IT decision-makers need the resources to educate themselves about the best ways to implement AI/ML tools, vetting & partnering experts with long-standing experience using and developing AI/ML
Security measures must reach for a level of transparency, honesty and accountability to earn and maintain enterprise trust while working with more — and sometimes brand new — technology.
There’s nothing new about misinformation. We need to scale up and level up our responses to misinformation in many areas, from Covid scams, fake domains, social media misuse to deep fakes.
Law enforcement efforts disrupting dark web marketplaces is finally discomfiting our opponents, but in turn the black hats are evolving their tools and tactics to monetise a new breed of attacks.
Low-level keyloggers are notoriously difficult to identify & eliminate, & standard anti-virus solutions offer very little protection. They often execute undetected using polymorphism & virtual machine detection.
With remote working becoming the ‘new normal’, enterprises must now execute smarter security strategies to ensure their businesses, workers and data stay secure.
Companies who are not proactive and sit behind legacy systems in the hope that they are protected, are increasingly finding that they are not.
The problem with password alternatives such as biometrics and single sign on is that they are simply not robust enough to provide a viable alternative now, and they will not be for a long time.
Getting the balance right between public health and data privacy. The big question is how to best leverage technology while also avoiding the downsides of eroding data privacy controls?
Streaming providers eg Netflix, YouTube & Amazon, reduced their Streaming quality to standard definition to remain available while it's being downloaded & streamed in full HD by illegal pirate sites.
The impact of a ransomware attack targeting OT systems can be severe as, depending on the victim, it could bring about huge blackouts, outages and kinetic damage by targeting ICS systems.
Technology changes, but the motives of criminals remains the same: take from those who have without paying the fair and honest price for the goods or value received.
Demand for managed file transfer (MFT) software & services is increasing at an unprecedented scale to deal with secure data collaboration and the criticality of supporting employees working remotely.
Using a mixture of manual and automatic processes, we assess whether each proposed domain registration is likely to be for fraudulent purposes and suspend those we suspect.
72% of remote workers say they need to access, share & receive sensitive customer information to do their job; 14% say they have little to no understanding of their company’s data protection policies.
25% of businesses use over 100 third-party vendors; most require access to internal applications, data, & company assets to carry out their day-to-day tasks. 90% allow access to critical internal resources.
E-commerce transactions have soared 81% but web and mobile banking apps have a considerable attack surface - even if we discount code vulnerabilities and security testing tools like SAST and DAST.
VPNs only mitigate risk—they can’t prevent it altogether. VPN virtual “tunnels” help users access office environments from home, but the organisation has no control over other technology & devices used.
An independent Secure Digital Workspace gives employees added agility without turning them into security risks. The fact that it enables “work from home” is just a bonus.
Without the right level of investment made in network security technologies to improve detection and response times by leveraging threat intelligence, companies face a rocky year ahead.
Pretexting is considered fraud and is often NOT covered by cyber insurance policies. Organisations need effective business processes with oversight so there are no single points of approval or execution.
The key objective is to enable employees to access applications securely and smoothly without any obstacles and via the most direct, logical route, regardless of where the mobile user is located.
OT systems work differently from standard IT networks and many standard security controls are not compatible across both systems, leading to gaps in security unless specialist measures are taken.
Discovering the insider threats of working from home indefinitely or for extended periods and where they come from is the first crucial step businesses must take in order to effectively mitigate them.
Navigating the crisis with a slimmed workforce, stalled investments and slower production levels is a continued challenge for company executives, aided by strengthening human-machine collaboration.
Organisations are looking at stealthier ways than passwords, to allow access and reduce the friction of managing cyber risk while strengthening security in ways that are transparent to users.
CTI feeds sacrifice depth for scale, & are too attack-centric (rather than adversary-centric). Millions of threat indicators are provided, often completely irrelevant or non-contextual to users' threat perception.
The EU’s proposed ban on facial recognition in the new Covid-world – finding balance between privacy and public safety as “touchless” forms of biometrics become the norm.
If the authentication procedure has established that the user should have access based on the identity attributes at hand, then the process evaluates the attributes and makes the yes/no decision.
it is now critical that organisations understand the data they process & own, have systems that allow decision-makers to derive insight & are able to do so in a way that is both secure and compliant.
For optimal cybersecurity, businesses must ensure that they adopt the right culture & attitude towards it. Change must be driven from the top, with leaders embedding a culture of cyber-awareness,
Organisations' IT, security & DevOps teams need an in-depth knowledge of the cloud AND how to protect it, understanding & implementing cloud security policies, controls, procedures and technologies.
The key to effective control monitoring right now is reprioritisation - there are not really any new controls that have suddenly become important, but the relative focus of these activities is likely to be different.
All businesses face security challenges during this period. Discovering what these insider threats are and where they come from is crucial for businesses in order to effectively mitigate them.
What will the 2020’s privacy landscape could look like? The biggest challenge posed to regulating parties will be constantly adapting regulations at the same speed that new technologies are developed.
Secure means nothing more than communication with a website is encrypted, so the information you enter might not be able to be intercepted, but if the intended recipient is a phisher, then it doesn’t matter
Organisations need to define their security and business continuity plans. These plans need to account for their workforce having to work from home for a minimum of three to six months more.
NCSC & cybersecurity companies cooperate to provide centralised guidance to defend against phishing. CIOs should heed this guidance and consider a number of measures ....
What are the repercussions when healthcare professionals use insecure platforms to host private consultations with vulnerable patients? With standard encryption the provider can access any call data.
VPN is a tool to enable security rather than an entire toolkit; it lacks anti-malware or compliance checks. Fast access without adequate protection can lead to potentially disastrous consequences.
Companies need a fraud solution that analyses and correlates the location, device and behavioural data of users, and identifies bots in a split second to quickly determine if it is a genuine customer.
We’ve seen a shift to digital banking so verifying a customers’ identity remotely isn’t a new challenge for many banks and financial institutions. Context-aware identity verification, driven by AI & ML advised.
CISOs want to find out how companies facing similar challenges tackle them & what lessons they learned. A company’s calibre of thought leadership is used to judge its suitability to work with.
Identifying the right remediation measures to fix prioritised vulnerabilities may cause a significant delay if those measures have to be implemented by a different team other than the security team.
Any UK citizen could be contacted by a genuine Test & Trace agent - or fraudster - at any time. Unless it's secure enough to be used on all citizens - regardless of their job - it can't be be fit for purpose at all.
MacKeeper faced a class-action lawsuit because the company allegedly deceived users into paying for unneeded fixes. Can it now fix its reputation? Should we have published this? Are you convinced?
Identity-as-a-Service (IDaaS) solutions offer on-demand, "plugged in" expertise via APIs, allowing development teams to simply integrate digital identity features into existing technology.
BEC ransomware tactics can be mitigated by understanding a threat actor’s perspective of your estate. Vulnerabilities targeted are relatively easy to identify and sit at the edge of networks, including ...
The sudden spike in digitisation was not born of a well thought out plan but of confusion. On a conventional battlefield, or in cyberwarfare, the secret to winning is to outwit your opponent. 5 steps...
The cybersecurity landscape is always changing, but many businesses don’t know how to ensure that their defences move with the times. Being fluid and adaptable is key.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout