Connecting industrial control systems to internal and external networks is no doubt a boon to productivity but is also posing an increasing threat to our critical national infrastructure.
The cyber-security industry needs to be more active in encouraging young people to enter the industry to help plug the yawning skills gap.
The investment community is keen to back cyber-security startups that can provide innovative solutions to address the skills gap and counter the growing sophistication of attackers.
Identity management is too important and too sensitive to be left to in-house developers and should instead be outsourced to specialist developers.
Following the enactment of the General Data Protection Regulation, very little seems to have changed in the way businesses act to protect data and monitor their compliance with the law.
Despite suffering a widely publicised vast data breach Ashley Madison still continues to be a leader in infidelity dating. But how do you shake off the data breach, and create a new and trustworthy site?
Choosing the absolute top priority is pretty easy. Data on employees and customers. Then think about tier two priorities, order & communicate them organisation-wide & resource for the company's overall health.
Back-up files sent to the cloud can be intercepted in transit and with more sensitive information such as client data, usernames and passwords in the cloud - the pay-off for cyber-criminals could be huge.
Not all mobile multi-factor authentication methods are equal. The best should make use of more than one additional factor, so if a code is intercepted or a device lost, access isn't compromised.
Board members and IT decision-makers need to ask themselves the key question; is it better to be justifying IT security measures and expenditure before an incident, or justifying your job after one?
Password managers' unique ability to manage multiple passwords, across multiple devices securely, is a game changer, and recent use of an individual's biometric data further strengthens the level of security.
A cloud access security broker (CASB) is a software tool that protects data when it is uploaded to the cloud, downloaded to devices, or at rest within the cloud. It acts as a gatekeeper, controlling data flow.
Autonomous vehicles are essentially software platforms attached to, and controlling, hardware that lets them move from place to place, they are vulnerable to the same hacking as other connected devices.
The cyber-landscape has evolved immeasurably since the emergence of malware; methods of measuring the organisation-wide impact of cyber-security have not, so are we actually asking the right questions?
With 50 percent of network attacks predicted to come over channels encrypted using SSL/TLS encryption, many firewalls, IDS, DLP and endpoint protection solutions will be effective, at most, only half of the time.
By Matt Lock, Director of Sales Engineers (UK) at Varonis
Outsourcing security and setting up a framework to help reduce risk, optimise costs and protect company and client data against the very real threats of cyber attacks.
Most of us do not scrutinise our mobile devices to anywhere near the same extent as we do a PC. We need to be aware of the heightened risks during the holiday period & take action to protect employees.
As businesses move toward microservices architecture and a cloud-based application model, it's critical to also adopt the next generation of stricter cloud-native databases which overcome earlier challenges.
Phishing sent to staff email addresses is used to steal login credentials; hackers then pivot into the OT network & destroy or take over poorly protected devices by cloning or corrupting software or firmware.
SME Series is aimed at small business owners rather than cyber-security professionals at enterprises. Here we provide 10 basic steps to protect your website and four tools that can be used.
CISO: Chief Information Security Officer or 'Career Is Seriously Over'? The increasing responsibility taken on by a CISO and the heightened risks associated with the role has put it firmly in the industry spotlight.
Why privacy and data protection by design and default is critical to ensuring effective data protection.
Over the past decade, cyber-security tools have gotten very good at picking up on hints that a system or network might be compromised by attackers. Perhaps a little too good.
28 percent of IT teams are not trusted to properly manage privileged credentials & often give out privileged credentials on request; once handed over without oversight or control they're within your attacker's reach.
Managing overlapping tools reduces business resilience as it produces additional complexity, creating confusion over which product or team holds the most accurate version of the truth.
Cryptojackers place significant strain on business resources; its even worse if multiple machines are infected and can be disastrous for servers in third party data centres getting large bursts of power usage.
Users bring consumer IoT devices to work every day, connect to corporate networks without alerting the IT department who have no idea how many are connected, if they're secure & what data is accessed.
Effective and up-to-date endpoint protection is a critical component to protect reputation & bottom line. Understanding the warning signs of outdated legacy versions can be the first big step to avoid a breach.
What boards need is key strategic advice; not tactical or operational guidance. Seven key strategies have been identified which, if ignored, will significantly expose an organisation to high levels of cyber-risks.
It's a major challenge for companies to prevent data that must stay in its original state for legal reasons from being changed, lost, or deleted if they don't actively manage their electronically stored information.
While a lot of businesses know the dangers of email phishing campaigns and train staff to spot attacks, many are less prepared to deal with the same tactics by phone.
By refocusing cyber-security role specifications to include practical skills and other traits that make individuals ideal for the role, the industry can begin to not only expand, but diversify their workforce too.
Unless data integrity is your problem, blockchain isn't your solution - even then it might not be. Blockchain participants hold a secret used protect their transactions and if a thief steals it, it's game over, as always.
Businesses need to fully embrace that insider-led breaches can come from anywhere in the company, at any time, and having a dedicated leader to oversee disparate departments is a savvy move.
Most attacks are random, not calculated, using easily available tools, making it much more worthwhile to build a picture of the malware trends growing in popularity than focussing on those distributing the threats.
Privileged identity & access management (PIM/PAM) solutions can lock down credentials used by vendors, give greater visibility and an audit trail of their actions with granular access controls on their IT networks.
SMiShing & spoofing to SIM swap attacks & Bluejacking, scammers are increasingly taking to mobiles to prey on trust; businesses, vendors & providers ultimately bear the responsibility of protecting their users.
Using blockchain to manage passenger identity & provide a single version of the truth on flight information for different airlines & airports could make your face your passport on all airlines and airports.
Articulating and quantifying risk enables the recognition of cyber as a business risk and not as just an operational/technical risk which enables the right stakeholder participation avoiding bolt-on point solutions.
What are the the best practices and processes that underpin the creation of a highly effective Computer Security Incident Response Team (CSIRT)? And how does the SOC fit in?
Companies should shift their security posture emphasis from defending against known external threats and instead limit damage by focussing on identifying attacks as quick as possible once they happen.
Projects go live as soon as they have passed testing; but a project is not finished when it works. It is finished when it is secure. In most breaches the evidence was there in the logs, but lost in the process.
If not properly secured at the network level then not only is a WiFi router itself liable to attack or hijacking, but every device connected to it is also vulnerable, no matter how secure (or not) the hardware is.
Rental scams are on the increase & BEC attacks against companies handling real estate transactions are up more than 1,100 percent in the last 3 years causing financial & reputational loss & legal costs.
More microservices deployed equals more independent development teams, application stacks, compute platforms, data centres & clouds involved, hence the attack surface and risk increases dramatically.
Money laundering goes hand in hand with other fraudulent behaviours such as phishing, malware, credit card fraud & business e-mail compromise.Businesses & financial institutions must adopt a layered defence
With a simple purpose of a single unit building, deploying and delivering software, DevOps revolutionised IT infrastructure. So why not bring these same concepts to security teams - SecOps?
When directly aligned to an organisation's core business operations, a detailed security strategy supported by all members of staff could help businesses pre-empt and resist the motivations and actions of a hacker.
Automating security as part of the CI/CD process allows DevOps teams to easily follow company security policies because they will be embedded into the automation pipeline.
Weds 21st Nov, 3pm
A practical risk-based approach to implementing GDPR and building a security-aware culture in your organisation.
Brought to you in partnership with Metacompliance
Mon 19th Nov
Brought to you in partnership with Mimecast