As the Internet of Things (IoT) office becomes commonplace business owners should do everything in their power to ensure their hardware, customer data, and digital assets are safe.
Orly Shoavi, Co-General Manager, AppLovin Israel
Rather than avoiding using mobile devices for identity because of the security risks, the more logical approach would be to make smartphones a reliable and secure medium for establishing identity.
Growth in interconnected IT & OT environments is matched by converging security teams. A knowledge gap is emerging, with organisations struggling to find experts with the skills in both OT & traditional IT.
Use of internet services increases the attack surface and, because traffic patterns have changed, the security model needs to be re-architected for cloud-hosted applications.
Shouldering extra responsibility for 'emotional labour' is almost imperceptible when it enters the office uninvited, yet its one of the greatest barriers to having more women in tech and STEM industries.
There’s a lack of understanding that decisions made in the cyber-security department can affect the whole company, more so than a contained technical decision could. A cultural shift is needed.
If it’s not illegal to pay a ransomware demand, that still leaves open the separate question as to whether it’s ethical, then factor in the possibility that the criminals will not hold up their side of the bargain.
The new data management challenge is ‘small data sprawl.’ Organisations create, analyse & store data in more places because they need to react quickly to the needs of their employees and customers.
The five phases of defence to meet ransomware attacks are preparation, detection, containment, eradication & recovery. For victims of attacks, there is a very real, but underreported human cost.
Carrying out regular web code audits and penetration tests will help to proactively identify signs of compromise within the website and any integrated third-party applications.
Networks are environments where threats may invade, lie dormant or emerge anywhere. To defend themselves – not relying on reactive support mechanisms – networking & security must converge.
US food giant Mondelez was denied a £76 m insurance pay-out after suffering a Russian ATP cyber-attack deemed to be “an act of war” and not covered under the firm’s cyber-security insurance policy.
BT provides a real-world example of managing a large team and remote working during the Coronavirus pandemic.
Groups acting as “mercenaries” or ”hackers for hire” providing a convenient and deniable avenue for nation-states to conduct operations, plus financially motivated nation-state sponsored activity observed
Well-managed compliance entails locking down everything contained within your data estate by embedding your policies into the day-to-day processes and ingraining them into your people’s mentality.
The VPN industry will continue to make sure that using a VPN is affordable and easy - perhaps we will see devices coming off the shelves with a VPN built into the OS, automated and ready to go?
The remedy for outbound email errors is a combination of real-time data classification, raising user awareness, recipient contextualisation and communication evaluation.
The forgotten aspect of security – why data erasure needs to become a core element of security protocol
One in three organisations are taking considerable risks with the way they sanitise data at the end-of-life, leaving them open to potential breaches and noncompliance.
CISOs must capitalise on business leader’s rising security concerns, drive internal support for key security initiatives among CEOs & boards, & find a way to integrate security into their company culture.
Understand the Cloud Workload Protection Platform (CWPP) & Cloud Security Posture Management (CSPM) security models - key to Infrastructure as a service (IaaS) & critical to cloud security controls.
Organisations should ensure third party suppliers adhere to data standards and to protect themselves against liability. demanding certain credentials/standards, eg PCI DSS, ISO 27001 or Cyber Essentials;
Regular reviews of staff & processes is critical to staying agile in light of cyber-criminals’ increasing knowledge & creativity: ensure employees are forever mindful of any suspicious activity.
Seven cyber-security experts provide their thoughts on how and why businesses should be giving up legacy technology for good to keep their organisation protected.
Should we have cyber-security specialists, or should we have generalists? The real problem behind these statistics lies in the presented perception that there is only one role in cyber-security.
How can businesses best manage their data retention policies and control the location and replication of their data in the cloud? Here are some top tips they should follow to help them achieve these goals.
Security operations teams lack a common framework to share designs, processes and ideas.They can bring the disparate security practices together using automated workflows and processes.
There are multiple ways to gain access to a WiFi network, and it all starts with the components of the router.Here are some of the simple mistakes millions are making and how to rectify them.
As businesses implement their contingency plans around COVID-19, many are adopting remote working policies for the foreseeable future.
Connectivity has been the key driver behind SD-WAN; moving forward, security will be the driver; with the right tools IT and security teams can gain holistic visibility & control over connectivity.
The potential for flexibility and scalability has led to cloud-based services being one of the most popular weapons in the cyber criminal arsenal, used to carry out focused campaigns on a massive scale.
Rather than create potential security gaps and risk budget shortfalls through best-of-breed investments, CISOs are understanding that it may be better to consolidate on one provider that can do it all.
Having employees from up to four different generations with differing levels of technology skills, attitudes to security, working styles and expectations, creates new cyber-security challenges
What is often overlooked in the mad rush to innovate via adoption of big data and analytics, cloud computing, blockchain, AI, and IoT is the impact of these efforts on enterprises' cyber-security.
Phishing is cheap, but uses advanced technology. User-awareness is a challenge. Businesses don’t keep up. Patches address vulnerabilities – and vulnerabilities enable cyber-criminals to gain access.
For many organisations spending more on perimeter protection will make little additional difference to their security position. An alternative, software-defined segmentation, has 5 key requirements...
Plenty of organisations are compliant—but not secure. At the opposite end of the spectrum we rarely, if ever, find an organisation that is secure but not in compliance.
A comprehensive BYOD policy assumes two personas co-exist on the managed mobile device. In this way, partitions can be created to separate business and personal content and apps on the device.
Using multiple point products to keep networks secure may result in possible performance issues; using more than one security solution can become a security concern rather than good practice.
The pitfalls which organisations do fall down on is having unpatched devices combined with not having the correct security systems in place to manage the unpatched devices.
It is crucial for businesses to comprehend the importance of a solid strategy before they implement the technology that will protect their business. Here are 6 steps to an unshakeable cyber-security strategy:
A vendor security assessment should be carried out before any sensitive data is even passed on to a third party. All existing vendors should be a priority. They should be ranked from highest to lowest risk
Last year, 12,174 common vulnerabilities and exposures (CVEs) were reported. It takes the average organisation 38 days to patch a vulnerability but 25% remain unpatched for more than a year.
Despite their large numbers and massive scale, DDoS attacks usually fall into two main scenarios; each are described here, plus how to tackle them and enable the company to recover from the attack.
BEC attacks grew 58% last year. Creating a security-conscious culture throughout your organisation can only be achieved if you understand the thinking of those on the front line of cyber-attacks.
Reforms could have a significant impact start-ups over the medium term. Will the changes have a beneficial, or negative effect on immigration, digital infrastructure, entrepreneurs relief, education, .......?
Cloud providers are responsible for securing cloud infrastructure; cloud customers are responsible for securing the data they put in the cloud, which includes endpoints, accounts and access management.
Protecting a single vulnerable point of failure in the system is not enough, so backups securely stored off-site and in the cloud provide an extra layer of protection.
Today we could have the consequences that Bond villains were aiming to achieve back in the 2012 film - with cyber-attacks on critical infrastructure rated the top fifth risk in 2020.
Access-mining-as-service, with both credentials and direct access via Remote Desktop, SSH, or Remote Access Trojan (RAT) are being offered for sale on the darknet, often for just a few dollars.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout