Calls for 'cyber-sovereignty' are undeniably regressive; cyber-fragmentation & protectionism only help cyber-criminals. Governance of cyber-space should be by transnational institutions based on a global policy.
CISOs must strengthen their relationship with the CFO to secure the enterprise. Businesses can't operate on current levels of inaccuracy in estimating breach costs, nor will shareholders and customers tolerate it.
Segway...A form of transport ahead of its time - like cyber insurance? Insurers have no way of knowing how to compare a risk to a company in rural Canada vs. a company in Frankfurt, so how do they price it?
Organisations instead need to focus on what's really important: rather than securing the network, the focus needs to be on protecting the data itself.
Healthcare, & specifically the NHS, is a cyber-warfare target. Delayed patient referrals, investigations, & interventions can lead to anything up to death. More malicious attacks will focus on clinical data integrity.
Perfect (or near perfect) patching won't deliver 100% security, but gaps left by the tools used for patching. be it 5%, 10%, 15%, or more) represents 100%, of your organisation's vulnerability to known exploits.
5G speeds & capacity combined with edge devices will create new inter-connected edge-based networks that share & process information locally, creating new threat profiles not previously possible.
When we talk about the threat from Bring Your Own Application, two Facebook apps sit front-and-centre: WhatsApp and Messenger. IT teams have no oversight on what is being shared via these platforms.
The 'skills gap' is not simply a question of quantity, but rather of quality - ensuring people already in security roles are adequately trained & possess the right skills alongside the most up-to-date intelligence.
Individually, management of privileged devices (Privileged Access Management) and patching only fight half the battle but combined, they can dramatically improve an organisation's security posture.
With Code Stylometry, hackers can be traced much more easily, helping companies to better protect themselves against such attacks. Malware developers could be identified and prosecuted.
Apps are increasingly attracting the attention of organised criminals; compromised apps allow hackers to capture personal details, eavesdrop, track location, and control their IOT-connected world.
Organisations must move from firefighting to fireproofing through Continuous Controls Monitoring. To defend from cyber-attack, organisations must understand whether controls are switched on and working.
Paul Simon sang, "there must be 50 ways to leave your lover," highlighting the number of ways the same result can come about. There are always more ways than you might think... and its now true for data leaks.
DNS, the means by which all traffic flows, must always be open for users of all kinds to allow legitimate traffic into and out of the network making it comparatively easy for it to be abused by hackers.
Perhaps the most exciting development in real-world usage of blockchain has come with the utilisation of smart contracts. Long-winded processes such as property contracts are now being replaced by blockchain.
There are several security risks associated with remote working - most arise from companies not having the same support, policies or infrastructure in place for remote workers as for permanent or onsite staff.
This report shows a significant disconnect between the customers' expectations of the performance of their DDOS mitigation systems and the actual performance.
Advancements in biometrics & familiarity of using one's face as a second factor are blurring thanks to technologies such as Apple's Face ID. Future ID proofing & authentication will start with a simple selfie.
Organisations need to understand the impact of the cyber-security talent shortage on business resilience, security, cloud computing and other IT functions--and the best ways to bridge the gap. Solutions include...
The Office of Budget Responsibility has estimated that the UK will lose a staggering 50 percent of its EU national workforce after Brexit. The UK currently has vacancy rates varying from 20 to 30 percent.
Data processors resident outside Turkey whose activities affect Turkey may also need to register by 30 September 2019. Even failing to delete expired data can be punished by one to two years' imprisonment.
Traditional VPN access is overly permissive, granting remote workers access to more of the network than is required to complete their tasks. Zero-trust SDP remote access solutions do not have trusted zones.
An ever-changing security landscape poses the greatest threat to SMBs, while creating better opportunities for both managed service providers (MSPs) and managed security service providers (MSSPs).
Image steganography is becoming the concealment technique of choice for cyber-criminals and is one of the most frightening and underestimated threats out there.
With GDPR restricting how companies can share user data with third parties, the advertising industry may be at risk of losing a key part of its business model, plus many will seek another layer of protection VPNs.
When the Security Operations Centre (SOC) has too many alerts for analysts to process, nearly one in 10 (nine percent) turn off alert notifications altogether - despite what happened at Target who did the same.
As quantum computers become more accessible, the first measure will be to adopt quantum resistant algorithms so that data encrypted today can't easily be unlocked 25 years from now.
Implementing an Information Security Management System (ISMS) solution is one of the most effective ways to establish a centrally managed framework that unites all aspects of security.
Apple issued statements that it was aware of the bug problem and would be releasing a patch later that week. That's it. Has previous success led Apple to keep an outdated communications strategy?
The financial industry must continue to invest in technology to stay ahead and defend against emerging threats. Just because something protected a business last year that doesn't mean it will be sufficient today.
Don't fall into the trap of equating security with compliance. To deal with crossed wires about your security and compliance postures, it's crucial to rethink the role of evidence
The most effective organisations should strive to detect an intrusion in under a minute, understand it in under ten minutes, and eject the adversary in under an hour.
By taking responsibility for your own disaster recovery outcome, you will incur hardware, maintenance & building costs - despite this data centre serving little or no purpose, except if there is a disaster.
The proliferation of DDoS-for-hire services, powered mainly by the explosion of unsecure Internet of things (IoT) devices, has turned DDoS attacks into an everyday occurrence for organisations around the globe
Few blockchain security expert developers & security researchers exist, & even fewer qualified & credible partners with certified resources:The reality is that relative amateurs design many blockchain solutions.
Several barriers to achieving business resilience remain, including clear challenges between internal organisational structures and access to the right skills and technology.
Whether it's causing site damage or defacement, stealing sensitive information or initiating a DDoS attack, the scope to suffer a cyber-attack has increased substantially with websites the first to be exploited.
Apple macOS & iOS devices have become essential to many workforces. By reviewing these 10 actions/ processes, you can add layers of defence to boost your IT security & privacy data compliance stance.
Looking at the main breaches of 2018, most could have been prevented - or at the very least, the companies that were breached could have made it more difficult for hackers to obtain the information.
If companies ignore - or misunderstand - the threat that Sccial Media poses, it becomes the go-to platform for cyber-criminals to gain sensitive information or cause reputational damage from silly mistakes.
SonicWall Capture Labs monitored the UK threat situation throughout November & December 2018 & the results provide illuminating insights to help businesses get a full picture of threats & prepare accordingly.
Most algorithms out there are all built around figuring out TCPs, not UDPs. Users could deploy this form of software-defined perimeter to connect specific applications to home offices or centralised data centres.
Telecs are not only the victim of fraud, but the carrier of attacks as well. Phone numbers are now a main way to verify someone's identity and telecoms companies are increasingly custodians of our data.
Whether it's to band governments together to defeat a common enemy, create a public/private cooperative, or develop a sense of civic duty, causing a culture change is often the first step in turning the tide.
Email & network security may rank as the number one concerns of today but, when asked to gaze towards the future, 25 percent of respondents saw the cloud becoming their leading security concern.
Complying with privacy regulations is largely about data management. Therefore, effective privacy initiatives will also facilitate and strengthen an overall foundation for holistic data management.
Routers require hardening and configuring. Support for unused protocols, such as universal plug-and-play or Smart Install, should be removed, & recommendations for ensuring a secure configuration followed.
Under GDPR consumers have rights to access data that a company collects from them, to rectify any inaccuracies in the data, & to be forgotten or to demand that a company cease collecting data from them.
Encryption needs to be deployed as a function within an Information Assurance (IA) security overlay, on top of an organisation's existing network and independent of the underlying transport infrastructure.
Jan 31st, 10am
Gain insight into how multi-phased attacks are designed and how your business can prevent being knocked cold by one.
Brought to you in partnership with VadeSecure