SMEs can start with the Cyber Essentials guide small businesses with the basics of cyber-security, including five key principles, but breaches still happen so ensure you also have a recovery plan.
Staff need to be equipped with both the tools and the basic knowledge needed to protect themselves from data breaches as security of the organisation relies heavily on temployee networks being safeguarded.
It's possible to recover the data from burnt/water damaged hard drives, broken memory cards, and shattered phones! Netlink Computer Inc (NCIX) had data breached via abandoned hardware.
Organisations should take action based on customised intelligence analysis and reporting to tackle the growing and evolving cyber-crime threats - outsourcing if necessary.
The most useful tool for the underground is the growing market of anonymity-focused cyber-currencies; law enforcement must disrupt the cycle and make cyber-crime riskier and less profitable.
Credential theft ubiquity has given rise to an entire industry of "post-breach" services for helping recover accounts and mitigate damage after breaches happen - but they don't tackle the root of the problem.
With a growing number of calls and collaborative sessions using VoIP on public and private networks, service providers are now being called upon to respond to enterprises' increasing concerns about security.
We must move beyond 'detect & protect' defences. 95% secure is not good enough. A significant shift is needed - in both mindset and R&D - to investigate and develop technologies that eliminate threats entirely.
Each new technology demands the invention of new coping strategies. The emerging internet of things (IoT) is radically changing where the network can exist, what it looks like, and how it must be managed.
Brexit will likely make it even harder to find skilled security staff, but AI-driven solutions can help take on the role of a SOC analyst and help provide expert advice on how to address security incidents.
Like football, cyber-security is a delicate balance between a solid defence and a targeted attack - every member of the team has a distinct, yet crucial role to play.
Security is now the most important component in choosing a video, messaging, or calling solution. The service needs to have a dedicated cloud that runs solely on internally developed software.
Red teaming simulates real-world cyber-attacks across the entire organisation, from breaching networks to accessing physical offices and devices, & lasts from weeks to months - much longer than pen-testing.
Don't let security fall apart at the SIEMs. How open source search can upgrade SIEM to fight modern threats
SIEM remains part of a broader security infrastructure & replacement, but its centralised security concept is evolving towards new demands for single platform security orchestration, automation & response.
Nation states aren't restricted to attacking other governments, and criminals share many of the same sophisticated capabilities as nation states. It is time for different approaches to protection to converge.
While Brexit is further driving cloud adoption, cloud-based business initiatives are accelerating faster than security organisations' ability to secure them.
NCSC's CyberUK 2019 conference provides a platform for 'Five-eyes': Vulnerability Disclosure Programmes (VDPs) explained & practiced, delegates told "Openness is the only way to build security."
Despite its clear benefits, some organisations aren't proactively undertaking network segmentation due to perceptions that it will introduce barriers to interdepartmental communication but this shouldn't be the case.
Many lower-level staff make the VAP (Very Attacked Person) list because of their access privileges to certain systems, the connections they have or because they're part of an internal approval process.
Integrating regular and up to date security training to educate employees will ensure they are aware of the most recent tactics used to target systems and what can be done to prevent them.
How identity verification can help mitigate the growing problem of money laundering, using the example of two European nations - the Czech Republic and Slovakia.
WebAuthn's combination of security and usability allows users to register and authenticate with web Apps using the device as the authenticator. Its an official W3C web standard for password-free logins.
It's only with software intelligence - full transparency into software structure - that the business and customers can be protected and strategic decisions can be made with confidence.
Digital transformation spending is set to reach £1.3 tn by the year end but to reap the rewards orgs need to collaborate efficiently & securely, maximise regulation adherence & ensure consumer data privacy rights.
DNS is one of the easiest protocols to access and widely used by hackers to exfiltrate data, but legacy security software and DNS being overlooked means data exfiltration often goes undetected.
Web App vulnerabilities rose 23% in 2018, with injections (SQL, code & object) up 267%; as demand for APIs grows further 2019 will see an increase in the discoveries of vulnerabilities in APIs, especially.....
Not all heroes wear capes but do know how to stay ahead in cybersecurity
Supported by an increasing number of new cameras, the PoE standard can deliver power to even high-end devices, making advanced monitoring systems available to a wider range of organisations.
Recent trends in technology and the workforce have introduced both challenges and opportunities in identity and access management
Your smartphone is a surveillance device, so what can be done to gain privacy?
Bringing rigor to risk analysis in cybersecurity, operational technology, and supply chain risk domains
No matter which risk area we're talking about, some common problems and themes emerge in assessing and managing risk.
Even small businesses get hacked, so you still need to think about data security.
People will want to know what data you have on them - time to get prepared!
Educational institutions are a high-value target for any cyber-criminal. Their data is highly valuable.
Knowing how vulnerable you are and how prepared you can be is key.
While attacks are on the slide, organisations still need to be on their guard.
Fingerprints offer a safeguard against human error and cyber threats
Backing up data is important should the worse happen.
Banks, hospitals and telecoms are attractive targets, so need a rethought security approach.
With hackers hitting SCADA systems, a little education can help in fending off attackers.
UK age verification for porn sites is coming - and blockchain offers the only secure digital solution
Is blockchain key to verifying the age and identity of internet users?
Today's challenges are driving many CISO's to struggle with issues of burnout.
GDPR has been in force for over a year, but can we ever overcome human error?
Only 16% of alerts are reliable, but security vendors who claim their solutions are AI when - in truth - they're not, often err on the side of caution, increasing false positives, creating an additional layer of noise.
So how predictable has 2019's cyber security landscape been and what can we expect in the year ahead that will shape how cyber-security develops?
Privacy first - until Zuckerberg's noble vision is finally realised, many will surely be taking an "I'll believe it when I see it" stance regarding Facebook's capability to truly and completely protect user privacy.
5G is a shift to higher data throughput and lower latency. Due to this combination the most significant impact of 5G will be its enablement of much larger, more far-reaching internet of things (IoT) projects.
By talking to other departments & understanding what really matters to them, positionw security teams to make decisions that will empower employees, transform and have a real impact on the business overall.
Is Zero Trust really achievable given the complexity in finance service organisations?
Brought to you in partnership with Forescout