Opinion

Opinion

IT risk management

• Generative AI – the next biggest cyber security threat?

  Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in ...  Continue Reading

• Is cyber training all the same old? Shift your perspective and get stuck in

  Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads, and you can only achieve this by doing and changing your way of thinking.  Continue Reading

• Five key steps where there is a risk of fraud investigation

  When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected.  Continue Reading

• Security Think Tank: Why “secure coding” is neither

  Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle  Continue Reading

• Why we need a secure side door for encrypted apps, not a back door  

  Splitting a decryption key into multiple fragments held by 'guardians', including privacy rights group, may be an answer to policing encrypted messages  Continue Reading

• Security Think Tank: To secure code effectively, verify at every step

  Verification at every step is an important part of ensuring your code is secure, writes Petra Wenham  Continue Reading

• Security Think Tank: Thinking beyond IAM in the cloud

  Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control  Continue Reading

• Want to get cloud IAM right? Master the fundamentals

  By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top  Continue Reading

• Could your employees’ use of ChatGPT put you in breach of GDPR?

  Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely  Continue Reading

• Cloud identity: Are you who you say you are?

  As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM  Continue Reading

• With cyber attacks on the rise, businesses should prepare for quantum hacks now

  Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today.  Continue Reading

• Security Think Tank: Adopt a coherent framework for ID first security

  With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud.  Continue Reading

• Security Think Tank: Training can no longer be a compliance exercise

  Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting.  Continue Reading

• Cyber training in 2023 needs to drive measurable change

  2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen  Continue Reading

• Cyber security training: Insights for future professionals

  Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian  Continue Reading

• Security Think Tank: New trends and drivers in cyber security training

  Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole  Continue Reading

• What charities should know about ransomware and reputational threats

  The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back  Continue Reading

• How to protect your business from fraud during a recession

  This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud  Continue Reading

• Security Think Tank: Poor training is worse than no training at all

  Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM  Continue Reading

• Security Think Tank: In 2023, we need a new way to cultivate better habits

  Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress  Continue Reading

• Security Think Tank: Getting the training and development mix right

  Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector  Continue Reading

• Tips on improving cyber training for home workers

  How better security training can help firms tackle new cyber threats facing remote workers  Continue Reading

• The rise of fraud in pop culture is impacting consumers’ digital trust

  Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust  Continue Reading

• Europe’s cyber security strategy must be clear about open source

  Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem  Continue Reading

• How does red teaming test the ultimate limits of cyber security?

  An expert ethical hacker reveals how he goes about carrying out a red team exercise  Continue Reading

• Why the current fraud model is broken, and how to fix it

  Scammers and fraudsters are catching up with the good guys; a new technological approach is needed to fight skyrocketing volumes of digital fraud, says Darwinium founder Alisdair Faulkner  Continue Reading

• Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

  The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach  Continue Reading

• Security Think Tank: 2022 brought plenty of learning opportunities in cyber

  At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros  Continue Reading

• Security Think Tank: How much digital trust can you place on zero-trust?

  The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong  Continue Reading

• Security Think Tank: Embrace prioritisation, people, imperfections

  Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis  Continue Reading

• Security Think Tank: 2022 changed how we thought about resilience

  Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat  Continue Reading

• Security Think Tank: As cyber pros, we need to articulate our needs better

  There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham  Continue Reading

• Security Think Tank: The more you buy, the less you protect

  The most important lesson learned this year is that the more controls you have in place, the less secure you become, argues 2-sec’s Tim Holman  Continue Reading

• Ransomware: Is there hope beyond the overhyped?

  Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity  Continue Reading

• Think technology, process, human risk to manage ransomware

  Effective ransomware handling boils down to three core areas – technology, process and human risk  Continue Reading

• Security Think Tank: Ransomware defences: An extended to-do list

  Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things  Continue Reading

• Security Think Tank: Let’s be transparent about ransomware

  Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks  Continue Reading

• Cyber insurance: The good, the bad and the ugly

  Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee  Continue Reading

• Security Think Tank: To stop ransomware, preparation is the best medicine

  You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes  Continue Reading

• All means all when it comes to encryption

  Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data  Continue Reading

• Security Think Tank: Anti-ransomware strategies should be as easy as ABC

  When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated  Continue Reading

• To fight ransomware, we must treat digital infrastructure as critical

  Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress  Continue Reading

• Security Think Tank: Ransomware and CISOs’ balancing act

  Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery  Continue Reading

• The risk of losing our EU data adequacy agreement is real

  While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners  Continue Reading

• Security Think Tank: Container security: why so different?

  Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas  Continue Reading

• How has container security changed since 2020, and have we taken it too far?

  While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up  Continue Reading

• The Conservatives are laughing at cyber security pros

  If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently  Continue Reading

• Security Think Tank: Design security in to reap container benefits

  Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives  Continue Reading

• Use site reliability engineering to address cloud instability

  How do you prepare for a worst-case scenario, when the public cloud hosting critical components of your IT infrastructure fails?  Continue Reading

• Security Think Tank: Three steps to a solid DevSecOps strategy

  Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first  Continue Reading

• It’s time for engineering teams to own DevSecOps

  It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress  Continue Reading

• Security Think Tank: Adding trust to AppSec and DevSecOps

  When building in trust and assurance into app development through standards, it is critically important not to stifle innovation  Continue Reading

• Security Think Tank: Creating a DevSecOps-friendly cyber strategy

  When slowing down is not an option, you need to find a security strategy that is DevSecOps friendly, says Airbus Protect’s Olivier Allaire  Continue Reading

• Security Think Tank: The many dimensions of DevSecOps

  It is imperative to make our colleagues and customers know that when we talk DevSecOps, we are facing a multiphase challenge that starts at the very beginning of DevOps, and one that never ends  Continue Reading

• Security Think Tank: Good procurement practices pave the way to app security

  Application security is as much a question of good procurement practice as it is good development practice, says Petra Wenham of the BCS  Continue Reading

• Security Think Tank: Effective DevSecOps requires collaboration

  Application security and effective DevSecOps can only be achieved through collaboration with the business – the ultimate goal is to make it safer to do business, which requires considering integrated risk management and identity and access ...  Continue Reading

• Why you should start your post-quantum encryption migration now

  Some say we have the best part of a decade to prepare for the security risks that quantum computing presents to current encryption tech, but PA Consulting experts believe that timeframe is shrinking dramatically  Continue Reading

• Reimagining ethical digital technology

  With ever-increasing digitisation leading to greater dependence on a range of digital technologies, enterprises need to urgently look at how they can incorporate ethical and social considerations into the tech they develop  Continue Reading

• Security Think Tank: Don’t rely on insurance alone

  Cyber insurance is a useful addition to the cyber protection toolbox. However, it cannot be regarded as a replacement for the controls that should be in operation, says Turnkey Consulting’s Tom Venables  Continue Reading

• Cyber insurance: An effective use of your scant security budget?

  The ISF’s Paul Watts asks if cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes  Continue Reading

• Lots to consider when buying cyber insurance, so do your homework

  When considering implementing a cyber insurance policy, due diligence should be your watchword, says Paddy Francis of Airbus CyberSecurity  Continue Reading

• Security Think Tank: Cyber insurance – A nice safety blanket, but don’t count on it

  In the second instalment of this month’s Security Think Tank, Mike Gillespie argues that cyber insurance should be thought of like car insurance – you don’t start driving recklessly because you’re covered  Continue Reading

• Security Think Tank: Now is the time to think about cyber insurance

  Many IT leaders shy away from cyber insurance, but new, innovative developments in the market can help organisations take an approach that suits their needs  Continue Reading

• Assessment and knowledge: Your key tools to secure suppliers

  There is no silver bullet that will resolve all the issues arising from today’s interconnected businesses and complex supply chains, but there are some key tools at your disposal  Continue Reading

• Finding the balance between innovation and data security in healthcare

  As the government launches its data strategy for health and social care, a fine line must be trodden between innovating through privacy-enhancing technologies, and retaining data security for patients  Continue Reading

• What will the Data Reform Bill mean for UK businesses operating in the EU?

  Following the government’s response to the Data Reform Bill consultation, Peter Galdies of DQM GRC looks at what might lie ahead for UK organisations working in the European Union  Continue Reading

• Security Think Tank: Supply chain security demands systematic approach

  Supply chain security measures need to be systematic and assessed so as to minimise the complexity and cost to the business  Continue Reading

• Security Think Tank: Balanced approach can detangle supply chain complexity

  Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices  Continue Reading

• Supply chain security goes deep – forget this at your peril

  It may have hit the headlines as an IT issue, but supply chain security goes far deeper into an organisation than just technology  Continue Reading

• Consider governance, coordination and risk to secure supply chain

  A recent ISACA study found myriad factors that give good reason to be concerned about supply chain security. Cyber adviser Brian Fletcher recommends three areas to zero in on  Continue Reading

• Security Think Tank: Best practices for boosting supply chain security

  In a highly connected world, managing the supply chain landscape requires an adaptation of the ‘traditional’ approach to managing cyber risk  Continue Reading

• Security Think Tank: Basic steps to secure your supply chain

  When it comes to supply chain security, there are some core things you should be doing – but remember, the devil is in the detail  Continue Reading

• Security Think Tank: Don’t trust the weakest link? Don’t trust any link

  Your security model shouldn’t fall apart just because a part of your business, or a partner, has weak security. This is why information-centric security is a must  Continue Reading

• What does the EU’s NIS 2 cyber directive cover?

  We run the rule over the European Union’s updated NIS2 security directive  Continue Reading

• The importance of making information security more accessible

  Robin Smith, CSO of Aston Martin Lagonda, talks about how an accessible approach to cyber is helping him to keep the organisation secure  Continue Reading

• Strong internal foundations are key to withstanding external threats

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Consistency is key to mitigate outsourcing risk

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Core security processes must adapt in a complex landscape

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Understanding attack paths is a question of training

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Yes, zero trust can help you understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: To follow a path, you need a good map

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Your path to understanding attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Identify, assess and monitor to understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Defenders must get out ahead of complexity

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand ...  Continue Reading

• Security Think Tank: Solving for complexity in the network

  The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back  Continue Reading

• Revised scope of UK security strategy reflects digitised society

  The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF  Continue Reading

• How 2022’s most significant data privacy trends affect your organisation

  Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months  Continue Reading

• UK Cyber Strategy a welcome injection of progress

  The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber  Continue Reading

• National Cyber Strategy will enhance UK’s cyber power status

  The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of ...  Continue Reading

• Encryption myths versus realities of Online Safety Bill

  The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it  Continue Reading

• National Cyber Strategy misses the mark in one important way

  The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way  Continue Reading

• When more is too much in security

  The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity  Continue Reading

• Assessing the aims of the Government Cyber Security Strategy

  The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable?  Continue Reading

• The UK’s cyber security sector is thriving, but our work has only just begun

  The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector  Continue Reading

• Security Think Tank: Good training is all about context

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Five key tech trends for digital leaders in 2022

  The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year  Continue Reading

• Security Think Tank: How to build a human firewall

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Understand your cyber training ‘need’ before committing to a programme

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service?  Continue Reading

• Security Think Tank: Focus on ‘nudging’ to build effective cyber training

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service?  Continue Reading

• Security Think Tank: Cyber training is useless without staff empowerment

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading