What are big tech companies doing with all the data they gather from customers every day? Companies should only store what they absolutely need, and the data that is collected needs to be protected.
Printers have all the same components as a PC, connecting directly into your IT infrastructure, but 48% of IT professionals don't include printers as a consideration within their endpoint security strategy.
In 2020 “A local government somewhere will ban public-sector ransomware payments,” suggested Markus Braendle, CEO, Airbus CyberSecurity. Now extrapolate that thought.
SaaS has become the best way for SMBs to gain a competitive advantage through cloud adoption, but also keep one step ahead of cyber-security threats in the wake of ‘big data’.
People have many online accounts, ranging from email & Facebook to online shopping & banking. Add up all of those accounts and the typical internet user's identity is worth about $1,200 or £987 to hackers
Kumar Ritesh, chairman and CEO at CYFIRMA, discusses the rising tide of data breaches in 2019, as SC Media UK collates the top 10 data breaches disclosed last year
A paradigm shift in security is needed to deliver insights into enterprise risks that surpass the perimeter, looking at how people & data come together & interact, rather than focusing on specific threats.
'Keep your friends close and your enemies closer': Why proactive threat intelligence is the key to protecting your organisation
Cyber-threats are evolving at such a pace that most threat data has a lifespan of around one month. If after that it still remains relevant, it should be incorporated into company policy.
Selecting the right encryption solution: For agencies & federal governments moving from Legacy MPLS to SDN or SD-WAN, there are many encryption solutions that can help. For example, Layer 4 encryption.....
Employees at smaller businesses have 85 passwords, compared 25 at larger companies who have more solutions to enable employees to access more apps with fewer passwords, including single sign-on.
Global risks are intensifying but the collective will to tackle them appears to be lacking. Instead, divisions are hardening. Why is multi-stakeholder cooperation so important to fight cyber-crimes and cyber-attacks?
Using biometrics, such as voice, not only enhances security but it also makes for a seamless customer experience. One in three already rely on biometrics technology - via fingerprint or facial biometrics.
"True knowledge exists in knowing that you know nothing" Socrates. Identifying a breach can be far more complex than many organisations anticipate, involving a coordinated cross-departmental response.
Having full visibility of all devices on a network is only the first step in putting in place adequate defences against disruptionware - whose real end goal is neutralising productivity.
A single quantum computer is more powerful than every supercomputer on the planet. Initially only nation states & big tech will have them, creating a power imbalance. Encryption upgrade is needed to stay safe.
Organisations are often quick to adopt software-defined networking in a wide area network (SD-WAN) without considering how their DDI (DNS, DCHP and IPAM) platforms must evolve as well.
Some organisations have developed a mature attack surface management programme, others are just starting on the journey, evaluating the scope of their programme and identifying where to start. Start here...
Blockchain, VPN, Zero trust - how this triumverate can greatly enhance your security posture.
Deepfakes are being used to produce falsified digital identities and ID documents. AI trained to spot fakes is pitting one AI engine against another to make the cost of 'superior AI' prohibitive for cyber-criminals.
The five top mitigation strategies organisations are undertaking to prepare for Quantum: monitoring, assessing crypto-agility, assessing risk, building knowledge, and building TLS best practices.
There is no sure-fire method of stopping ransom attacks, but strengthening business continuity and disaster recovery should be considered as a bigger part of the equation; paying up is no guarantee.
2018 saw a 424% increase in data breaches due to cloud misconfigurations caused by human error. Going forward, 99 percent of all firewall breaches will be caused by misconfigurations, not flaws
Predictions for the year ahead include DPO demand soars, Brexit data residency issues, inconsistent DP rulings, ransomware worse, cyber-insurance spike, audit and cert demand up
'Trust but verify' is finding itself slowly outmoded by a new term and technique - "zero trust" - which mandates that you don't trust any devices until their authenticity can be verified.
Blockchain's a significant upgrade over existing digital infrastructure.It can facilitate federated digital id, capture & log consumer consent for any transaction involving the collection, & share or store data.
Fight DNS attacks, implement 2FA and single sign-on; use strong authentication keys, restrict key usage; monitori; consider using an anycast DNS solution that is independent of your cloud, CDN or data centre.
Security is about traceability and that's the biggest benefit to DevOps. the only feedback that actually works in security is instant. Anything else skyrockets the cost and demolishes the success rate.
99% of cloud incidents go unnoticed. It is so easy to spin up large infrastructures, at scale, that organisations increase their attack surface at an unprecedented rate through automation mechanisms.
Though strategies may differ from test to test, whether you are using a white, black or grey box strategy, ultimately the goal is the same - identify any exploitable weaknesses before a malicious third party does.
There are very important differences between DNS over TLS (DoT) & DNS over HTTPS (DoH). Network operators are becoming concerned about the impact a lack of DNS visibility will have on their activities.
Lack of a common platform for deploying network security has prevented realising the same economic efficiency & agility for security solutions that virtualisation enables for enterprise datacentre applications.
Cyber-security practices are constantly improving, and increasing adoption of technologies like harder-to-crack multifactor authentication, cyber-criminals are similarly evolving.
Autonomous EDR can assemble data into a meaningful story using TrueContext and autonomously attribute each event on the endpoint to its beginning without any reliance on cloud resources.
Eradicate manual asset tracking via spreadsheets and implement an automated solution that can take ownership of these processes and empower IT teams to improve accuracy and security.
Up to 80% of NHS PCs need security patching before Windows 7 support ends on 14 January. Upgrade of current devices & software is needed; alternatvely efurbished devices come pre-installed with Windows 10
Smishing is often the scam that goes unnoticed. What's more - SMS open rates are as high as 98 percent so its important to ensure that omnichannel customer communications remain secure and 'smishing-proof'
Once the security of one link of the supply chain has been breached, the infiltrator can navigate to any other part of the chain. The only way to ensure supply chain security is to vet every link in your chain
So what is it like being a SOC analyst - and are you overwhelmed by the attacks and responsibilies, or fearful that AI is about to take your job away?
Many companies are doing themselves a disservice by using SIEM solutions to detect & prevent the most severe threats facing their organisations. User & entity behaviour analytics is an alternative solution.
It is important that the reports NEDs receive provide clear, strategic and straightforward information. The most useful reports are short summaries covering the three highest security risks facing the organisation.
It's impossible to stop steps in an attack - some inevitably happen. You have to anticipate people making mistakes. Your preventative measures have to be consistent & continuous across the environment.
"Working with ethical hackers enabled us to make more sense of the problems we were up against & come up with a solution that is cost-effective and means that our site and infrastructure are completely secure".
High-profile data breaches show us that encryption either did absolutely nothing to prevent hackers from infiltrating systems, or worse, helped disguise cyber-criminals wreaking havoc in organisations' systems.
The Government/NCSC published minimum cyber-security standards in 2018, now mandated, plus a target date of 2023 for public sector organisations to have adopted a 'gold-standard' cyber-security profile.
CNI defence via CAF: A principles-based approach provides organisations flexibility around how outcomes are achieved, and avoids a formulaic tick box exercise a more prescriptive approach may result in.
Bbiometric verification is fundamentally flawed when used as the first and only line of defence, typically at login level. Stolen details allow intruders to roam systems, taking unauthorised actions & gather data.
Apparently the average person says they'd be willing to spend over £20,000 to buy back their stolen information on the black market, yet few appear willing to implement best security practices.
User, app, & device are the new virtual perimeters, the internet the new corporate network. Security must be user & app-defined, not IP- and port-defined to provide & monitor access/activity based on context.
Cyber-security must be addressed across the entire ecosystem: proactive security planning that incorporates enterprise IT, cloud, & 3rd parties minimises the impact of cyber-threats & improves resiliency.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout