Opinion

Opinion

Hackers and cybercrime prevention

• The dangers of the UK’s illogical war on encryption

  The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most  Continue Reading

• Assessment and knowledge: Your key tools to secure suppliers

  There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal  Continue Reading

• Security Think Tank: Supply chain security demands systematic approach

  Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business  Continue Reading

• Security Think Tank: Balanced approach can detangle supply chain complexity

  Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices  Continue Reading

• Security Think Tank: Best practices for boosting supply chain security

  In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk  Continue Reading

• The importance of making information security more accessible

  Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure  Continue Reading

• Log4Shell: How friendly hackers rose to the challenge

  HackerOne CISO Chris Evans looks back at how the security community successfully rose to the challenge of Log4Shell, and saved end-user organisations millions  Continue Reading

• Security Think Tank: Yes, zero trust can help you understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Identify, assess and monitor to understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• We must target a broad church to fill vacant cyber roles

  The security industry focuses a lot on cyber-specific specialisms and technical skills, but it could really benefit from widening its search. Take it from a social anthropologist  Continue Reading

• Revised scope of UK security strategy reflects digitised society

  The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF  Continue Reading

• UK Cyber Strategy a welcome injection of progress

  The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber  Continue Reading

• National Cyber Strategy will enhance UK’s cyber power status

  The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of ...  Continue Reading

• How cyber security teams can conquer the four-day working week

  The four-day week may be an idea whose time has come, but for always-on cyber security professionals, the impact of squeezing more work into fewer days is a tricky proposition  Continue Reading

• Encryption myths versus realities of Online Safety Bill

  The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it  Continue Reading

• National Cyber Strategy misses the mark in one important way

  The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way  Continue Reading

• When more is too much in security

  The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity  Continue Reading

• Universities need better protection from email-based cyber attacks

  The need to educate university staff and students on avoiding email-based cyber attacks is more acute than ever, says Proofpoint’s Adenike Cosgrove  Continue Reading

• The UK’s cyber security sector is thriving, but our work has only just begun

  The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector  Continue Reading

• Security Think Tank: Good training is all about context

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Phishing tests are a useful exercise, but don’t overdo it

  The vast majority of cyber attacks start with a phish, so it’s not surprising that phishing tests form part of cyber training plans. But sometimes these tests go too far. Cyberis’ Gemma Moore looks at how to avoid the pitfalls  Continue Reading

• Five key tech trends for digital leaders in 2022

  The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year  Continue Reading

• Vulnerabilities to fraud are increasing across the board

  As the pandemic continues to affect how we work, socialise, shop and conduct business, so it has increased opportunities for digital fraud and cyber crime. Jason Lane-Sellers explores the latest LexisNexis Risk Solutions ‘Cybercrime report’  Continue Reading

• Security Think Tank: When will they ever learn?

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Attackers leveraging the supply chain

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they have taken away from the past 12 months  Continue Reading

• A ‘whole of society’ approach to cyber may be on the horizon

  Nominet Cyber managing director David Carroll reflects on the NCSC’s latest annual review amid 2021’s fast-evolving threat landscape  Continue Reading

• The Secret IR Insider’s Diary – this is not a fashion show

  In the latest pages taken from their diary, the Secret IR Insider reveals why organisations should be worried about every threat, not just the latest and greatest  Continue Reading

• Changing the rules against cyber attacks

  UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing  Continue Reading

• No easy fix for vulnerability exploitation, so be prepared

  Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this  Continue Reading

• Doing the right thing: How CISOs should approach responsible disclosure

  Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure  Continue Reading

• Addressing the backup dilemma to ransomware recovery

  Everyone knows good backups are essential if one is to recover from a ransomware attack, but using them effectively poses challenges that IT teams need to know about  Continue Reading

• Security Think Tank: Embracing vulnerability management for the greater good

  When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, says Paul Watts of the ISF  Continue Reading

• Facial recognition cannot be a standalone authentication method

  As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation  Continue Reading

• Supply chain cyber security is only as strong as the weakest link

  A spate of high-profile cyber attacks has highlighted the criticality of supply chain security and put new pressures on security leaders. How can we ensure that cyber security remains robust down the full length of supply chains?  Continue Reading

• How the cyber security market is evolving

  The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments?  Continue Reading

• The ransomware debate – to pay or not to pay?

  The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith  Continue Reading

• Sparsely staffed offices: the new post-pandemic cyber gap

  With many offices still operating at limited capacity, a red teaming expert reveals how his job is getting easier, and why this is a problem  Continue Reading

• The Secret IR Insider’s Diary: It’s all gone quie...

  The ‘Q’ word isn’t one that’s really used in incident response, says the Secret IR Insider, largely because as soon as you use it, something happens  Continue Reading

• Professionals need protection from the Computer Misuse Act

  The UK needs cyber legislation fit for the 21st century, so it is important for the industry to get behind the government’s proposed reform of the Computer Misuse Act  Continue Reading

• Are you betting your future on the worst gambling odds in the world?

  Gambling is a high-risk strategy. Doing nothing in the face of the threat from ransomware and hoping for the best provides some of the worst odds you will ever come across  Continue Reading

• Ethical hacking: What, why, and overcoming concerns

  We find out why and how hitting your own business with a cyber attack can help improve security  Continue Reading

• Banking tech fraud: How to trace and recover your money

  Even when stolen assets are sent offshore, the special powers of the English civil court system mean all may not be lost  Continue Reading

• How CIOs can help their organisations accelerate digital transformation

  Companies need to win the trust of their customers to gather the data they need to transform their businesses  Continue Reading

• European ‘chat control’ plans in the name of ‘child safety’ threaten end-to-end encryption

  Proposals by European Commission to search for illegal material could mean the end of private messaging and emails  Continue Reading

• Long-term thinking is vital to secure UK’s critical infrastructure

  To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie  Continue Reading

• The shape of fraud and cyber crime: 10 things we learned from 2020

  While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises  Continue Reading

• Securing the UK's emerging smart cities

  UK councils have a huge opportunity to improve services through the use of smart city technologies - but they must avoid the cyber security risks, says the government's digital minister  Continue Reading

• How to tackle intellectual property crime

  Crimes against intellectual property are big business for organised crime groups, commercial competitors and foreign states alike. In the first of a series of legal columns, David Cowan offers a practical approach  Continue Reading

• Why we need to reset the debate on end-to-end encryption to protect children

  Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent  Continue Reading

• The Secret IR Insider’s Diary – from Sunburst to DarkSide

  From dealing with SolarWinds fallout to ransomware attacks, it’s been a busy few weeks for the Secret IR Insider, but they've picked up some new tricks along the way  Continue Reading

• Security Think Tank: Evolving threats, tech, leaves CNI exposed

  In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Attacks on CNI – an evolving frontier in warfare

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Back to square one – ground-up CNI protection

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Properly protecting CNI demands specificity

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Take a realistic perspective on CNI cyber attacks

  In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: CNI operators must focus on core issues

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: CNI operators are in an unenviable position

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: US security efforts may centre on collaboration

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Rogue drones beware: We’re here to ground you

  Eugene Kaspersky exclusively lifts the lid on a mysterious, shiny device that’s been sitting in his office  Continue Reading

• Security Think Tank: Towards a united state of security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Renewed US stability may ease cyber tensions

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden must address insider security threat first

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden’s team can make a difference on security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: UK well-placed to work with Biden on cyber

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden has a chance to renew cyber alliances

  As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• The ransomware routine: pages from the Secret IR Insider’s diary

  The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided  Continue Reading

• Security Think Tank: In 2021, enable, empower and entrust your users

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Time for security teams to learn from Covid

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• It’s time to accept that disinformation is a cyber security issue

  Tackling the manipulation of truth and facts is no easy task, and it’s time for the cyber security sector to take up the challenge  Continue Reading

• Security Think Tank: SOAR to the next level with automation

  SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• From front line to back office – how supporting the cyber community keeps the NHS safe

  NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health and care  Continue Reading

• Security Think Tank: Essential tools to mitigate double extortion attacks

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: Safeguarding PII in the current threat landscape

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Essential tools to mitigate data loss and identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Adapting defences to evolving ransomware and cyber crime

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: What you need to know about addressing the doxing threat

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Tighten data and access controls to stop identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Covid-19 has changed how we think about cyber security forever

  Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson  Continue Reading

• Why data exports from the EU will be challenging without Privacy Shield

  Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers    Continue Reading

• Security Think Tank: AI in cyber needs complex cost/benefit analysis

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: Ignore AI overheads at your peril

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: The past and future of security automation

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: SIEM and AI – a match made in heaven?

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: Artificial intelligence will be no silver bullet for security

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: AI cyber attacks will be a step-change for criminals

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Australian government has failed on cyber security

  The federal government’s current approach of allowing each agency to make its own cyber decisions is not working and more needs to be done to hunt down adversaries  Continue Reading

• The impact of spycraft on how we secure our data

  The history of cyber security owes much to the world of espionage, as a recent, pre-lockdown Science Museum exhibition showed  Continue Reading

• Australia is painting a big red cyber target on its critical infrastructure

  Australia’s critical infrastructure is particularly vulnerable to cyber attacks right now because of years of under-investment in cyber security and ageing legacy systems  Continue Reading

• Identification and access management: some possible futures

  Learn about how we might be using our heartbeats, brainwaves and eye movements to unlock our mobiles in the future  Continue Reading

• Security Think Tank: Security teams are key workers and need support

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Why you should think before you Zoom

  Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential  Continue Reading

• Security Think Tank: Why and how cyber criminals exploit world events

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Coronavirus: What does the ‘new normal’ mean for how we work?

  Examining the long-term impact of the Covid-19 coronavirus pandemic on the world of work, security, privacy and networks  Continue Reading

• JavaScript skimmers: An evolving and dangerous threat

  Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving  Continue Reading

• Security Think Tank: Amid panic, how to find a sound level of security

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: A guide to security best practice for pandemics

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• The greatest contest ever – privacy versus security

  Examining the technical, legal and ethical challenges around the privacy versus security debate  Continue Reading

• Addressing the IoT security challenge

  We consider how best to address some of the critical security challenges around the internet of things  Continue Reading