Opinion
Opinion
Security policy and user awareness
-
Security Think Tank: Continuity planning doesn’t have to be complex
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading
-
Coronavirus and privacy – finding the middle ground
Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used Continue Reading
-
Why zero trust may not be all it’s cracked up to be
While they are discussed ad nauseam in the security industry, zero-trust architectures may not be all they’re cracked up to be, according to analyst Sam Bocetta Continue Reading
-
Security Think Tank: Amid panic, how to find a sound level of security
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading
-
Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading
-
Security Think Tank: A guide to security best practice for pandemics
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading
-
Security Think Tank: Coronavirus crisis helps put security in context
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances? Continue Reading
-
Security Think Tank: ID-driven security helps safeguard the workforce
In our globalised world, high-profile events such as Covid-19 have huge business impacts and some of these impacts may be felt by CISOs. What responsibilities do security pros have in such circumstances, and what steps can they take to shore up ... Continue Reading
-
Security Think Tank: Zero trust strategies must start small, then grow
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Ask yourself if zero trust is right for you
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: How zero trust lets you take back control
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ... Continue Reading
-
Security Think Tank: Practical steps to achieve zero trust
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Zero trust is complex, but has rich rewards
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: No trust in zero trust need not be a problem
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Zero trust is not the answer to all your problems
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
The fight against cyber crime: Why cooperation matters
With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today Continue Reading
-
Security Think Tank: Facing the challenge of zero trust
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Zero trust – just another name for the basics?
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Bug bounties are changing the image of hackers
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Teens in basements don’t represent a positive security culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think-Tank: Tackle insider threats to achieve data-centric security
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Learning from the Travelex cyber attack: Failing to prepare is preparing to fail
The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department Continue Reading
-
Security Think Tank: Hooded hackers? More like ruthless competitors
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Changing attitudes to cyber is a team sport
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Hero or villain? Creating a no-blame culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Get your users to take pride in security
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Let’s call time on inciting fear among users
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Put information at the heart of security
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Data-centric security requires a holistic approach
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
We can’t allow fake news and disinformation to upend our democracy
Fake news, misinformation and cyber attacks are part of our political process – now is the time to act Continue Reading
-
Security Think Tank: Data-centric security requires context and understanding
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Risk-based response critical to protect data
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Is data more or less secure in the cloud?
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: Time for a devolution of responsibility
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Optimise data-centric strategies with AI
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Cyber security: How to avoid a disastrous PICNIC
Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading
-
Security Think Tank: In-depth protection is a matter of basic hygiene
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Stopping data leaks in the cloud
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: Base cloud security posture on your data footprint
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: Cloud security is a shared responsibility
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security in the supply chain – a post-GDPR approach
A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security Continue Reading
-
What changes are needed to create a cyber-savvy culture?
PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture Continue Reading
-
Security Think Tank: Adapt security posture to your cloud model
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: The cloud needs security by design
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: Secure the cloud when negotiating contracts
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: In the cloud, the buck stops with you
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Security Think Tank: Embedding security in governance
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Security Think Tank: Focus on metrics to manage risk
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Security Think Tank: Embed security professionals in your risk strategy
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Security Think Tank: Risk management must go beyond spreadsheets
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Security Think Tank: Consider risk holistically, not just from an IT angle
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Small business guide: How to keep your organisation secure from fraudsters and hackers
Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters Continue Reading
-
Security Think Tank: The operational approach to integrated risk management
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Security Think Tank: Get basic security policy right, and the rest will follow
Paying attention to basic aspects of cyber security such as policy and permission will give you a sold base to build from Continue Reading
-
Security Think Tank: Risk is unavoidable in digital transformation
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Security Think Tank: Business needs to see infosec pros as trusted advisers
How can security professionals communicate effectively with the board and senior business leaders – what works and what doesn’t? Continue Reading
-
Joining the dots to deliver effective cyber security
In too many organisations, cyber security is dislocated and siloed. Security chiefs need to take a more joined-up approach, but that is likely to mean a rethink of how the security team operates Continue Reading
-
Making threat intelligence greater than the sum of its parts
Organisations can become more secure if they join up their varied sources of intelligence about business threats, and avoid losing valuable information within individual silos Continue Reading
-
Security Think Tank: Proper segregation is more important than ever
What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome? Continue Reading
-
Why cyber security needs to be prioritised at board level
Despite the rising number of headline-grabbing security breaches, many company executives are still not prioritising cyber security in the boardroom Continue Reading
-
Security Think Tank: Is it true you can't manage what you don't measure?
What should be the key cyber security risk indicator for any business? Continue Reading
-
Security Think Tank: Walk before you run
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? Continue Reading
-
Can we live without passwords?
Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve Continue Reading
-
Raising security awareness through phishing simulation – how to get it right
Testing employees’ security practices by sending fake phishing emails has become commonplace, but few organisations are conducting such exercises effectively Continue Reading
-
Security Think Tank: Combine tech, process and people to block malware comms
As attackers begin to use multiple command and control systems to communicate with backdoors and other malware, how can organisations ensure that they detect such methods and that all C&C systems are removed, including "sleepers" designed to be ... Continue Reading
-
Making the UK the safest place to live and work online
Government, industry and individuals all have to play their part in enhancing cyber security practices Continue Reading
-
Security Think Tank: A three-pronged approach to application security
What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack? Continue Reading
-
Security Think Tank: C-suite needs to drive outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
Everyone, everywhere is responsible for IIoT cyber security
Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive ... Continue Reading
-
Security Think Tank: Supplement security with an MSSP to raise the bar
What is the most practical and cost-effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
Security Think Tank: How to manage software vulnerabilities
What is the most practical and cost effective way for organisations to identify and remediate high-risk software vulnerabilities? Continue Reading
-
Information security risk – keeping it simple
Organisations should start with risk management to understand information security risks and communicate them better internally Continue Reading
-
Security Think Tank: A good password policy alone is not enough
In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
Security Think Tank: Cracking the code – what makes a good password?
In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
Security Think Tank: Some basic password guidelines
In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
Security Think Tank: Firms need to support good password practices
In the light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
Security Think Tank: How to create good passwords and add security layers
In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough? Continue Reading
-
Security Think Tank: Complex passwords provide a false sense of security
In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
Security Think Tank: Use pass phrases and 2FA to beef up access control
In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password – and when is a password alone not enough? Continue Reading
-
Security Think Tank: Put more layers around passwords to up security
In light of the fact that complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading
-
Cyber security – why you’re doing it all wrong
Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong? Continue Reading
-
Digital transformation is just business change
Don't always start with the technology if you're driving transformation, but always start with the business Continue Reading
-
Security Think Tank: Data controllers are essential in modern business environment
Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading
-
Security Think Tank: Data governance is good for business and security
Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading
-
Hacking the internet of things just got easier – it’s time to look at your security
Are you taking security for internet-connected devices seriously enough? Continue Reading
-
Security Think Tank: Five tips for killing the campers on your network
Why is reducing cyber attacker dwell time important and how should this be tackled? Continue Reading
-
Security Think Tank: Reducing cyber attacker dwell time is critical
Why is reducing cyber attacker dwell time important, and how should it be tackled? Continue Reading
-
Security Think Tank: Use good practice to address cryptojacking risk
How can organisations best defend against cryptojacking? Continue Reading
-
Security Think Tank: Cryptojacking can be costly
How can organisations best defend against cryptojacking? Continue Reading
-
Security Think Tank: Six tips for securing your organisation against cryptojacking
How can organisations best defend against cryptojacking? Continue Reading
-
Why businesses must think like criminals to protect their data
Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place Continue Reading
-
Security Think Tank: User vigilance key to cryptojacking defence
How can organisations best defend against cryptojacking? Continue Reading
-
Security Think Tank: Fileless malware not totally undetectable
What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading
-
Security Think Tank: Human, procedural and technical response to fileless malware
What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading
-
Security Think Tank: Use layered security and patch management to defeat fileless malware
What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading
-
Security Think Tank: Multi-layered security key to fileless malware defence
What should organisations do, at the very least, to ensure business computers are protected from fileless malware? Continue Reading
-
Security Think Tank: Social engineering at the heart of fileless malware attacks
What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading
-
Security Think Tank: How to tackle fileless malware attacks
What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading
-
Hawaii missile alert: Why the wrong guy was fired
In January 2018, an employee at Hawaii’s emergency management agency sent out a false alarm of an imminent missile attack, and was subsequently fired – but perhaps poor system design is really to blame Continue Reading