Risk News, Articles and Updates

Embrace chaos: different cyber-security narrative needed to inspire action

As an industry we need to change the hunter-hunted narrative altogether if we're to inspire the kind of proactive approach to cyber-security which organisations desperately need. We must run with the bulls, not wait to react.

Evolving technologies will allow managing cyber risk (rather than threat)

Buying in cyber-risk-management-as-a-service will let companies manage cyber-risk like any other risk, achieving visibility, incorporating cyber-security into the core of product and service design plus facilitating cyber-insurance.

Update: Subdomain flaw puts users at risk

Security researchers are reporting a phishing attack technique which hackers may be using in the wild, and could put websites at risk of attack.

Cyber-security in M&As: Managing the risk of network integration

M&As require integration of thousands of IT assets and systems onto a single, hybrid network, with unknown cyber-risks, and other complicating factors such as legacy systems or contrasting IT guidelines and security policy.

What will it take for the C-suite to care about cyber-threats?

Only a third of British businesses have a financial plan in place in case of a cyber-attack. Research from Lloyds Bank reveals only half of companies contemplate the risks of a cyber-attack at board level.

Beyond the Hype of Spectre and Meltdown: Three steps to mitigate risks

CIOs can increase protection by supporting a standardised, risk-based approach to managing vulnerabilities: determine criticality, prioritise based on risk, not hype, and fix using a conservative mitigation approach.

Review your IT supplier contracts to reflect changing technology & GDPR

GDPR: There are 90 or so clauses that should now be present in a supplier contract and these can be categorised under three main headings: service, legal, and cost. Data security is one of the weakest contract areas.

If your vendor is breached, you are too

Half of companies surveyed suffered a third-party data breach - Why? One possible answer is that the relative costs of breaches - especially the very high-profile ones - aren't painful enough long-term to prompt a major security overhaul.

How cyber-security can embed a sustainable privacy operating model

A risk-based approach to security is central to complying with GDPR. Article 32 requires that the measures taken by organisations must provide a level of security appropriate to the risk.

Breaking the log jam - data for informed cyber-insurance

The problem of cyber-insurance is lack of data for understanding risk: but third party technologies can measure and quantify the defensive state and breach risk of each organisation by using standardised, repeatable yardsticks.

UK manufacturers often outdated & highly vulnerable to cyber-threats

More than 80 UK manufacturing plants have faced cyber-incidents, yet many use old systems and lack the visibility, tools or manpower to carry out cyber-risk assessments. Are manufacturers fighting a losing battle?

In security, free isn't always easy

If you can't dedicate the time to meet your free tool halfway, then it may be best to look to an alternative solution.

The impact of security on brand perception

Unsurprisingly, online security breaches can severely undermine the trust that a consumer places in a brand, with over 76 percent of UK consumers stating that they have a more negative opinion of a brand following a security breach.

Securing the supply chain: Why people are the key to managing risk

Organisations must begin efforts to secure the supply chain by first understanding their own position in it, and that of the multitude of "supply chains within supply chains" that may exist around them, managing that risk.

Cyber-due diligence demanded for mergers, acquisitions, & cyber readiness

Given the potential the impact a significant data leak could have on the valuation of a target company, M&A practitioners must appreciate that organisations should do whatever is necessary to preserve the value of their deals.

IP Expo: GDPR - "All of us will carry a quantum of illegality"

GDPR is built on the assumption that people are better prepared than they are, so we will fail to comply, therefore take a risk-based approach and focus on the things that matter.

Risk management to strategic resilience: The evolution of cyber-security

CISOs do indeed need to articulate cyber risk to the board in a business context, but equally, the board need to get a better grasp of cyber and prioritise criticality of security integrity vs continuity of service vs profitability.

Is the ubiquity of technology putting corporate security at risk?

With growing demand from employees for their workplace to be flexible and allow them to work remotely, this is expected to coincide with a rise in cloud-based SaaS apps, so security teams are set to be struggling with maintaining a watchful eye over where company information has gone to.

Microservices - specific security issues and how to address them

Owen Garrett discusses microservices and how it poses its own security risks then delves into options as to how we can mitigate them.

John Negron and Jennifer Johnson join Tenable Network Security team

John Negron and Jennifer Johnson have joined Tenable Network Security as chief revenue officer and chief marketing officer, respectively.

Company boards and management becoming more engaged with cyber-risks

Survey from consulting firm shows there is still much work to do to identify and protect the 'crown jewels' of mission critical data.

How to reduce the complexity in cyber-security - focus on priorities

Garry Sidaway advises businesses on how to reduce security complexity and the need to focus on what's important such as making cyber-security a business issue and assessing risk exposure.

Never stop learning - the need for a risk-based approach to cyber-security

Kristine Olson-Chapman advises senior executives and IT security professionals on how to manage the challenges of cyber-security by using a risk-based approach

New study reveals that numerous UK businesses are unprepared for a cyber-attack

Andrew Dalglish explains the potential risk for UK businesses as a result of so many not being prepared for an attack, plus looks at common weaknesses in current cyber-security and how they might be overcome.

Millions of nodes detected that shouldn't be exposed to public network

Major risk of hack attacks against databases are possible due to millions of systems on the internet that offer services which should not be exposed to the public.

75% of UK consumers won't do biz with a company that has been hacked

Three quarters of UK consumers would stop doing business or cancel memberships with an organisation if it was hacked.

80% of retailers take payment card details by phone in unsecure ways

Over a third of people have heard friends, colleagues and even strangers sharing their full credit and debit card details in public while on the phone.

Number one risk to the broader economy is cyber-risk

Cyber-risk remains the number one overall concern of the financial industry to the broader economy.

Short term gain, long term pain: Avoiding IoT security shortcuts

In the rush to be first to market many organisations overlook basic IoT security principles, putting users at risk. Thomas Fischer urges, take time to build robust security protocols into products, rather than trying to retroft them.