloud-based data warehouse can reduce the overhead dedicated to their security responsibilities and utilise third-party SaaS solutions hosted on the larger cloud infrastructure providers.
CISOs should be aware of several new trends emerging in security and risk management (SRM) in response to both new and existing threats, & their potential to create a resilient and prepared organisation.
GDPR gives preparation of data for due diligence heightened importance, understanding levels of personal data exposure, & how to manage or mitigate risks. Virtual data rooms can increase efficiency and security.
Protocol (DDoS) attacks direct traffic at an intermediate device between the internet & the core of the target's network, degrading performance enough to achieve an attacker's goals yet remain under the radar.
With increased regulator focus on companies' privacy practices the complexity of merging two companies has become particularly acute. Here are four key areas to consider when you're entering a deal:.....
Banks aren't ready for strong customer authentication (SCA) under PSD2. What must they do to be fully compliant and fully aware of the dangers lurking ahead? Despite a delay (see note) the question remains.
Companies must consider how transition to quantum-secure systems will affect their business. (Tamper-proof) security is on the physical layer enabling complete end-end connection without SSL or VPN.
What happens when two AI or ML systems meet head-to-head? Will ML systems eventually always beat AI, will they both be vulnerable to simple tricks? Will they remove human access to protect themselves?
39% of SOC pros want investment in new tech; most would change their approach to areas like staffing, outsourcing and facilities, while 9% would not change anything to improve the effectiveness of their SOC.
Many lawyers still use WhatsApp as a preferred method of communicating sensitive information. The app has been compromised before & should never be used to communicate any sensitive information.
Privileged password management solutions let you create, share, and automatically change enterprise passwords. You can assign user permissions at any level, and track password usage with full audit reports.
Businesses operating in China will now need to pay more attention to the data protection legal developments and take action to ensure full compliance
Security2Live is an initiative that aims to build a community of people to share advice and provide guidance on how to discuss, share and assist others in raising their digital safety skills.
By adding fingerprint biometric capabilities to portable or staff-owned devices, management of remote or flexible working staff is simplified; management can see when staff are logged in and hours worked..
To protect against IoT vulnerabilities, recognise the issue & take action to address it. The most effective way is to develop & implement a holistic defence strategy, incorporating the following nine steps:..............
It is important to understand that there are some VPN protocols that are offered which are not secure and should be avoided. These protocols include PPTP, L2TP, and IKEv1. Preferred options include .......
It is more important to reduce the highest risk to your business, which may be from a lower-rated CVSS that affects a business-critical system, or a vulnerability that is prevalent on many machines.
The complexity of encryption and sheer number of products available means users can often struggle to understand it and judge whether it meets their needs, eg under TLS data is not encrypted at all times.
How breach and attack simulation (BAS) can help businesses get ahead of phishing and other cyber-threats
BAS technology tools perform hundreds of tests a day all year round to assess the security posture of the organisation, letting you know, 'Does my security work?' - while Pen testers answer, 'Can they get in?'
For this glitch to happen so soon after BA received a £183 million fine as it failed to ensure the protection of customer data, it seems like the airline is not acting swiftly enough to resolve its software issues.
Legacy perimeter security technologies will not suffice in protecting students and staff in the new post-perimeter reality. Where educational data lives cannot be defined within a single location.
A global, centralised view of all domain names across all locations is the first place to start. The registrar should have a portal constantly checking for security and code vulnerabilities, as many websites have.
55% of US workers think that email communication prevents them from doing their job properly with both spam as well as loss and theft of data major concerns which encrypting data has not overcome.
Some 44 per cent of IT leaders already recognise that a stressed/ overworked workforce making mistakes is a contributing factor toward potential insider threat incidents.
There are steps that organisations can take to not only ensure data protection, but to create a strategy where security and DevOps complement each other. How to overcome the inherent security flaws .....
Mobile deployment requires organisations to ensure they are fully protected against evolving cyber-security threats by securing all endpoints under a single, integrated enterprise mobility management solution.
MITRE ATT&CK not-for-profit knowledge base of cyber-criminal tactics & techniques is globally available to government, education, & commercial organisations to share the most effective responces to attacks.
5G adoption will require a host of invested parties, from OEMs to MNOs, to cloud and security vendors and governments, to protect the data and ensure that the correct security protocols are in place.
IT and OT environments require different cyber-security tools, but to eliminate security risks and reduce the organisation's cyber-risk, they need to bring IT and OT together in an integrated security strategy.
Relying on your network provider to protect you from SIM Jackers is a mistake, they are using SMS text-based account recovery methods to log into exchanges, seize funds, and move them to their own wallets.
More diverse & inclusive cyber-security teams are more able to facilitate a broader range of ideas and perspectives about how to prevent an attack from taking place. So what steps do we need to take?
Local security solutions just don't cut it any more: businesses desperately need the protection of ATP and sandboxing; they need it in the cloud because that's where meaningful volumes of data are aggregated.
By ensuring proactive measures to effectively manage passwords, coupled with implementing good password hygiene process described here, businesses can thwart the threat posed by password pirates.
How can any law firm justify basing its security posture and risk both its business and reputation on the assumption that hard pressed employees will never make a mistake?
70% of UK IT pros aren't confident their skills can successfully manage their IT environments over the next three to five years. Whatever the skills needed for tomorrow; IT pros don't feel they have them.
Traditional businesses will more likely have legacy systems open to attack, particularly post M&A activity. Digital-first companies can embed state of the art security systems and procedures from the outset.
A more proactive approach to privacy requires going beyond big promises & instead takes real, concrete action. Hackers will get in so the focus must be on preventing them from stealing data in the first place.
With the cyber-skills gap still posing a very real threat to the security of UK businesses, Andy Barratt explores the role of ex-servicemen and women in bridging the gap.
Detection-based solutions often can't identify & stop zero-day & undetectable threats in content, whereas Content Threat Removal is designed to remove 100 percent of cyber-threats concealed in content.
If passwords were removed digital identity platforms would have only two authenticators - physical tokens and biometrics. Without passwords, physical tokens would be the only fallback measure for biometrics.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout