In Depth
In Depth
Hackers and cybercrime prevention
-
How Australia is keeping pace with ICS threats
Besides bridging the security gap between IT and operational technology teams, Australia is driving efforts to bolster the security of IoT devices Continue Reading
-
Application security more important than ever
Applications have an increasingly crucial role in our lives, yet they are also a real security threat, with hackers always finding new ways to bypass security defences. Computer Weekly looks at how organisations are responding to the challenge Continue Reading
-
Cyber resilience key to securing industrial control systems
Operators of industrial control systems can build greater cyber resilience by getting IT and operational technology teams to work more closely together and improving the visibility of their infrastructure, among other security measures Continue Reading
-
Application and device security under the spotlight
The security of internet-connected devices and associated applications has become a significant concern, prompting suggestions legislation may be required, while the UK government’s recent Secure by Design review suggests several solutions, ... Continue Reading
-
Data protection is critical for all businesses
Companies that misuse data or fall victim to breaches not only risk financial loss, but also reputational damage. There are many reasons good data practice is essential Continue Reading
-
Network security in the digital transformation era
Network security has always been a core focus for CISOs and IT security managers, but in an era of digital transformation, we examine if network security strategies are keeping up with new and emerging cyber threats Continue Reading
-
Network security in the age of the internet of things
Wireless devices and smart technologies are increasingly being brought into the workplace, and pose a growing risk to company data Continue Reading
-
Businesses need to take cryptojacking seriously
Organisations must pay attention to cyber criminals hijacking computing resources to mine cryptocurrencies, because nearly half are affected and the impact is greater than many realise Continue Reading
-
Getting a handle on mobile security in your enterprise
Everyone now has a mobile device at work, so how can enterprises ensure they are secure? Continue Reading
-
How AI will underpin cyber security in the next few years
Cyber security risks are growing in complexity and volume, but artificial intelligence techniques can help businesses track and fight them in real time Continue Reading
-
Navigating ASEAN’s patchy cyber security landscape
Cyber resilience remains low across Southeast Asia, a regional economic powerhouse that is increasingly susceptible to cyber threats as its digital economy grows Continue Reading
-
How secure are smart energy grids?
The improved efficiency of smart grids need to be weighed against the cost of security - presenting a unique opportunity for the tech sector and a new market for security companies Continue Reading
-
Steal a march on cyber criminals through security by deception
Security by obscurity, although a common and tempting practice, is generally not recommended, but security by deception offers a way for defenders to make it more difficult for attackers to succeed and easier for defenders to catch them Continue Reading
-
UK sale of surveillance equipment to Macedonia raises questions over export licence policy
The UK approved an export licence for the sale of surveillance equipment to Macedonia – while the country was engaged in an illegal surveillance programme against its citizens. A senior minister was consulted on the decision Continue Reading
-
Where the device hits the network – a mobile device management update
As business becomes increasingly mobile, we look at the latest trends in mobile device management to give businesses the edge Continue Reading
-
Why immutable buckets are a worthy risk management tool
Immutable buckets offer businesses benefits in terms of data compliance, backup, archiving and security Continue Reading
-
The Macedonian surveillance scandal that brought down a government
Macedonia has been accused of using surveillance technology for covert spying - the subsequent political protests were instrumental in the ruling party losing power after 10 years Continue Reading
-
Organised crime exploiting new technology
European law enforcement is to focus on collaborating with industry around cyber crime as organised crime groups increasingly exploit new technologies, according to a regional crime threat report Continue Reading
-
How UK organisations are leaving themselves open for cyber attack
UK organisations are leaving themselves wide open to cyber attack despite huge investments in cyber security systems, according to two former hackers now working in cyber defence Continue Reading
-
How information security professionals can help business understand cyber risk
Information security is continually moving up business and board agendas, but information security professionals find it challenging to help business leaders to understand fully the cyber risks across increasingly digital businesses. Continue Reading
-
The cyber threats lurking within every company
Insider threats have been around for a long time, but it is only recently that people have begun to acknowledge the true danger they pose Continue Reading
-
Lauri Love: the student accused of hacking the US
How did a brilliant but fragile computer science student from a rural English town end up facing life imprisonment in the US? Computer Weekly speaks to Lauri Love Continue Reading
-
Cost-effective managed IPS for small businesses
Small businesses typically struggle to afford cyber intrusion prevention systems, but the introduction of a service tailored for this market could change that Continue Reading
-
The problem of passwords and how to deal with it
Security experts have long recognised passwords as inadequate, but finally technology is offering some viable alternative authentication methods that businesses can explore to keep their data safe Continue Reading
-
CW@50: Fertile British breeding grounds for information security innovation
Computer Weekly is marking its 50th anniversary this year with a series of articles celebrating 50 years of British technology innovation. In this article, we look at the evolution of information security threats and some of the British innovation ... Continue Reading
-
Hunters: a rare but essential breed of enterprise cyber defenders
They wait, they watch, they search the outer reaches of networks and the darkest corners of the web, setting traps, crafting tools, collecting evidence and going in pursuit: they are the hunters Continue Reading
-
Interview: James Bamford on surveillance, Snowden and technology companies
Investigative journalist and documentary maker James Bamford was among the first to uncover the secrets of the US National Security Agency and its global surveillance Continue Reading
-
How to deal with the aftermath of a data breach
Considering that a data breach could happen to any company, at any time, a plan of action is the best tactic Continue Reading
-
The next stage in quantum key distribution
Authentication schemes based on quantum physics are emerging to address the growing number of ways to compromise data traffic Continue Reading
-
The true cost of a cyber security breach in Australia
The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers. The case of one Australian firm shows why paying a ransom to a hacker might be tempting. Continue Reading
-
The security dangers of home networks
Most companies take reasonable steps to protect their networks from virus attacks, but one area of vulnerability that is often overlooked is infection from employees’ home networks Continue Reading
-
How to ensure strong passwords and better authentication
Five steps to ensure stronger passwords and better authentication to reduce the threat of business data theft Continue Reading
-
Max Schrems: The man who broke Safe Harbour
Schrems has persuaded a high court judge to confirm that Edward Snowden’s evidence is acceptable in court and that the US is engaged in mass surveillance of European citizens Continue Reading
-
How to fully test IT networks for vulnerabilities
Making sure a company network is secure is a very important task, and one that should be scheduled regularly Continue Reading
-
App development companies fight back against digital piracy
How can digital companies protect their IP against a tidal wave of smartphone boosted piracy? Is digital rights management software effective enough, or is it better to adapt your business model? Continue Reading
-
How to cull old, potentially risky data
Unused data is a potential security risk, with old spreadsheets, reports and email containing industry secrets and laced with company gossip. If it's no longer useful, it's time to delete it Continue Reading
-
How to reduce the risk of social engineering attacks
Implement simple checks to reduce the risk of the main types of social engineering attacks Continue Reading
-
Top tips for remote and mobile workers to improve their cyber security
Steps remote and mobile workers can take to improve cyber security on mobile devices, using public Wi-Fi and computers, and handling USB devices Continue Reading
-
Bill Binney, the ‘original’ NSA whistleblower, on Snowden, 9/11 and illegal surveillance
Always a patriot: Computer Weekly talks to Bill Binney, the senior NSA official who blew the whistle before Edward Snowden Continue Reading
-
How to secure the SDN infrastructure
As more enterprises look to deploy software-defined networking, the need for security from the ground up should not be underestimated Continue Reading
-
Cyber crime: What every business needs to know
Computer Weekly gets the low-down on cyber crime from law enforcement officers and investigators Continue Reading
-
Quantum key distribution is the future for secure comms
Quantum teleportation is a technology that will ultimately replace encryption as the foundation of communication security Continue Reading
-
Target data breach: Why UK business needs to pay attention
Late last year, US retailer Target was hit by one of the biggest data breaches in the industry's history. So what happened and why is it relevant to UK businesses? Continue Reading
-
Hacktivism: good or evil?
IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business and international politics Continue Reading
-
Big data journalism exposes offshore tax dodgers
How journalists harnessed big data to challenge offshore financial secrecy Continue Reading
-
An introduction to cyber liability insurance cover
Cyber liability insurance cover has been around for 10 years, but most security professionals seem to have not heard of it or know that it exists Continue Reading
-
How to create a good information security policy
Information security policies provide vital support to security professionals, yet few organisations take the time to create decent policies Continue Reading
-
How to tackle big data from a security point of view
Before leaping into big data, companies must be clear what they are trying to achieve, otherwise their investment will be wasted Continue Reading
-
How to find the most vulnerable systems on your internal network
Most corporate networks share common vulnerabilities, but many could be mitigated with education in “hacker thinking” for technical staff Continue Reading
-
Social media: A security challenge and opportunity
Generation Y workers are posing increasing security challenges to their employers as they share data unreservedly Continue Reading
-
Business priorities: what to protect, monitor and test
How information security professionals can prioritise what to protect, monitor and test in the light of current budget and resource constraints Continue Reading
-
How to preserve forensic evidence in the golden hour after a breach
There is a golden hour at the outset where a clear head and good planning can make or break any subsequent forensic investigation Continue Reading
-
How to secure Macs in the enterprise
Apple computers are becoming increasingly used in the enterprise - we look at how to securely introduce Macs in the corporate network Continue Reading
-
Setting up a botnet is easier than you think
Acquiring, installing, configuring and using a powerful data-stealing banking Trojan toolkit is not as difficult as it sounds Continue Reading
-
The top five SME security challenges
Best practice in IT security and compliance for small and medium-sized enterprises (SMEs) is often seen as a "grudge purchase", but SMEs face the same threat as larger organisations - just without their budgets. Continue Reading
-
Facing up to security perils of outbound traffic
What about the threat from within and, more specifically, the security issues that arise from outbound traffic risks? Continue Reading
-
Corporate Mergers and Acquisitions Security Learning Guide
A panel of experts breaks down M&A security priorities and explains the best ways to manage disparate security staffs, technologies and policies. Continue Reading
-
Why hacking contests, 'month-of' projects don't help
Ivan Arce, chief technology officer of Core Security Technologies explains why he thinks hacking contests and public vulnerability disclosure projects do little to improve IT security. Continue Reading
-
The man behind the Month of Search Engine Bugs speaks
Ukrainian security researcher Eugene Dokukin, more widely known by his online name MustLive, is about to launch a new "Month-of" flaw disclosure project focusing on search engine bugs, at a time when many security professionals are dismissing such ... Continue Reading
-
Admins run into trouble with Microsoft updates
A DNS service failure and an ongoing WSUS glitch are among this month's frustrations as IT administrators try to deploy the latest security patches from Microsoft. Continue Reading
-
PayPal security measures help stamp out fraud
PayPal's 133 million online customers are the biggest ocean phishers have to plunder. CISO Michael Barrett wants to make it safe to be in the water; and he's not going at it alone. Continue Reading
-
Symantec threat report under the microscope
This week in Security Blog Log: Infosec professionals dissect Symantec's latest threat report and express a range of views in the blogosphere. Continue Reading
-
PING with Mark Odiorne
Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritising security for senior management and keeping compliant. Continue Reading
-
Flaws haunt Symantec, IBM, Cisco and IE
Bug Briefs: Security holes plague Symantec Norton products, IBM DB2; Mozilla Firefox; Trend Micro ServerProtect; Cisco IP phones; Google Desktop; IE and Snort. Continue Reading
-
Storm Trojan was worse than it should have been
The "Storm" attack made a big splash because people keep falling for social engineering and there was simply little else in the news, experts say. Continue Reading
-
Security pros glean insight from '06
Corporate acquisitions, an abundance of spam, and the White House's take on cybersecurity mark 2006. Continue Reading
-
Review: Deep Security is a solid IPS
Third Brigade's Deep Security is a well-designed, effective product with strong configuration and policy control capabilities. Continue Reading
-
Zero-day tracker a hit, but IT shops need better strategy
This week in Security Blog Log: Reaction to eEye's new zero-day tracker is positive, but some experts say it won't help unless IT shops have a layered defense to start with. Continue Reading
-
Active Directory security school: Management
Lesson two of the Active Directory security school. Continue Reading
-
Active Directory Security School
An improperly configured Active Directory can render the rest of your security measures useless. So how can you protect yourself from a hacker with their eyes on your AD? How can you recover from such an attack? Find the answers to all of your AD ... Continue Reading
-
Security Blog Log: Sailing a sea of spam
This week, bloggers struggle to purge their bloated inboxes. Their experiences lend weight to recent studies showing a breathtaking spike in spam. Continue Reading
-
Nmap Technical Manual
By now, most infosec pros have heard of Nmap, and most would agree that even though the popular freeware tool is invaluable, installing, configuring and running it in the enterprise is no easy task. With that in mind, SearchSecurity.com, in ... Continue Reading
-
Security Blog Log: Taking Google Code Search for a spin
This week, the blogosphere is buzzing about Google Code Search. Despite concerns that the tool will aid attackers, some see it as a boost for security. Continue Reading
-
Inside MSRC: Public vulnerability disclosures on the rise
Even though irresponsible publicly disclosed vulnerabilities seem to be on the rise, Microsoft's Christopher Budd discusses how the software giant was able to quickly release a fix for the recent VML flaw, plus offers best practices on how to make ... Continue Reading
-
ZERT rekindles third-party patching debate
This week in Security Blog Log: IT security pros express more reservations about third-party patching, including the CEO of a company that released one a few months ago. Continue Reading
-
More from SearchSecurity September 2006
This month's round up weighs the pros and cons of security information management systems (SIMs) plus four case studies illustrating the different roadblocks security managers can encounter Continue Reading
-
Symantec Dark Vision app monitors underground IRC servers
New research project keeps tabs on the hacker underground, providing new insight on activities like credit card theft and spamming. Continue Reading
-
Security Blog Log: Word doc scam evades spam filters
Also this week: A researcher gets a harsh reward after flagging a University of Southern California Web site flaw, and more blogs are keeping an eye on the latest security breaches. Continue Reading
-
Security blog log: Fear and loathing in MS06-040's wake
This week, security bloggers wonder if some of the MS06-040 warnings have gone too far. Meanwhile, Symantec uses its blog to warn about the timed release of exploits. Continue Reading
-
Inside MSRC: Time to rethink security workarounds
Christopher Budd of the Microsoft Security Response Center recommends implementing one of several security workarounds to ensure a secure infrastructure until this month's most important Windows update can be installed. Continue Reading
-
Countering attackers with NAC, IPS
Product review: Information Security magazine's Wayne Rash says ForeScout Technologies' flexible CounterACT appliance combines NAC with IPS and is worth the investment. Continue Reading
-
Security event management, no strings attached
Product review: Information Security magazine's Joel Snyder says Check Point's vendor-agnostic Eventia Analyzer 2.0/Eventia Reporter is worth consideration despite limited BI options. Continue Reading
-
Endpoint security quiz answers
The answers to the Endpoint quiz Continue Reading
-
Endpoint security quiz
Take this five-question quiz to see how much you've learned about endpoint security. Continue Reading
-
Industry chiefs to declare war on for-profit cyber criminals
IT industry leaders reaffirm the importance of security to a digital economy beset by money-driven cyber criminals. Continue Reading
-
Lost at sea: securing the channel
As attacks seem to proliferate almost unabated, it’s worrying to think that of the three interested parties in the security technology market — the technology makers, the technology sellers and the technology users—not everyone shares a common view ... Continue Reading
-
Phishing for the missing piece of the CardSystems puzzle
A banking insider examines the ties between customized phishing attacks this spring and the CardSystems breach announced soon after. Don't miss his revelations on how they're linked and what the phishers really needed. Continue Reading
-
Essential contacts
The security arena is like every other aspect of the IT industry, suppliers and special interest groups come and go. However,... Continue Reading
-
MoD slated for unresolved Chinook testing issues
BCS member Andrew Rivers has raised a series of questions with his local MP about the computer systems on board the Chinook helicopter which crashed over the Mull of Kintyre in 1994, killing 29 security officers and four crew Continue Reading