Opinion

Opinion

IT risk management

• Security Think Tank: Core security processes must adapt in a complex landscape

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Understanding attack paths is a question of training

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Yes, zero trust can help you understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: To follow a path, you need a good map

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Your path to understanding attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Identify, assess and monitor to understand attack paths

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to understand these ...  Continue Reading

• Security Think Tank: Defenders must get out ahead of complexity

  The modern-day abundance of platforms, apps and IT tools presents malicious actors with a web of interconnection that is easily exploited to move rapidly through the network to compromise critical assets. Security teams need to better understand ...  Continue Reading

• Security Think Tank: Solving for complexity in the network

  The modern-day abundance of IT platforms, apps and tools gives the bad guys ample opportunity to move rapidly through the network to hit critical assets. Security teams must understand these attack pathways better in order to fight back  Continue Reading

• Revised scope of UK security strategy reflects digitised society

  The omission of the word ‘security’ from the title of the UK government’s new National Cyber Strategy is a telling one, reflecting our increasingly digitised society, say Maximillian Brook and Arunoshi Singh of the ISF  Continue Reading

• How 2022’s most significant data privacy trends affect your organisation

  Data privacy and protection are now core responsibilities for most, but as we all know by now, compliance is a moving target. Here, expert Alan Calder looks ahead at what to expect in the coming months  Continue Reading

• UK Cyber Strategy a welcome injection of progress

  The National Cyber Strategy should be seen as a welcome injection of both focus and investment in bettering cyber defence for everyone, says Turnkey Consulting senior consultant Louise Barber  Continue Reading

• National Cyber Strategy will enhance UK’s cyber power status

  The UK punches above its weight when it comes to wielding cyber power around the world, but challenges to this status are clear. The National Cyber Strategy has a clear role to play in maintaining and enhancing this status, writes Paddy Francis of ...  Continue Reading

• Encryption myths versus realities of Online Safety Bill

  The UK government can’t legislate the impossible – a safer society depends on encryption, not breaking it  Continue Reading

• National Cyber Strategy misses the mark in one important way

  The National Cyber Strategy is full of fine words, says Petra Wenham, but as the old expression goes, fine words butter no parsnips, and it misses the mark in one very important way  Continue Reading

• When more is too much in security

  The view that more security tools equals better protection still persists, but security researcher Etay Maor argues that success in cyber lies in simplicity  Continue Reading

• Assessing the aims of the Government Cyber Security Strategy

  The clear aims of the Government Cyber Security Strategy are welcome, but are they realistic or achievable?  Continue Reading

• The UK’s cyber security sector is thriving, but our work has only just begun

  The government’s Annual Cyber Sector Report painted a positive picture of the UK security industry. CIISec’s Amanda Finch thinks we can go further in developing cyber talent and opening up the sector  Continue Reading

• Security Think Tank: Good training is all about context

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Five key tech trends for digital leaders in 2022

  The past two years have seen a surge in investment that will bring new challenges to digital leaders over the next year  Continue Reading

• Security Think Tank: How to build a human firewall

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Understand your cyber training ‘need’ before committing to a programme

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service?  Continue Reading

• Security Think Tank: Focus on ‘nudging’ to build effective cyber training

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training-as-a-service?  Continue Reading

• Security Think Tank: Cyber training is useless without staff empowerment

  In-house or outsourced? What makes a good security training programme, and what questions should buyers ask when procuring training as a service?  Continue Reading

• Vulnerabilities to fraud are increasing across the board

  As the pandemic continues to affect how we work, socialise, shop and conduct business, so it has increased opportunities for digital fraud and cyber crime. Jason Lane-Sellers explores the latest LexisNexis Risk Solutions ‘Cybercrime report’  Continue Reading

• How can you balance security with growth?

  As businesses focus on recovery and growth, CISOs must deal with today’s challenges while also planning for tomorrow - how can they achieve both safety and success?  Continue Reading

• Security Think Tank: Reframing CISO-boardroom relations

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: When will they ever learn?

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Enabling secure remote working is once again a top priority

  The pandemic has bought many new security risks, particularly around remote working. As the UK government once again urges people to work from home under its Plan B restrictions, these risks must be tackled as a priority  Continue Reading

• Security Think Tank: Get to know your personal threat landscape

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: We are failing to get the cyber message across to users

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: There’s much more to do to secure hybrid workers

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Good documentation could save your bacon

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Attackers leveraging the supply chain

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they have taken away from the past 12 months  Continue Reading

• Security Think Tank: Think people, processes and systems

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• A ‘whole of society’ approach to cyber may be on the horizon

  Nominet Cyber managing director David Carroll reflects on the NCSC’s latest annual review amid 2021’s fast-evolving threat landscape  Continue Reading

• Security Think Tank: In the cloud, anti-human approaches set us up to fail

  Security learning is a career-long process, so as 2021 draws to a close, participants in the Computer Weekly Security Think Tank sum up the most important cyber lessons they’ve taken away from the past 12 months  Continue Reading

• Security Think Tank: Dissecting the true value of SASE is a challenge

  As a relatively nascent technology that is getting a lot of publicity, dissecting the true value of SASE is still a difficult proposition, for now  Continue Reading

• Security Think Tank: SASE will become operational reality

  While still considered very much a buzzword, the pace of change in corporate networks and operational technology means secure access service edge (SASE) is becoming reality for many  Continue Reading

• Security Think Tank: SASE – more than the sum of its parts?

  Airbus Cybersecurity’s Paddy Francis asks what makes an integration of the various components of SASE more the sum of their parts, and what are the benefits and pitfalls?  Continue Reading

• The ICO is right to push back against government meddling

  Some criticisms of the ICO are justified, but the answer to that is not to give Whitehall more oversight over the data protection regulator, argues legal expert Edward Machin  Continue Reading

• Zero trust: Now is the time

  The cyber security industry has been talking about a zero-trust approach to security for just over a decade, but now it’s time to move towards full implementation because it is more appropriate than ever, and it is rapidly gaining support from ...  Continue Reading

• The Secret IR Insider’s Diary – this is not a fashion show

  In the latest pages taken from their diary, the Secret IR Insider reveals why organisations should be worried about every threat, not just the latest and greatest  Continue Reading

• Watching me, watching you – challenging the rise of digital surveillance at work

  Unprecedented levels of digital monitoring at work is embedding a culture of surveillance, despite workers’ opposition to the practices, says Prospect Union  Continue Reading

• Security Think Tank: SASE – marketing buzz or the future of security?

  SASE architectures promise to prevent multiple types of cyber attacks, but deciding whether SASE is right for your organisation will require understanding whether SASE is a fit for your use cases in IT  Continue Reading

• Changing the rules against cyber attacks

  UKRI’s John Goodacre reveals how projects supported by the Digital Security by Design Challenge aim to improve cyber security resilience, beginning with the very fundamentals of computing  Continue Reading

• No easy fix for vulnerability exploitation, so be prepared

  Vulnerability management and disclosure is a tricky business with ethical and business ramifications for software vendors, CISOs and ethical hackers alike – and CISOs sit right in the middle of this  Continue Reading

• Doing the right thing: How CISOs should approach responsible disclosure

  Owen Wright, responsible for penetration testing and adversary simulation at Context, part of Accenture Security, advises how CISOs should approach responsible disclosure  Continue Reading

• Encryption protects the marginalised – and it’s under threat

  Encryption keeps marginalised groups connected and safe, but new regulatory attempts to break it put them at risk  Continue Reading

• Security Think Tank: Responsible vulnerability disclosure is a joint effort

  By working hand-in-hand, developers and security researchers can both play a vital role in ensuring newly-discovered vulnerabilities are addressed appropriately, writes Paddy Francis of Airbus CyberSecurity  Continue Reading

• Invest in cyber security with confidence using a structured approach

  Cyber security has never been more challenging or important in rapidly changing business, regulatory, IT and threat environments. There is a need for a more structured approach to investment  Continue Reading

• Security Think Tank: Embracing vulnerability management for the greater good

  When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, says Paul Watts of the ISF  Continue Reading

• Facial recognition cannot be a standalone authentication method

  As more organisations look to facial recognition to improve their digital identity practices, they must remember that it cannot stand in isolation  Continue Reading

• Managing cyber risk through integrated supply chains

  High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations  Continue Reading

• Security Think Tank: Optimising privacy, post-GDPR

  Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise  Continue Reading

• Security Think Tank: A response to planned data protection changes

  The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime  Continue Reading

• The rise of the chief risk officer

  The impact of the Covid-19 pandemic has seen chief risk officers take their rightful place in the boardroom  Continue Reading

• UK’s new data protection strategy risks costing business more than it gains

  The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear  Continue Reading

• Security Think Tank: Managing data securely throughout its lifecycle

  Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation  Continue Reading

• Supply chain cyber security is only as strong as the weakest link

  A spate of high-profile cyber attacks has highlighted the criticality of supply chain security and put new pressures on security leaders. How can we ensure that cyber security remains robust down the full length of supply chains?  Continue Reading

• How the cyber security market is evolving

  The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments?  Continue Reading

• Security Think Tank: Steps to a solid data privacy practice

  Petra Wenham of the BCS shares her expertise on building, or rebuilding, a solid business data privacy practice in a post-Covid-19 world  Continue Reading

• The ransomware debate – to pay or not to pay?

  The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith  Continue Reading

• Security Think Tank: Data privacy not in isolation, but on a spectrum

  The gap between data privacy and data governance is narrowing, and security leaders need to be aware of the implications, says KuppingerCole’s Anne Bailey  Continue Reading

• Security Think Tank: Data privacy and ethics in a post-Covid world

  The radical change caused by the pandemic requires new approaches to data privacy practice, says PA Consulting’s Daniel Gordon  Continue Reading

• Five tips to ensure your crisis comms plan is ready for a cyber attack

  Business leaders take note: standard crisis communications plans are inadequate if you have fallen victim to a cyber attack. HPL’s Ted Birkhahn shares five tips to make sure you are ready to face the public  Continue Reading

• Security Think Tank: Consider cyber policies and procedures as you welcome employees back

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Sparsely staffed offices: the new post-pandemic cyber gap

  With many offices still operating at limited capacity, a red teaming expert reveals how his job is getting easier, and why this is a problem  Continue Reading

• The Secret IR Insider’s Diary: It’s all gone quie...

  The ‘Q’ word isn’t one that’s really used in incident response, says the Secret IR Insider, largely because as soon as you use it, something happens  Continue Reading

• Security Think Tank: A return to the office is not a return to normal

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Is tech team remuneration opening up a new form of cyber risk?

  Failing to reward cyber security staff in line with increases for other members of the tech team could open up new risks to organisations  Continue Reading

• Are you betting your future on the worst gambling odds in the world?

  Gambling is a high-risk strategy. Doing nothing in the face of the threat from ransomware and hoping for the best provides some of the worst odds you will ever come across  Continue Reading

• Choose the right ITSM tool for digital era success

  IT service management (ITSM) tools are essential for many organisations to help optimise the design, delivery, support, use and governance of IT, but not all ITSM solutions are created equal, therefore selecting the right one is crucial  Continue Reading

• Why identity is the central problem for the future of the internet

  As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day?  Continue Reading

• Security Think Tank: Reopening is an opportunity to reassess wider security posture

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Security Think Tank: As offices reopen, address patching and ‘build drift’

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Security Think Tank: Returning workers to the office: Is your security posture up to date?

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Going back to office networks, only to dismantle them once and for all

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• The secret to building a future-proof cyber security team

  In a post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function?  Continue Reading

• Security Think Tank: Hydration, hiring, hacking – lessons in post-Covid risk

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• UK data exchanges with EU can continue after adequacy decision - but for how long?

  For now European businesses can continue to send data to the UK without additional safeguards and paperwork. How long will it last?  Continue Reading

• Ethical hacking: What, why, and overcoming concerns

  We find out why and how hitting your own business with a cyber attack can help improve security  Continue Reading

• Banking tech fraud: How to trace and recover your money

  Even when stolen assets are sent offshore, the special powers of the English civil court system mean all may not be lost  Continue Reading

• Security Think Tank: To secure printers think process, technology and people

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Security Think Tank: Time to accept printers will leak data

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Why agility is the key to secure software

  Continuous delivery of software product releases demands continuous security. Businesses and regulators are right to wonder whether organisations are valuing cyber security by the design of their products  Continue Reading

• Security Think Tank: What must a secure print strategy take into account?

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• NHS Digital’s GP data-scraping plan must be publicised and delayed

  The UK government must launch a national awareness campaign and delay this month’s planned GP data slurp, say privacy consultants Ben Rapp and Sara Newman  Continue Reading

• Security Think Tank: Printers can’t be an ‘add-on’ in your cyber strategy

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Security Think Tank: Steps to a coherent print security strategy

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Security Think Tank: Printer risks go deep into IT history

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Long-term thinking is vital to secure UK’s critical infrastructure

  To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie  Continue Reading

• Policies key to revolutionising Identity Governance and Administration

  The proliferation of digital identities, applications, data, security threats and compliance requirements means that Identity Governance and Administration (IGA) has never been more important, but not all organisations are approaching it in an ...  Continue Reading

• The shape of fraud and cyber crime: 10 things we learned from 2020

  While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises  Continue Reading

• Why we need to reset the debate on end-to-end encryption to protect children

  Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent  Continue Reading

• Security Think Tank: Security culture must underpin vaccine passports

  What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: ‘Legitimate interest’ crucial for vaccine passports

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• The Secret IR Insider’s Diary – from Sunburst to DarkSide

  From dealing with SolarWinds fallout to ransomware attacks, it’s been a busy few weeks for the Secret IR Insider, but they've picked up some new tricks along the way  Continue Reading

• Security Think Tank: Vaccine passports cannot be taken lightly

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports must be secure by design

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• What has a year of home working meant for the DPO?

  Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months  Continue Reading