Resilience News, Articles and Updates

WannaCry one year on - has anything changed?

Shockingly, many, organisations are still struggling to take action from the lessons learned from WannaCry and 40 percent of UK frontline IT workers believe their organisation is even more exposed today.

Botched firmware patches: Six tips to avoid the pain

OEMs don't have the luxury of passing off failures like Meltdown and Spectre to customers as it impacts reputation and revenues. However, there are steps organisations can take to help protect both their business and customers.

WannaCry is now a year older - but are we a year wiser?

There are still many high-profile cases of WannaCry infiltrating large organisations around the globe, and unless organisations learn the lessons of last year, we will see a WannaCry 2.0.

A step through guide on how to mitigate a cyber-attack

The prospect of a cyber-attack on any organisation can be very daunting. However, if you have the processes, contacts and a strong response plan at the ready, the situation can be dealt with much more effectively.

Winter Olympics cyber attacks - they thought it was all over

The PyeongChang 2018 Olympic Winter Games closes this weekend, having been repeatedly targeted by malicious cyber-attacks, along with several organisations associated with the Games. But the threat is far from over.

The how and the why: carrying out a comprehensive DNS audit

Using a piecemeal "set and forget" approach to maintaining your DNS security puts your business at risk of cyber-attack. It is akin to closing the vault door, but not checking that it has actually been locked!

FIC 2018: Defending France - 5 year plan to operate on a larger scale

Gérard Collomb Ministre de l'Intérieur de France: France is currently developing its five year strategy to fight cyber-crime on a large scale. The new ambition is to protect France. 800 extra police dedicated to cyber. Increased spend.

FIC 2018: Cooperation key to security Europe-wide

At the 10th Forum International de la Cybersecurite in Lille, France, this week the key themes were cooperation and resilience - with the former - pan-European, global, cross sector, public and private, to achieve the latter.

Review: Best practices for measuring and tracking cyber security maturity

Cyber-security maturity (CSM) measures the effectiveness of the process that support cyber-security and improve these consistently over time, ensuring a proper focus on cyber-security over time, not just waiting for the next crisis.

The potential costs of a power cut on businesses

Information security systems are hit by power outages along with every other electrical driven system, and if that puts you back to default settings, make sure you have a routine to fix it - and ideally back up to prevent it happening.

The key to IT resiliency: security and disaster recovery working together

Truly resilient IT plans combine security and recovery so in the event an attack does infiltrate the firewall, it is critical that organisations have a plan that allows for rapid recovery and business operations as usual as quickly as possible.

Protecting data against attacks - cyber and otherwise

The 'CIA' approach - Confidentiality, Integrity, Availability - is regarded as the pinnacle of data security. Of these, perhaps the most important component is 'Availability' says Dirk Paessler.

News feature: Simulated attack, lessons learned on all sides

Learning by doing. If you don't have - and practice - a breach recovery plan, then a simulation exercise can demonstrate why you should have one, identify your weak spots, and encourage you to take action to plug the holes.

What the UK needs from its new Defence Secretary in the cybersphere

The most fundamental thing new Defence Secretary Gavin Williamson can do is to lead from the front and foster a nationwide culture of resilience, publicly champion government initiatives and share the lessons of best practice.

InfoSec problems? Listen to your CISO, put more emphasis on recovery

For those businesses that want to reduce the brand risk of cyber-attack, Marc Lueck says more emphasis on recovery is the easiest place to start. It will also go a long way to future proofing organisations against upcoming threats.

Ransomware rumblings in the cloud: stormy weather predicted

A ransomware encrypted desktop computer is enough to make you Wannacry, but the techniques and tools hackers need to make hostages of cloud services and data are already in the wild argues Mimecast CTO Neil Murray.

UK cyber-resilience week now on, plus TeXchange with Israeli Tech Hub

Cyber resilience week is on now with a range of events promoting cyber-resilience leadership, while the same week also sees a range of Israeli cyber-security start ups offering major enterprises cyber security solutions.

Risk management to strategic resilience: The evolution of cyber-security

CISOs do indeed need to articulate cyber risk to the board in a business context, but equally, the board need to get a better grasp of cyber and prioritise criticality of security integrity vs continuity of service vs profitability.

100% of breached PCI certified companies failed PCI compliance audit

PCI DSS compliance doesn't guarantee security, but half of PCI certified companies aren't compliant which does indicate vulnerability to cyber-attack. "It's not a project, it's a programme - something you need to maintain."

Organisations must wake up and ensure they actively manage cyber-security

Recent cyber-attacks reveal how vulnerable organisations are and that those who actively manage security have limited damage and recovered fastest says Matthias Maier

How availability & 'cyber-insurance' make for prudent business planning

It's not about being hack-proof says Massimo Merlo.... this is virtually impossible. Rather, you should make your security as robust as possible and ensure your backups are not solely located on your network.

Organisations need stronger cyber-resilience to counter cyber-threats

According to a new report, there is a need for stronger cyber-resilience culture across organisations and a focus on the human aspects of the threat and cyber-disruptions posed by phishing and social engineering.

Financial Conduct Authority rapped for lack of cyber experts on board

Treasury Committee member Steve Baker MP questioned the FCA about the lack of IT expertise on the board of directors, saying it was crucial to understanding complex banking systems.

InfoSec 2016: Get staff onside to build a security culture

Its not security awareness, but changing behaviour that's the problem, and it takes time and effort to get it right delegates were told at InfoSec 2016.

£442 billion potential loss in UK power sector cyber-attack

Report examines how the direct and indirect economic costs accrue for a hypothetical cyber-attack on the UK's critical national infrastructure.

New research reveals 71 percent of UK organisations not cyber-resilient

Study of 450 UK IT and security professionals uncovers insufficient planning and lack of clear ownership as major inhibitors to achieving cyber resilience.

Are you serious about cyber-security? Security Serious Week opens

It's Security Serious Week, a campaign designed to bring industry experts together to make others more serious about cyber-security.

Don't spend more, spend better: Interview with FireEye's Richard Turner:

FireEye's EMEA president, Richard Turner discusses its new Advanced Threat Report