A full endpoint audit also includes a review of software patching practices, deciding how to manage and install updates, and thinking about further security controls that can be applied to these devices.
2020 Cyber Security Breaches Survey highlights a surge in cyber-threats for UK businesses - the percentage of companies that are attacked at least once a week has increased by 50 percent.
Providers of smart city networks need to establish a chain of trust in their technology. A biometric digital identity should sit at the root of that chain of trust in smart city networks.
Usually, security measures are not incorporated into mobile apps from the start; these measures are brought in after a breach has occurred. Sadly, a mobile breach is likely to occur in the near future.
The Covid-19 pandemic has instantaneously, created a pervasive working from home environment. CISOs’ concerns are no longer about road warriors, but these hordes of dining table warriors.
The most influential must have formidable virtual defences as their importance makes them a lucrative target for threat actors, both personally and as an access point to valuable corporate data.
Identify all assets, their access & coms patterns; authenticate, authorise access controlling all assets; encrypt all data flows; continually monitor all data flows and assets for changes & anomalies.
By implementing the following measures, both the public and private sectors will ensure digital responsibility, enable data innovation and deliver effective privacy protection: ....
Being able to deploy more or less IT expertise as situations demand is akin to best practice usage of cloud services. But is freelance work inherently insecure?
Securing the remote workforce: Don’t be caught out by third party app vulnerabilities in Microsoft Teams
To prevent Microsoft Teams from exposing a company’s data, it is essential that the company decides which applications it is happy to have installed and which it wants to block – and at what levels.
Organisations looking to stay ahead of would-be attackers and survive whatever threats may come their way would benefit from supercharging their backup to include three core attributes: ......
The catastrophic Covid-19 event forces us to re-formulate our digital transformation efforts, renew our commitment to cybersecurity, & drive new ways of working & living that will outlast the current crisis.
People are effectively prioritising convenience over security. Many organisations don’t have the right solutions in place to prevent ransomware attacks and instead are investing too late, after the attack.
The big unknown in the system now is the behaviour of the individual staff member. It is time to ensure people are acting in ways that continue to keep the organisation’s information safe and secure.
The correct digital infrastructure for a business could be the only thing that keeps your company from becoming one of the many that will sadly go under in this time of crisis.
Even if a worker has patched devices, virtual private networks, regulated access permissions, etc, the risk of a breach is still ever present, especially with malicious insiders.
The four main pillars of successful remote working that businesses of all shapes and sizes can use to get up to speed quickly, maintain productivity and hopefully emerge unscathed are.....
Cyberthreats are viewed as a significant risk to organisations, one capable of disrupting core operations and inflicting serious damage to brands and reputations.
Zero Trust can bring massive bonuses, like halting lateral movement, but it’s way more stringent than the Principle of Least Privilege, eg if someone can’t open something why let them even see it?
Given the wide variety of potential use cases, there is no one-size-fits-all approach to DLT security. However, the solution lies in standards and a comprehensive framework that guides implementation.
Technical CISOs must set aside their own skills & listen to their team & board. Less technical CISOs need to communicate technical concepts effectively even if they don't have the skill to implement them
Software architects and developers must be trained to implement their products in a way that trivial deployment mistakes will not be possible - their solutions must be secured by design.
Security & operations have a lot to gain by automating their vulnerability management efforts. To maximise its advantages, teams need to employ solutions that address the following key requirements:
Why both Wi-Fi & 5G are still largely undefended against common cyber threats & what we need to do to ensure businesses aren't forced to compromise security for Wi-Fi performance.
CISOs must make difficult decisions about how to continue managing risk whilst supporting productivity at a time of crisis. Split tunnelling is one option, but it carries extra risks....
39% of organisations have been compromised via mobile or IoT devices - employees may be suspicious of a CFO email saying transfer a large sum of money, but less wary of a fake phone call.
Five-star hotels and resorts hold an abundance of data on high net-worth customers, making them attractive to cybercriminals. Hotel WiFi connectivity gathers reams of data as patrons connect devices.
The EU's parochial proposed new regulations for Digital Strategy and AI strategy, putting health in a high risk category, could have required extra legislation for fighting Coronavirus had it been in place.
APT behaviour is becoming increasingly important - more organisations are at risk of being targeted, and their tools and techniques tend to trickle down to be used more widely in commodity attacks
How can consumers expect businesses to protect their data from external attacks if their internal practices put them at risk? Claims can be brought under GDPR for material and non-material damage.
A CISO’s security programme must be both risk-based and prioritised. Heat matrixes or Red/Amber/Green are “worse than useless" and should not be used for any decision of consequence
During digital transformation - digitising processes & services to improve efficiently - information security is often an afterthought, left until the last minute when it’s too late to do anything about it.
Accidental APIs open systems up to insecure communications & compliance failures, eg an accidental API applied without SSL can expose sensitive data by transmitting it through plain text, not encrypted.
Cyber-education must go beyond raising awareness and has to effectively change behaviour; security behaviour is a product of three things: capability, opportunity, and motivation.
Business working patterns are changing permanently; devices will be inevitably be lost and stolen so well-established device loss protocols are key to decrease the risk of serious data loss, other issues...
Many businesses exclusively hire cybersecurity staff from the small graduate pool. To solve the skills gap the industry must start valuing apprenticeships as equal to, if not better than, a university degree.
A top-down approach to cybersecurity works if the CEO and the Board pave the way. Six international experts explain which security policies will strengthen employee cyber resilience in 2020.
Every authentic email will need to be independently verified if responsibility shifts from the asset owner who's best placed to prevent & detect a BEC attack, and onto the recipient who cannot detect it.
A successful fraud attack on your customers can have severe financial and reputational fallout as regulators impose large fines and victims lose confidence in your security defences.
Mechanisms to provide access for any one individual’s data on an encrypted service puts everyone on that service at risk, and if criminals gain access to that route all bets are off for everyone on the service.
Advice on remote working including anti-phishing, DMARC, 2FA, virtual audit, mental health, & prvacy, eg don't mix leisure with business - use your’Chat with friends’ app not your cozy new virtual office.
Analyst fatigue can be aggravated by performing repetitive actions. Automation using rules based on previous experience determines if action is needed, resulting in only alerts require further investigation.
Training isn’t the answer. Whatever your training spend users still make costly mistakes. Security tools and training are not enough. Take security out of users’ hands & get to know them & their behaviours.
Criminals are using bigger ransomware attacks and this cyber-crime isn’t likely to stop any time soon, so having a solid strategy and taking the necessary steps to protect against it is imperative.
By Andrew Fitzgerald. Don’t assume that just because you’re taking backups, you can rest easy at night, it’s not that easy. The question is what sort of functionality, beyond simple backup and restore, do you need?
We have left the EU. The UK may get an extension of equivalency, or businesses may need to set up a European subsidiary quickly - what are the security, data sovereignty & remote working considerations?
The real skills gap exists beneath CISO level, particularly around specialised technical skills. Oganisations should focus on identifying talented individuals and invest in training them up
Banks are already taking steps to ensure Covid-19 related threats are mitigated successfully. Now financial services could make some truly positive changes from the situation we find ourselves in.
January 1, 2021 is not only the start of a new year, it also ushers in the next installment of anti-fraud for the payments industry: PSD2. The EU has already granted at least one extension Another is unlikely.
Normalisation of multifactor authentication is coming from an unexpected direction - its becoming more common in consumer services - making its introduction by businesses so much easier.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout