Shockingly, many, organisations are still struggling to take action from the lessons learned from WannaCry and 40 percent of UK frontline IT workers believe their organisation is even more exposed today.
OEMs don't have the luxury of passing off failures like Meltdown and Spectre to customers as it impacts reputation and revenues. However, there are steps organisations can take to help protect both their business and customers.
There are still many high-profile cases of WannaCry infiltrating large organisations around the globe, and unless organisations learn the lessons of last year, we will see a WannaCry 2.0.
The prospect of a cyber-attack on any organisation can be very daunting. However, if you have the processes, contacts and a strong response plan at the ready, the situation can be dealt with much more effectively.
The PyeongChang 2018 Olympic Winter Games closes this weekend, having been repeatedly targeted by malicious cyber-attacks, along with several organisations associated with the Games. But the threat is far from over.
Using a piecemeal "set and forget" approach to maintaining your DNS security puts your business at risk of cyber-attack. It is akin to closing the vault door, but not checking that it has actually been locked!
Gérard Collomb Ministre de l'Intérieur de France: France is currently developing its five year strategy to fight cyber-crime on a large scale. The new ambition is to protect France. 800 extra police dedicated to cyber. Increased spend.
At the 10th Forum International de la Cybersecurite in Lille, France, this week the key themes were cooperation and resilience - with the former - pan-European, global, cross sector, public and private, to achieve the latter.
Cyber-security maturity (CSM) measures the effectiveness of the process that support cyber-security and improve these consistently over time, ensuring a proper focus on cyber-security over time, not just waiting for the next crisis.
Information security systems are hit by power outages along with every other electrical driven system, and if that puts you back to default settings, make sure you have a routine to fix it - and ideally back up to prevent it happening.
Truly resilient IT plans combine security and recovery so in the event an attack does infiltrate the firewall, it is critical that organisations have a plan that allows for rapid recovery and business operations as usual as quickly as possible.
The 'CIA' approach - Confidentiality, Integrity, Availability - is regarded as the pinnacle of data security. Of these, perhaps the most important component is 'Availability' says Dirk Paessler.
Learning by doing. If you don't have - and practice - a breach recovery plan, then a simulation exercise can demonstrate why you should have one, identify your weak spots, and encourage you to take action to plug the holes.
The most fundamental thing new Defence Secretary Gavin Williamson can do is to lead from the front and foster a nationwide culture of resilience, publicly champion government initiatives and share the lessons of best practice.
For those businesses that want to reduce the brand risk of cyber-attack, Marc Lueck says more emphasis on recovery is the easiest place to start. It will also go a long way to future proofing organisations against upcoming threats.
A ransomware encrypted desktop computer is enough to make you Wannacry, but the techniques and tools hackers need to make hostages of cloud services and data are already in the wild argues Mimecast CTO Neil Murray.
Cyber resilience week is on now with a range of events promoting cyber-resilience leadership, while the same week also sees a range of Israeli cyber-security start ups offering major enterprises cyber security solutions.
CISOs do indeed need to articulate cyber risk to the board in a business context, but equally, the board need to get a better grasp of cyber and prioritise criticality of security integrity vs continuity of service vs profitability.
PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."
Recent cyber-attacks reveal how vulnerable organisations are and that those who actively manage security have limited damage and recovered fastest says Matthias Maier
It's not about being hack-proof says Massimo Merlo.... this is virtually impossible. Rather, you should make your security as robust as possible and ensure your backups are not solely located on your network.
According to a new report, there is a need for stronger cyber-resilience culture across organisations and a focus on the human aspects of the threat and cyber-disruptions posed by phishing and social engineering.
Treasury Committee member Steve Baker MP questioned the FCA about the lack of IT expertise on the board of directors, saying it was crucial to understanding complex banking systems.
Its not security awareness, but changing behaviour that's the problem, and it takes time and effort to get it right delegates were told at InfoSec 2016.
Report examines how the direct and indirect economic costs accrue for a hypothetical cyber-attack on the UK's critical national infrastructure.
Study of 450 UK IT and security professionals uncovers insufficient planning and lack of clear ownership as major inhibitors to achieving cyber resilience.
It's Security Serious Week, a campaign designed to bring industry experts together to make others more serious about cyber-security.
FireEye's EMEA president, Richard Turner discusses its new Advanced Threat Report