Who's responsible for identifying, analysing and mitigating any/all risks that have the potential to negatively impact the business's productivity or earnings? CRO or Risk committee? What to look for in a CRO.
AI can be tricked relatively easily: IT security leaders should be aware of the limitations of AI-powered threat detection systems and ensure they are used only in combination with human analysts.
Data-centric security is a must for the new age of zero trust, which substantially reduces network exposure; there are a few best practices or ground rules that organisations need to follow:.....
38 percent of UK consumers are ready to embrace fingerprint biometric methods of authentication for wider government identification such as driving licences, national insurance numbers and passports.
User & Entity Behaviour Analytics (UEBA) includes behavioural analysis of entities other than users, eg routers, servers, endpoints, to analyse behaviour across multiple users, IT devices & IP addresses, to detect complex attacks.
The SMB community has very specific challenges to navigate, and yet it's not always clear what they should be prioritising, how much time should be spent on each, or what support is available to them.
Change Control differs from Change Management as it affords complete visibility of all changes, down to a forensic level. Its necessary for security, for control of vulnerable config settings & detecting hacker activity.
The most significant advantage of encrypting and storing user data inside a device is increased security and safety of users' data, without creating additional costs for the service provider.
There's a variety of VPN providers to choose from, and many offer different business packages, each with different pros and cons. However, there's a couple of business-specific factors & features to look out for...
Focus on specific areas where a breach would impact overall bottom line. It might be beneficial to address the more well-known critical vulnerabilities instead of tackling the latest headline grabbing vulnerability.
Legislation by itself is not enough of a deterrent to put companies off misusing data. Until someone is hit with a significant punishment, data will continue to be commodified and used poorly.
High quality security features embedded within core Office Productivity technology increasingly allow organisations to reconsider their core security investment. Can in-built security deliver additional value?
To break down information management barriers, cross-technology stack orchestration & performance management is key. Without timely usage information IT managers have no insight into organisational needs.
The application of Artificial Intelligence within network security management is both viable and vital for companies of all shapes and sizes.
Big data from monitoring technology layered with AI enables data analysis to predict how, when & where cyber-attacks might occur. But human experts are best placed to determine what to do with the data.
Malware hiding in SSL-encrypted traffic is on the rise; companies must not be lulled into a false sense of security
The dramatic rise in encrypted traffic has provided hackers greater opportunities to leverage SSL/TLS connections to deliver malware to users, hide data exfiltration, and mask C&C communications.
Once something goes wrong, it's not instant curtains for the business - there are always stages where the problem can be tackled to minimise fallout. It's worth taking a walk through a fictional data breach.......
Having a cyber-resilience plan in place is no longer a 'nice to have'. All sensitive traveller data should be encrypted yet only 30 percent of organisations have adopted an encryption strategy.
Businesses and end-users must learn how to effectively secure their endpoint devices. If the default log in & passwords are changed before the device is attached to the network it's more likely to remain secure.
To secure privileged accounts - a major source of breaches - it's essential to gain an understanding of how they can be attacked. Here are six of the most common privileged account attack vectors:.....
A quantitative examination of the why biometrics as a 2FA factor achieves exactly the opposite security effects of multiple authenticators deployed in 'multi-entrance methods as against 'multi-layer' method.
Organisations must balance the opportunities offered by third parties with potential threats. Companies should carry out a thorough cyber-risk assessment for all new third-party partners and service providers.
We need to encourage more and more women to apply for managerial or technical positions within cyber-security and in other sectors (to) capitalise on potential financial and growth opportunities in the industry.
Diversity and inclusion is tough. It needs welcoming policies stated on your website; an inclusion statement in all job descriptions; overt diversity representation of your workforce in communications materials
Now that anyone with some development nous can create a half-decent app, consumers rely on official marketplaces to be arbiters of safe and 'legitimate' content. But they only offer a false sense of security.
Processing EU members' PI gets complicated once the UK becomes a 'third country'; its only allowed if 'deemed adequate', or 'appropriate safeguards' applied. This process took New Zealand 4 years.
Simply reacting to new threats doesn't work. Counteract them, architect & embed security into information technology systems from the start. It sounds easier said than done, but its not just possible, its essential.
Business & professional services fill vital gaps in corporate know-how with expertise ranging from auditing to planning. They became the most attacked sector in EMEA last year, accounting for over 20% of attacks
No company can ever be 100% secure; companies should focus on where the impact will be the biggest. Interaction between IT admin staff, top execs, key vendors and at-risk employees should be monitored.
69% of tested ATMs are vulnerable to black box attacks, and it can be completed in less than 10 minutes. Recent research found 100% of ATMs to be vulnerable; the attack targets bank cards' magnetic stripe.
The C-suite is twice as likely to believe that their threat intelligence programme is "well-defined" compared with security teams; those believing their threat intelligence programme is "industry leading" - 44% vs 26%
As the threat landscape shifts and evolves, enterprises are waking up to the reality that there are limits to their in-house capabilities. Is it time to be more open to outsourcing security to a specialist partner?
Ideally, perimeter-based solutions will incorporate SDP capabilities as a feature to extend hybrid IT protected accessibility and thus minimise added expenditure as well as potential policy gaps, gateway sprawl and management overhead.
Automated, consolidated and unified threat detection that scans content across various apps, can identify threat in one EC&C app and immediately understand how to prevent it in a different vector.
Organisations' DR can sit on physical data centres, on physical data centres but with DR solution in the cloud, or both their data centre infrastructure and DR can be cloud-based. Each approach has its pros and cons...
To develop a comprehensive threat identification & defence strategy get your full digital footprint; digital assets you own, those you don't, & those that are attacker-owned, but associated with your company.
When SS7 was created for mobile network operators (MNOs) to exchange data there were few telephony networks, all presumed to act responsibly. Now there are hundreds, with nobody to track whether these SS7 messages are genuine.
runC vulnerability granting root access hits containers ecosystem. Here's what you need to know and how to fix it.
The most important use case for the technology is businesses protecting access to their own servers. Any laws or technical interference that made this impossible would make it harder to run a business.
As the global gaming community expands its audience on YouTube and Twitch it gathers ever more sensitive data - login credentials, banking details, card numbers - driving a need for innovative security.
Attribution remains the only way to identify & prosecute attackers. Knowing who attacked you can indicate potential objectives, methods of infiltration, and even points of compromise & covert comms channels.
Many types of organisations can end up finding themselves on the receiving end of nation-state sponsored insider threats as other countries seek to access valuable trade secrets and intellectual property.
Calls for 'cyber-sovereignty' are undeniably regressive; cyber-fragmentation & protectionism only help cyber-criminals. Governance of cyber-space should be by transnational institutions based on a global polity.
CISOs must strengthen their relationship with the CFO to secure the enterprise. Businesses can't operate on current levels of inaccuracy in estimating breach costs, nor will shareholders and customers tolerate it.
Segway...A form of transport ahead of its time - like cyber insurance? Insurers have no way of knowing how to compare a risk to a company in rural Canada vs. a company in Frankfurt, so how do they price it?
Organisations instead need to focus on what's really important: rather than securing the network, the focus needs to be on protecting the data itself.
Healthcare, & specifically the NHS, is a cyber-warfare target. Delayed patient referrals, investigations, & interventions can lead to anything up to death. More malicious attacks will focus on clinical data integrity.
Perfect (or near perfect) patching won't deliver 100% security, but gaps left by the tools used for patching. be it 5%, 10%, 15%, or more) represents 100%, of your organisation's vulnerability to known exploits.
5G speeds & capacity combined with edge devices will create new inter-connected edge-based networks that share & process information locally, creating new threat profiles not previously possible.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout
Why do cyber security breaches continue to dominate the news headlines?
Brought to you in partnership with CrowdStrike