As an industry we need to change the hunter-hunted narrative altogether if we're to inspire the kind of proactive approach to cyber-security which organisations desperately need. We must run with the bulls, not wait to react.
Buying in cyber-risk-management-as-a-service will let companies manage cyber-risk like any other risk, achieving visibility, incorporating cyber-security into the core of product and service design plus facilitating cyber-insurance.
Security researchers are reporting a phishing attack technique which hackers may be using in the wild, and could put websites at risk of attack.
M&As require integration of thousands of IT assets and systems onto a single, hybrid network, with unknown cyber-risks, and other complicating factors such as legacy systems or contrasting IT guidelines and security policy.
Only a third of British businesses have a financial plan in place in case of a cyber-attack. Research from Lloyds Bank reveals only half of companies contemplate the risks of a cyber-attack at board level.
CIOs can increase protection by supporting a standardised, risk-based approach to managing vulnerabilities: determine criticality, prioritise based on risk, not hype, and fix using a conservative mitigation approach.
GDPR: There are 90 or so clauses that should now be present in a supplier contract and these can be categorised under three main headings: service, legal, and cost. Data security is one of the weakest contract areas.
Half of companies surveyed suffered a third-party data breach - Why? One possible answer is that the relative costs of breaches - especially the very high-profile ones - aren't painful enough long-term to prompt a major security overhaul.
A risk-based approach to security is central to complying with GDPR. Article 32 requires that the measures taken by organisations must provide a level of security appropriate to the risk.
The problem of cyber-insurance is lack of data for understanding risk: but third party technologies can measure and quantify the defensive state and breach risk of each organisation by using standardised, repeatable yardsticks.
More than 80 UK manufacturing plants have faced cyber-incidents, yet many use old systems and lack the visibility, tools or manpower to carry out cyber-risk assessments. Are manufacturers fighting a losing battle?
If you can't dedicate the time to meet your free tool halfway, then it may be best to look to an alternative solution.
Unsurprisingly, online security breaches can severely undermine the trust that a consumer places in a brand, with over 76 percent of UK consumers stating that they have a more negative opinion of a brand following a security breach.
Organisations must begin efforts to secure the supply chain by first understanding their own position in it, and that of the multitude of "supply chains within supply chains" that may exist around them, managing that risk.
Given the potential the impact a significant data leak could have on the valuation of a target company, M&A practitioners must appreciate that organisations should do whatever is necessary to preserve the value of their deals.
GDPR is built on the assumption that people are better prepared than they are, so we will fail to comply, therefore take a risk-based approach and focus on the things that matter.
CISOs do indeed need to articulate cyber risk to the board in a business context, but equally, the board need to get a better grasp of cyber and prioritise criticality of security integrity vs continuity of service vs profitability.
With growing demand from employees for their workplace to be flexible and allow them to work remotely, this is expected to coincide with a rise in cloud-based SaaS apps, so security teams are set to be struggling with maintaining a watchful eye over where company information has gone to.
Owen Garrett discusses microservices and how it poses its own security risks then delves into options as to how we can mitigate them.
John Negron and Jennifer Johnson have joined Tenable Network Security as chief revenue officer and chief marketing officer, respectively.
Survey from consulting firm shows there is still much work to do to identify and protect the 'crown jewels' of mission critical data.
Garry Sidaway advises businesses on how to reduce security complexity and the need to focus on what's important such as making cyber-security a business issue and assessing risk exposure.
Kristine Olson-Chapman advises senior executives and IT security professionals on how to manage the challenges of cyber-security by using a risk-based approach
Andrew Dalglish explains the potential risk for UK businesses as a result of so many not being prepared for an attack, plus looks at common weaknesses in current cyber-security and how they might be overcome.
Major risk of hack attacks against databases are possible due to millions of systems on the internet that offer services which should not be exposed to the public.
Three quarters of UK consumers would stop doing business or cancel memberships with an organisation if it was hacked.
Over a third of people have heard friends, colleagues and even strangers sharing their full credit and debit card details in public while on the phone.
Cyber-risk remains the number one overall concern of the financial industry to the broader economy.
In the rush to be first to market many organisations overlook basic IoT security principles, putting users at risk. Thomas Fischer urges, take time to build robust security protocols into products, rather than trying to retroft them.