Opinion

Opinion

IT governance

• Fear is the mind-killer: Governance key to safety in the cyber dunes

  Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from...  Continue Reading

• Security Think Tank: A user’s guide to encryption

  The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum  Continue Reading

• Consciousness to address AI safety and security

  The co-founder of KikenAI discuses why he has decided to make the technology for protecting LLMs open source  Continue Reading

• The quantum threat: Implications for the Internet of Things

  The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum  Continue Reading

• Vigilance advised if using AI to make cyber decisions

  The AI arms race is heating up, and the battle lines are being redrawn. Still, organisations should proceed cautiously and remain vigilant in scrutinising AI’s ability to ensure accurate, safe, and informed decision-making.  Continue Reading

• AI has a place in cyber, but needs effective evaluation

  Organisations that don’t leverage AI-based security solutions will find themselves more vulnerable than those that do., but cyber pros still need to ensure they can effectively evaluate AI-enhanced tech to ensure it meets their use case  Continue Reading

• Does AI have a future in cyber security? Yes, but only if it works with humans

  Do AI and ML hold the promise of helping cyber pros achieving the holy grail of operating quicker, cheaper, and with higher efficiency? We shouldn’t hold our breath, says Nominet’s Paul Lewis  Continue Reading

• AI-enhanced cyber has potential, but watch out for marketing hype

  As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove ...  Continue Reading

• The problem with ‘secure’ messaging

  Secure instant messaging is becoming a norm for business communications but it raises three important security and compliance questions    Continue Reading

• We have lift off… The opportunities and risks of generative AI

  How you can use AI to benefit your business while navigating the risks  Continue Reading

• Prepare for quantum to fundamentally change PKI effectiveness

  Encryption has always been a fundamental aspect of Public Key Infrastructure but the rise of quantum computing poses a significant threat to this. Thales' John Cullen says post-quantum cryptography may hold the key to safeguarding the future.  Continue Reading

• Improve business outcomes by managing data and analytics risk

  An effective data and analytics risk and control environment requires a full understanding of data, analytics and AI risks, related risk decisions and their impact on business outcomes  Continue Reading

• The time to implement an internal AI usage policy is now

  As with any emerging technology, AI’s growth in popularity establishes a new attack surface for malicious actors to exploit, thereby introducing new risks and vulnerabilities to an increasingly complex computing landscape.  Continue Reading

• Navigating cyber security under ChatGPT

  Balancing the risk and reward of ChatGPT – as a large language model (LLM) and an example of generative AI – begins by performing a risk assessment of the potential of such a powerful tool to cause harm  Continue Reading

• Post Office scandal inquiry phase four: Here come the lawyers…

  The Post Office scandal was triggered by computer errors, but the cover-up and miscarriages of justice implicate the Post Office, government and lawyers, as professor of law and ethics Richard Moorhead explains  Continue Reading

• ChatGPT’s phishing ‘problem’ may not be overstated

  Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress  Continue Reading

• Artificial intelligence - friend or foe?

  AI can and will be a force for good - but we need a global conversation about its regulation to make sure the benefits of the technology outweigh the risks  Continue Reading

• Regulatory ‘lacuna’ around facial recognition threatens rights

  The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous  Continue Reading

• Discovering the Diversity Process Flow in cyber

  The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector  Continue Reading

• Is cyber training all the same old? Shift your perspective and get stuck in

  Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads, and you can only achieve this by doing and changing your way of thinking.  Continue Reading

• Security Think Tank: A brief history of (secure) coding

  From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think  Continue Reading

• Five key steps where there is a risk of fraud investigation

  When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected.  Continue Reading

• Security Think Tank: Why “secure coding” is neither

  Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle  Continue Reading

• Why we need a secure side door for encrypted apps, not a back door  

  Splitting a decryption key into multiple fragments held by 'guardians', including privacy rights group, may be an answer to policing encrypted messages  Continue Reading

• Want to get cloud IAM right? Master the fundamentals

  By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top  Continue Reading

• Could your employees’ use of ChatGPT put you in breach of GDPR?

  Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely  Continue Reading

• Security Think Tank: Going beyond IAM for cloud security

  Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud  Continue Reading

• Cloud identity: Are you who you say you are?

  As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM  Continue Reading

• With cyber attacks on the rise, businesses should prepare for quantum hacks now

  Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today.  Continue Reading

• Security Think Tank: Adopt a coherent framework for ID first security

  With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud.  Continue Reading

• Preventing artificial deception in the age of AI

  The proposals contained in Westminster’s AI whitepaper are a good start, but more creative thinking and investment will be required to achieve a truly pro-innovation regulatory environment  Continue Reading

• Computer says no. Will fairness survive in the AI age?

  New forms of regulation will be needed to safeguard against the risks posed by AI  Continue Reading

• Security Think Tank: Training can no longer be a compliance exercise

  Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting.  Continue Reading

• Software for environmental, social, and corporate governance

  In the last few years there has been an explosion in software to track and report on ESG data in financial services. What are the main features to look out for?  Continue Reading

• Cyber training in 2023 needs to drive measurable change

  2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen  Continue Reading

• Cyber security training: Insights for future professionals

  Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian  Continue Reading

• Security Think Tank: New trends and drivers in cyber security training

  Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole  Continue Reading

• What charities should know about ransomware and reputational threats

  The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back  Continue Reading

• How to protect your business from fraud during a recession

  This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud  Continue Reading

• What’s the technology talent and recruitment outlook for 2023?

  Despite layoffs from technology companies demand for IT staff in 2023 is expected to be robust, but organisations may turn towards contractors and off-shoring  Continue Reading

• Security Think Tank: Poor training is worse than no training at all

  Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM  Continue Reading

• Security Think Tank: In 2023, we need a new way to cultivate better habits

  Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress  Continue Reading

• Tips on improving cyber training for home workers

  How better security training can help firms tackle new cyber threats facing remote workers  Continue Reading

• Three outsourcing trends to look out for in 2023

  ISG's Andreas Fahr outlines three IT sourcing trends to look out for in the coming year.  Continue Reading

• The rise of fraud in pop culture is impacting consumers’ digital trust

  Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust  Continue Reading

• Europe’s cyber security strategy must be clear about open source

  Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem  Continue Reading

• How does red teaming test the ultimate limits of cyber security?

  An expert ethical hacker reveals how he goes about carrying out a red team exercise  Continue Reading

• Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

  The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach  Continue Reading

• Security Think Tank: 2022 brought plenty of learning opportunities in cyber

  At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros  Continue Reading

• Security Think Tank: How much digital trust can you place on zero-trust?

  The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong  Continue Reading

• Security Think Tank: Embrace prioritisation, people, imperfections

  Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis  Continue Reading

• Security Think Tank: 2022 changed how we thought about resilience

  Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat  Continue Reading

• Security Think Tank: As cyber pros, we need to articulate our needs better

  There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham  Continue Reading

• Think technology, process, human risk to manage ransomware

  Effective ransomware handling boils down to three core areas – technology, process and human risk  Continue Reading

• Chartered status and aligned standards are crucial for the UK's cyber sector

  As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment  Continue Reading

• Your staff are the frontline in your ransomware fight

  As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect  Continue Reading

• Gartner: Three key tasks needed to decommission applications

  A guide to slimming down a full portfolio of applications that are expensive to maintain and difficult to adapt to business needs  Continue Reading

• Security Think Tank: Ransomware defences: An extended to-do list

  Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things  Continue Reading

• Security Think Tank: Let’s be transparent about ransomware

  Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks  Continue Reading

• Cyber insurance: The good, the bad and the ugly

  Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee  Continue Reading

• Security Think Tank: To stop ransomware, preparation is the best medicine

  You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes  Continue Reading

• All means all when it comes to encryption

  Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data  Continue Reading

• Security Think Tank: Anti-ransomware strategies should be as easy as ABC

  When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated  Continue Reading

• To fight ransomware, we must treat digital infrastructure as critical

  Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress  Continue Reading

• Security Think Tank: Ransomware and CISOs’ balancing act

  Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery  Continue Reading

• Security Think Tank: Know your networks, know your suppliers

  To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights  Continue Reading

• How to build consumer trust with a privacy-by-design approach

  Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term  Continue Reading

• The risk of losing our EU data adequacy agreement is real

  While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners  Continue Reading

• Security Think Tank: Container security: why so different?

  Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas  Continue Reading

• How has container security changed since 2020, and have we taken it too far?

  While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up  Continue Reading

• The Conservatives are laughing at cyber security pros

  If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently  Continue Reading

• Reducing the cyber stack with API security

  Budgets are tight, making it difficult to secure spend, but is there an argument for jettisoning fragmented approaches to securing APIs in favour of a dedicated end-to-end approach? Doubling down on API security could help businesses not just reduce...  Continue Reading

• Security Think Tank: Design security in to reap container benefits

  Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives  Continue Reading

• Use site reliability engineering to address cloud instability

  How do you prepare for a worst-case scenario, when the public cloud hosting critical components of your IT infrastructure fails?  Continue Reading

• Security Think Tank: Three steps to a solid DevSecOps strategy

  Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first  Continue Reading

• It’s time for engineering teams to own DevSecOps

  It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress  Continue Reading

• Security Think Tank: Adding trust to AppSec and DevSecOps

  When building in trust and assurance into app development through standards, it is critically important not to stifle innovation  Continue Reading

• Security Think Tank: Creating a DevSecOps-friendly cyber strategy

  When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire  Continue Reading

• Security Think Tank: The many dimensions of DevSecOps

  It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends  Continue Reading

• Security Think Tank: Good procurement practices pave the way to app security

  Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS  Continue Reading

• Security Think Tank: Effective DevSecOps requires collaboration

  Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access ...  Continue Reading

• Why you should start your post-quantum encryption migration now

  Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically  Continue Reading

• The dangers of the UK’s illogical war on encryption

  The unintended consequences of the Online Safety Bill will have a dramatic effect on our ability to communicate securely, including in Ukraine, where it is needed most  Continue Reading

• Reimagining ethical digital technology

  With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop  Continue Reading

• Security Think Tank: Don’t rely on insurance alone

  Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables  Continue Reading

• Cyber insurance: An effective use of your scant security budget?

  The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes  Continue Reading

• Lots to consider when buying cyber insurance, so do your homework

  When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity  Continue Reading

• Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it

  In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered  Continue Reading

• Security Think Tank: Now is the time to think about cyber insurance

  Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs  Continue Reading

• Assessment and knowledge: Your key tools to secure suppliers

  There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal  Continue Reading

• What will the Data Reform Bill mean for UK businesses operating in the EU?

  Following the government’s response to the Data Reform Bill consultation, Peter Galdies of DQM GRC looks at what might lie ahead for UK organisations working in the European Union  Continue Reading

• Security Think Tank: Supply chain security demands systematic approach

  Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business  Continue Reading

• Security Think Tank: Balanced approach can detangle supply chain complexity

  Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices  Continue Reading

• Supply chain security goes deep – forget this at your peril

  It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology  Continue Reading

• Governance and progression of AI in the UK

  Artificial intelligence and machine learning are essential to growth in the global digital economy, and the UK has ambitions to lead the way  Continue Reading

• Security Think Tank: Don’t trust the weakest link? Don’t trust any link

  Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must  Continue Reading

• Government wrong to pass the buck on computer evidence reform

  IT expert James Christie tells Computer Weekly why he is disappointed that the government has no plans to change the rules on the use of computer evidence in court  Continue Reading

• What does the EU’s NIS 2 cyber directive cover?

  We run the rule over the European Union’s updated NIS2 security directive  Continue Reading

• The importance of making information security more accessible

  Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure  Continue Reading

• How cryptocurrency is bringing humanitarian value to Ukraine

  Web3 technology has great significance as a form of charitable giving, and in providing permanent records for the government  Continue Reading