Opinion
Opinion
Data breach incident management and recovery
-
Security Think Tank: Biden must address insider security threat first
As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ... Continue Reading
-
The ransomware routine: pages from the Secret IR Insider’s diary
The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided Continue Reading
-
Security Think Tank: Cyber effectiveness, efficiency key in 2021
After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ... Continue Reading
-
Security Think Tank: Integration between SIEM/SOAR is critical
SIEM and SOAR share much in common but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice? Continue Reading
-
Security Think Tank: Essential tools to mitigate double extortion attacks
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ... Continue Reading
-
Security Think Tank: Safeguarding PII in the current threat landscape
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ... Continue Reading
-
Security Think Tank: Adapting defences to evolving ransomware and cyber crime
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ... Continue Reading
-
Security Think Tank: What you need to know about addressing the doxing threat
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ... Continue Reading
-
Security Think Tank: Tighten data and access controls to stop identity theft
The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ... Continue Reading
-
What are the latest GDPR security breach enforcement trends?
A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR Continue Reading
-
Security Think Tank: Ignore AI overheads at your peril
Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the... Continue Reading
-
Australian government has failed on cyber security
The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries Continue Reading
-
A view from the SOC: Maintaining security capabilities during the pandemic
What are the challenges of maintaining security event and incident detection capabilities in these challenging times? Continue Reading
-
Australia is painting a big red cyber target on its critical infrastructure
Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems Continue Reading
-
Identification and access management: some possible futures
Learn about how we might be using our heartbeats, brainwaves and eye movements to unlock our mobiles in the future Continue Reading
-
Security Think Tank: Burnt out CISOs are a huge cyber risk
Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout? Continue Reading
-
Security Think Tank: Create healthy habits to avoid burnout
Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security professionals manage their increased workload, safeguard their mental well-being and avoid burnout? Continue Reading
-
Why you should think before you Zoom
Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential Continue Reading
-
A legal perspective on data breaches and home working
Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification Continue Reading
-
JavaScript skimmers: An evolving and dangerous threat
Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving Continue Reading
-
Why ‘no breach’ is bad news for your compliance
You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case Continue Reading
-
The greatest contest ever – privacy versus security
Examining the technical, legal and ethical challenges around the privacy versus security debate Continue Reading
-
Security Think Tank: Zero trust is complex, but has rich rewards
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: No trust in zero trust need not be a problem
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Zero trust – just another name for the basics?
In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ... Continue Reading
-
Security Think Tank: Bug bounties are changing the image of hackers
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Teens in basements don’t represent a positive security culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Learning from the Travelex cyber attack: Failing to prepare is preparing to fail
The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department Continue Reading
-
Security Think Tank: Changing attitudes to cyber is a team sport
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Hero or villain? Creating a no-blame culture
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Get your users to take pride in security
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Let’s call time on inciting fear among users
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? Continue Reading
-
Security Think Tank: Put information at the heart of security
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Data-centric security requires a holistic approach
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Data-centric security requires context and understanding
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Top tips for avoiding and dealing with data breaches
Been hacked, lost a laptop or sent an email to the wrong address? Do you need to notify anyone and what should you do? Find out in this simple guide Continue Reading
-
Security Think Tank: Risk-based response critical to protect data
The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ... Continue Reading
-
Security Think Tank: Is data more or less secure in the cloud?
Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ... Continue Reading
-
Cyber security: How to avoid a disastrous PICNIC
Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk Continue Reading
-
Security Think Tank: Risk management must go beyond spreadsheets
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making? Continue Reading
-
Security Think Tank: Risk is unavoidable in digital transformation
How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making? Continue Reading
-
Why investment is needed in the cyber insurance market
The number of cyber insurance policies on offer is beginning to grow, but insurers still have a long way to go to develop policies that address market concerns Continue Reading
-
Making threat intelligence greater than the sum of its parts
Organisations can become more secure if they join up their varied sources of intelligence about business threats, and avoid losing valuable information within individual silos Continue Reading
-
Security Think Tank: Proper segregation is more important than ever
What are the security benefits and challenges of segregating IT environments, and how best are these challenges overcome? Continue Reading
-
Security Think Tank: Surviving the existential cyber punch, part 3
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Surviving the existential cyber punch part 2
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Aim for integrated resilience, continuity and recovery
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Incident response vital to guard against catastrophic cyber attack
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: BC/DR plan key to cyber attack survival
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: How to reduce the impact of a potential cyber extinction event
How should businesses plan to survive a potential cyber attack extinction event? Continue Reading
-
Security Think Tank: Is it true you can't manage what you don't measure?
What should be the key cyber security risk indicator for any business? Continue Reading
-
Making the UK the safest place to live and work online
Government, industry and individuals all have to play their part in enhancing cyber security practices Continue Reading
-
Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security
What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome? Continue Reading
-
Cyber security – why you’re doing it all wrong
Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong? Continue Reading
-
Why businesses must think like criminals to protect their data
Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place Continue Reading
-
Australian firms need to move faster in the digital age
Just over a tenth of IT professionals in Australia say their companies can roll out a new product in less than three months, despite operating in fast-moving markets with digitally savvy customers Continue Reading
-
Europe’s shameful role in spy-tech exports that led to torture and jail
Governments in Europe actively assisted in government oppression in Iran, Bahrain and Russia by providing states with sophisticated surveillance equipment. The European Parliament is pressing for changes in the law to restrict exports of ... Continue Reading
-
Security Think Tank: Automating basic security tasks
How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments? Continue Reading
-
Zero in on your zero-day vulnerabilities
A zero-day attack comes, by definition, out of the blue. You cannot predict its nature or assess how much damage it might cause, but you can take some basic steps to protect yourself from a potentially crippling cyber strike Continue Reading
-
Security Think Tank: Encourage employees to use an approved messaging app
What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees? Continue Reading
-
Security Think Tank: Educate, enforce policy and monitor to ensure messaging security
What criteria should organisations use to assess the security of smartphone messaging apps, and how can they ensure only approved apps are used by employees? Continue Reading
-
Is it time to stop blaming organisations for being breached?
The IT security industry needs to look at itself and its practices before blaming organisations that have been hit by cyber attacks Continue Reading
-
GDPR for the CIO: Data protection is about more than GDPR compliance
If you approach GDPR as if compliance is all that matters, then you're bound to fail – data protection should be at the heart of business strategy Continue Reading
-
Security Think Tank: Cyber resilience cheaper than attack recovery
What key things should organisations be doing in terms of cyber defences to ensure they are resilient? Continue Reading
-
Legal hurdles cloud Max Schrems complaint over US spying
The Irish High Court in Dublin has embarked on a long hearing into the legality of standard contractual clauses. It is a sideshow from the real issue – the legality of US surveillance in the UK and Ireland Continue Reading
-
Security Think Tank: Resilience means preparing for unpreventable cyber threats
What key things should organisations be doing in terms of cyber defences to ensure they are resilient? Continue Reading
-
What to do first when hit by a cyber attack
What actions should organisations take if they suspect they have suffered a cyber security incident? Continue Reading
-
Finance firms are vulnerable to cyber attacks, so why do customers think they are secure?
The public are overly confident in the ability of banks and financial institutions to protect their data, but that will change when mandatory reporting comes in next year under the General Data Protection Regulation Continue Reading
-
The true impact of a cyber breach on share price
As cyber security breaches become increasingly common, a security consultant explores how recent headline breaches have affected company valuations Continue Reading
-
Five tips to improve cyber security in the health sector
Jocelyn Paulley, an IT lawyer at Gowling WLG, shares her top tips on how the NHS can “quick fix” its cyber resilience Continue Reading
-
New cyber security strategy changes relationship between government and IT suppliers
The government has introduced stringent new responsibilities on IT suppliers in its latest cyber security strategy Continue Reading
-
Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition
Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon Continue Reading
-
A Good American: a personal take on mass surveillance
Director Friedrich Moser draws some conclusions on mass surveillance from his groundbreaking documentary on the work of NSA whistleblower, Bill Binney Continue Reading
-
Security Think Tank: Awareness and incident response key to fighting evasive malware
How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis? Continue Reading
-
Security Think Tank: Addressing the malware arms race
How can businesses best prepare their cyber defences in light of the fact that attackers are increasingly using malware designed to evade detection and analysis? Continue Reading
-
Prism and the law: The state of play in August 2016
Computer Weekly assesses the history, legal aspects and latest developments in the story of the mass surveillance programme launched by the US National Security Agency Continue Reading
-
Data breaches: Different regions, very different impacts
The cost, scrutiny and pressure of dealing with a data breach will become more apparent in the near future as European legislation takes effect Continue Reading
-
Security Think Tank: Key GDPR issues for infosec pros to address
What is the role of information security professionals in ensuring organisations comply with the EU General Data Protection Regulation (GDPR) by 25 May 2018? Continue Reading
-
The problem with passwords: how to make it easier for employees to stay secure
An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems Continue Reading
-
Are cloud users worrying about nothing when it comes to data sovereignty?
With the upheaval surrounding the EU-US Privacy Shield, Clive Longbottom takes a closer look at the issue of sovereignty Continue Reading
-
When a slowdown in IT budgets is a good thing
IT budgets will grow at their slowest rate for four years in 2016, yet companies are spending more on digital technology Continue Reading
-
Supercharging cyber security protection: Questions to ask when hiring a managed services provider
With information security concerns and challenges at an all-time high, and a global shortage of security professionals to address them, some enterprises are turning to managed security services for help. To ease the selection process, Dragana Vranic... Continue Reading
-
Are you exposed? Lessons from Ashley Madison
Data breaches are only a matter of time so companies need to know what to do to prevent, respond and contain breaches when they happen Continue Reading
-
Security Think Tank: Three key cyber resilience goals
How can companies best assess business resilience to identify the gaps and improve business resiliency to reduce the impact of cyber attacks? Continue Reading
-
Security Think Tank: Aim at joined-up security for clearer risk view
How can companies best assess business resilience to identify the gaps and improve business resiliency to reduce the effect of cyber attacks? Continue Reading
-
Why HTML5 must replace Flash
Author Robin Nixon explains why the days of Flash are numbered Continue Reading
-
Life’s a breach: How to handle the press after a hacking attack
Emily Dent, specialist in crisis PR, offers some advice to organisations that unexpectedly find themselves in the headlines Continue Reading
-
Security Think Tank: Guidelines to enable security to get the most out of log management
How can log management be used to bolster information security and improve incident response without infringing end user privacy? Continue Reading
-
The bad theatre of the Intelligence and Security Committee
The report of the Intelligence and Security Committee was like a piece of bad theatre Continue Reading
-
A phisher’s paradise
Email is one of the earliest services created on the internet and, arguably, remains the most important Continue Reading
-
PSN makes changes to reduce risk
Director and head of compliance, PSNGB, Adele Parker, talks about how PSN will transport the bulk of government information Continue Reading
-
Security Think Tank: How to build a resilient defence against cyber attacks
How to build a resilient case against cyber attacks Continue Reading
-
Security Think Tank: For cyber resilience, assume the worst
How can organisations build cyber security resilience? Continue Reading
-
When consumer grade doesn't make the grade
For Doug Miles, director of market intelligence at AIIM, new data proves the importance of providing safe data-sharing options Continue Reading
-
Security Think Tank: What should be in an incident response plan
What does a good information security incident response plan look like? Continue Reading
-
Security Think Tank: Minor failings can trigger major data breaches
It’s not just the big data breach risks that matter – ignore the near misses and the minor policy infractions and you will end up with a major incident Continue Reading
-
Security Think Tank: Key elements of an incident response plan
What does a good information security incident response plan look like? Continue Reading
-
Security Think Tank: Ready for your data breach moment?
Sooner or later, you will have to deal with a data breach. Do you have an incident response plan ready that will limit the repercussions? Continue Reading
-
Security Think Tank: Three steps to effective incident response
What does a good information security incident response plan look like? Continue Reading
-
Security Think Tank: Incident response – prepare, test, and test again
What does a good information security incident response plan look like? Continue Reading