Opinion
Opinion
Data breach incident management and recovery
-
Managing cyber risk through integrated supply chains
High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations Continue Reading
-
Security Think Tank: Optimising privacy, post-GDPR
Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise Continue Reading
-
Security Think Tank: A response to planned data protection changes
The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime Continue Reading
-
UK’s new data protection strategy risks costing business more than it gains
The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear Continue Reading
-
Security Think Tank: Managing data securely throughout its lifecycle
Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation Continue Reading
-
Supply chain cyber security is only as strong as the weakest link
A spate of high-profile cyber attacks has highlighted the criticality of supply chain security and put new pressures on security leaders. How can we ensure that cyber security remains robust down the full length of supply chains? Continue Reading
-
How the cyber security market is evolving
The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments? Continue Reading
-
The ransomware debate – to pay or not to pay?
The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith Continue Reading
-
Security Think Tank: Data privacy not in isolation, but on a spectrum
The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey Continue Reading
-
Five tips to ensure your crisis comms plan is ready for a cyber attack
Business leaders take note: standard crisis communications plans are inadequate if you have fallen victim to a cyber attack. HPL’s Ted Birkhahn shares five tips to make sure you are ready to face the public Continue Reading
-
The Secret IR Insider’s Diary: It’s all gone quie...
The ‘Q’ word isn’t one that’s really used in incident response, says the Secret IR Insider, largely because as soon as you use it, something happens Continue Reading
-
Professionals need protection from the Computer Misuse Act
The UK needs cyber legislation fit for the 21st century, so it is important for the industry to get behind the government’s proposed reform of the Computer Misuse Act Continue Reading
-
Ethical hacking: What, why, and overcoming concerns
We find out why and how hitting your own business with a cyber attack can help improve security Continue Reading
-
Banking tech fraud: How to trace and recover your money
Even when stolen assets are sent offshore, the special powers of the English civil court system mean all may not be lost Continue Reading
-
How CIOs can help their organisations accelerate digital transformation
Companies need to win the trust of their customers to gather the data they need to transform their businesses Continue Reading
-
Long-term thinking is vital to secure UK’s critical infrastructure
To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie Continue Reading
-
Security Think Tank: ‘Legitimate interest’ crucial for vaccine passports
What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
The Secret IR Insider’s Diary – from Sunburst to DarkSide
From dealing with SolarWinds fallout to ransomware attacks, it’s been a busy few weeks for the Secret IR Insider, but they've picked up some new tricks along the way Continue Reading
-
Security Think Tank: Vaccine passports cannot be taken lightly
What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind? Continue Reading
-
What has a year of home working meant for the DPO?
Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months Continue Reading
-
Security Think Tank: Evolving threats, tech, leaves CNI exposed
In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: Attacks on CNI – an evolving frontier in warfare
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: Back to square one – ground-up CNI protection
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: Properly protecting CNI demands specificity
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: Take a realistic perspective on CNI cyber attacks
In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Security Think Tank: CNI operators must focus on core issues
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
EncroChat ruling has ‘far-reaching effects’ for legal role of interception in UK investigations
The computer forensic experts involved in the review of police use of data hacked from the ultra-secure EncroChat phone network assess the impact of the Appeal Court ruling on future legal use of intercept evidence Continue Reading
-
Security Think Tank: CNI operators are in an unenviable position
In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them? Continue Reading
-
Why the London Data Charter could be a foundation stone in the city’s recovery
London First’s director of connectivity and competitiveness, David Lutton, explains why data is at the core of the capital’s recovery plan Continue Reading
-
Why your business needs SOC as a service
Security in the digital era demands that businesses monitor their entire IT estate and resolve all alerts, but for many organisations the most effective way of doing that is SOCaaS Continue Reading
-
Security Think Tank: Biden must address insider security threat first
As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ... Continue Reading
-
The ransomware routine: pages from the Secret IR Insider’s diary
The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided Continue Reading
-
Security Think Tank: Cyber effectiveness, efficiency key in 2021
After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ... Continue Reading
-
Security Think Tank: Integration between SIEM/SOAR is critical
SIEM and SOAR share much in common but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading
-
Security Think Tank: Essential tools to mitigate double extortion attacks
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ... Continue Reading
-
Security Think Tank: Safeguarding PII in the current threat landscape
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ... Continue Reading
-
Security Think Tank: Essential tools to mitigate data loss and identity theft
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ... Continue Reading
-
Security Think Tank: Adapting defences to evolving ransomware and cyber crime
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ... Continue Reading
-
Security Think Tank: What you need to know about addressing the doxing threat
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ... Continue Reading
-
Security Think Tank: Tighten data and access controls to stop identity theft
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ... Continue Reading
-
What are the latest GDPR security breach enforcement trends?
A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR Continue Reading
-
Security Think Tank: Ignore AI overheads at your peril
Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the... Continue Reading
-
Australian government has failed on cyber security
The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries Continue Reading
-
A view from the SOC: Maintaining security capabilities during the pandemic
What are the challenges of maintaining security event and incident detection capabilities in these challenging times? Continue Reading
-
Australia is painting a big red cyber target on its critical infrastructure
Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems Continue Reading
-
Identification and access management: some possible futures
Learn about how we might be using our heartbeats, brainwaves and eye movements to unlock our mobiles in the future Continue Reading
-
Security Think Tank: Burnt out CISOs are a huge cyber risk
Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout? Continue Reading
-
Security Think Tank: Create healthy habits to avoid burnout
Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security professionals manage their increased workload, safeguard their mental well-being and avoid burnout? Continue Reading
-
Why you should think before you Zoom
Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential Continue Reading
-
A legal perspective on data breaches and home working
Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification Continue Reading
-
JavaScript skimmers: An evolving and dangerous threat
Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving Continue Reading
-
Why ‘no breach’ is bad news for your compliance
You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case Continue Reading
-
The greatest contest ever – privacy versus security
Examining the technical, legal and ethical challenges around the privacy versus security debate Continue Reading
-
Security Think Tank: Zero trust is complex, but has rich rewards
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: No trust in zero trust need not be a problem
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Zero trust – just another name for the basics?
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Bug bounties are changing the image of hackers
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Teens in basements don’t represent a positive security culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Learning from the Travelex cyber attack: Failing to prepare is preparing to fail
The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department Continue Reading
-
Security Think Tank: Changing attitudes to cyber is a team sport
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Hero or villain? Creating a no-blame culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Get your users to take pride in security
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Let’s call time on inciting fear among users
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Put information at the heart of security
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Data-centric security requires a holistic approach
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Data-centric security requires context and understanding
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Top tips for avoiding and dealing with data breaches
Been hacked, lost a laptop or sent an email to the wrong address? Do you need to notify anyone and what should you do? Find out in this simple guide Continue Reading
-
Security Think Tank: Risk-based response critical to protect data
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Is data more or less secure in the cloud?
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Cyber security: How to avoid a disastrous PICNIC
Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading
-
Security Think Tank: Risk management must go beyond spreadsheets
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Security Think Tank: Risk is unavoidable in digital transformation
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Why investment is needed in the cyber insurance market
The number of cyber insurance policies on offer is beginning to grow, but insurers still have a long way to go to develop policies that address market concerns Continue Reading
-
Making threat intelligence greater than the sum of its parts
Organisations can become more secure if they join up their varied sources of intelligence about business threats, and avoid losing valuable information within individual silos Continue Reading
-
Security Think Tank: Proper segregation is more important than ever
What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome? Continue Reading
-
Security Think Tank: Surviving the existential cyber punch, part 3
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Surviving the existential cyber punch part 2
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Aim for integrated resilience, continuity and recovery
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Incident response vital to guard against catastrophic cyber attack
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: BC/DR plan key to cyber attack survival
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: How to reduce the impact of a potential cyber extinction event
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Is it true you can't manage what you don't measure?
What should be the key cyber security risk indicator for any business? Continue Reading
-
Making the UK the safest place to live and work online
Government, industry and individuals all have to play their part in enhancing cyber security practices Continue Reading
-
Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
Cyber security – why you’re doing it all wrong
Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong? Continue Reading
-
Why businesses must think like criminals to protect their data
Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place Continue Reading
-
Australian firms need to move faster in the digital age
Just over a tenth of IT professionals in Australia say their companies can roll out a new product in less than three months, despite operating in fast-moving markets with digitally savvy customers Continue Reading
-
Europe’s shameful role in spy-tech exports that led to torture and jail
Governments in Europe actively assisted in government oppression in Iran, Bahrain and Russia by providing states with sophisticated surveillance equipment. The European Parliament is pressing for changes in the law to restrict exports of ... Continue Reading
-
Security Think Tank: Automating basic security tasks
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
Zero in on your zero-day vulnerabilities
A zero-day attack comes, by definition, out of the blue. You cannot predict its nature or assess how much damage it might cause, but you can take some basic steps to protect yourself from a potentially crippling cyber strike Continue Reading
-
What to do first when hit by a cyber attack
What actions should organisations take if they suspect they have suffered a cyber security incident? Continue Reading
-
Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition
Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon Continue Reading
-
The problem with passwords: how to make it easier for employees to stay secure
An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading
-
Life’s a breach: How to handle the press after a hacking attack
Emily Dent, specialist in crisis PR, offers some advice to organisations that unexpectedly find themselves in the headlines Continue Reading