Opinion

Opinion

IT security

• Security Think Tank: To secure printers think process, technology and people

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Security Think Tank: Time to accept printers will leak data

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Why agility is the key to secure software

  Continuous delivery of software product releases demands continuous security. Businesses and regulators are right to wonder whether organisations are valuing cyber security by the design of their products  Continue Reading

• Security Think Tank: What must a secure print strategy take into account?

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• NHS Digital’s GP data-scraping plan must be publicised and delayed

  The UK government must launch a national awareness campaign and delay this month’s planned GP data slurp, say privacy consultants Ben Rapp and Sara Newman  Continue Reading

• Security Think Tank: Printers can’t be an ‘add-on’ in your cyber strategy

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Security Think Tank: Steps to a coherent print security strategy

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Security Think Tank: Printer risks go deep into IT history

  Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs does pose security risks both technological and physical. What does a print security strategy need to take into account?  Continue Reading

• Long-term thinking is vital to secure UK’s critical infrastructure

  To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie  Continue Reading

• Policies key to revolutionising Identity Governance and Administration

  The proliferation of digital identities, applications, data, security threats and compliance requirements means that Identity Governance and Administration (IGA) has never been more important, but not all organisations are approaching it in an ...  Continue Reading

• The shape of fraud and cyber crime: 10 things we learned from 2020

  While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises  Continue Reading

• Securing the UK's emerging smart cities

  UK councils have a huge opportunity to improve services through the use of smart city technologies - but they must avoid the cyber security risks, says the government's digital minister  Continue Reading

• The practical steps needed to accelerate a UK digital identity ecosystem

  The draft digital identity framework published by the UK government highlights the importance of learning from the private sector and existing standards to accelerate deployment and citizen adoption  Continue Reading

• The case for vaccine passports: the real world versus the digital world

  What are the security issues challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• How to tackle intellectual property crime

  Crimes against intellectual property are big business for organised crime groups, commercial competitors and foreign states alike. In the first of a series of legal columns, David Cowan offers a practical approach  Continue Reading

• Why we need to reset the debate on end-to-end encryption to protect children

  Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent  Continue Reading

• Security Think Tank: Security culture must underpin vaccine passports

  What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: ‘Legitimate interest’ crucial for vaccine passports

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• The Secret IR Insider’s Diary – from Sunburst to DarkSide

  From dealing with SolarWinds fallout to ransomware attacks, it’s been a busy few weeks for the Secret IR Insider, but they've picked up some new tricks along the way  Continue Reading

• Security Think Tank: Vaccine passports cannot be taken lightly

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports must be secure by design

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• What has a year of home working meant for the DPO?

  Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months  Continue Reading

• Security Think Tank: Evolving threats, tech, leaves CNI exposed

  In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Employees must be given the right to disconnect

  As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours  Continue Reading

• Security Think Tank: Attacks on CNI – an evolving frontier in warfare

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Back to square one – ground-up CNI protection

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Properly protecting CNI demands specificity

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: Take a realistic perspective on CNI cyber attacks

  In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: CNI operators must focus on core issues

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• EncroChat ruling has ‘far-reaching effects’ for legal role of interception in UK investigations

  The computer forensic experts involved in the review of police use of data hacked from the ultra-secure EncroChat phone network assess the impact of the Appeal Court ruling on future legal use of intercept evidence    Continue Reading

• Security Think Tank: CNI operators are in an unenviable position

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: US security efforts may centre on collaboration

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Why the London Data Charter could be a foundation stone in the city’s recovery

  London First’s director of connectivity and competitiveness, David Lutton, explains why data is at the core of the capital’s recovery plan  Continue Reading

• Why your business needs SOC as a service

  Security in the digital era demands that businesses monitor their entire IT estate and resolve all alerts, but for many organisations the most effective way of doing that is SOCaaS  Continue Reading

• Gartner: Three tips to avoid cloud service suspension

  As recent events have shown, public cloud providers have the power to terminate cloud contracts, and seemingly legitimate businesses may be at risk  Continue Reading

• On digital identity, the government gets it wrong again

  The latest government proposals to regulate the digital identity sector continue to misunderstand how such a market works – a more API-based approach is needed to deliver the clear benefits of online ID  Continue Reading

• Rogue drones beware: We’re here to ground you

  Eugene Kaspersky exclusively lifts the lid on a mysterious, shiny device that’s been sitting in his office  Continue Reading

• Vaccine passports highlight social impact of systems design

  Vaccine or immunity passports are an opportunity to advance the design of trustworthy digital systems, but much more work still needs to be done  Continue Reading

• Security Think Tank: Towards a united state of security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Renewed US stability may ease cyber tensions

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden must address insider security threat first

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden’s team can make a difference on security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: UK well-placed to work with Biden on cyber

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden has a chance to renew cyber alliances

  As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• The ransomware routine: pages from the Secret IR Insider’s diary

  The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided  Continue Reading

• Security Think Tank: Are security teams the unsung heroes of 2020?

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Time to rethink stopgap solutions

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Government Gateway at 20 – looking back at the UK’s most successful digital identity system

  Not all legacy IT systems in government cause problems – one has been at the heart of many of the most important online public services for 20 years  Continue Reading

• Security Think Tank: It’s time to secure the collaboration revolution

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: In 2021, enable, empower and entrust your users

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Plan for hybrid working to become normal

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Time for security teams to learn from Covid

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Don’t bet on a new normal just yet

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: The year of the work-from-home hangover

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• How to manage non-human identities

  Identity management has traditionally focused on human identities, but non-human identities are proliferating and must not be overlooked. Businesses can reduce risk by managing both types of identity in the same way using a services-based approach  Continue Reading

• It’s time to accept that disinformation is a cyber security issue

  Tackling the manipulation of truth and facts is no easy task, and it’s time for the cyber security sector to take up the challenge  Continue Reading

• Negotiating the complexities of international transfers of personal data

  How to navigate international data transfers, standard contractual clauses and the impact of Brexit on data protection  Continue Reading

• Security Think Tank: Integration between SIEM/SOAR is critical

  SIEM and SOAR share much in common but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• Security Think Tank: SOAR to the next level with automation

  SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• SIEM or SOAR or both? Consider your business complexity first

  SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• Security Think Tank: SIEM and SOAR are far from mutually exclusive

  SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• Security Think Tank: Alerts are great, it’s what you do with them that counts

  SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• How to modernise identity governance and administration

  Modernising identity governance and administration (IGA) capabilities is essential for organisations to manage identities effectively to ensure they remain competitive, compliant and secure  Continue Reading

• From front line to back office – how supporting the cyber community keeps the NHS safe

  NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health and care  Continue Reading

• Brexit and risks to data privacy and governance

  EY privacy specialists assess the risks to data privacy, protection and governance on the table for businesses, with less than two months until Brexit  Continue Reading

• Risk and reward: How to succeed in digital transformation

  Most organisations are seeking to step up their digital transformation efforts, but history has shown that such efforts can be doomed to failure if they take the wrong approach  Continue Reading

• Security Think Tank: Essential tools to mitigate double extortion attacks

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: Safeguarding PII in the current threat landscape

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Essential tools to mitigate data loss and identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Adapting defences to evolving ransomware and cyber crime

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: What you need to know about addressing the doxing threat

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Tighten data and access controls to stop identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Lapsing ISO certifications: Myth versus risk

  Allowing ISO certifications to lapse presents businesses with serious risks when workarounds are possible  Continue Reading

• Three steps to harden supply chains

  The coronavirus has shone a spotlight on the fragility of modern supply chains and the risk of having a single point of failure  Continue Reading

• The privacy and compliance challenges organisations face in 2021

  Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider?  Continue Reading

• Covid-19 has changed how we think about cyber security forever

  Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson  Continue Reading

• Gartner: Balance safety, privacy and productivity when employees return to the workplace

  Organisations may decide that data collection can help keep employees safe in a Covid-secure workplace – but employers must consider all the privacy and productivity implications  Continue Reading

• Why business resilience management should be high on the agenda

  Business resilience management is key to business survival in the face of rapidly changing IT, cyber threat and regulatory environments  Continue Reading

• Security Think Tank: Edge security in the world of Covid-19

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: Edge datacentre security depends on specific needs

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• UK government plan for digital identity lacks substance and strategy

  The tech sector has waited over a year for the government to respond to its consultation on digital identity, and when it came, the plan could hardly be more disappointing  Continue Reading

• Security Think Tank: No secret sauce for edge security, just good practice

  That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: Beware security blind spots at the edge

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: Datacentre security is a business imperative

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Sharing responsibility: Why we need to work together to keep the cloud secure

  The education sector has been fundamentally altered by months of lockdown, with cloud services topping must-have lists for academic staff, but now it’s time to consider security  Continue Reading

• Security Think Tank: Seven steps to edge security

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: Security at the distributed edge

  That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• What are the latest GDPR security breach enforcement trends?

  A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR  Continue Reading

• Digital identity must not remain the missing link in the UK’s digital strategy

  The UK's digital economy is desperately in need of a viable digital identity strategy - to recover from the pandemic, the government cannot wait any longer to resolve this much-delayed issue  Continue Reading

• A CIO’s journey through the Covid-19 crisis

  FDM’s IT chief takes us through the challenges of responding to the coronavirus pandemic, and the future opportunities that the changes introduced now present  Continue Reading

• How to tackle the IAM challenges of multinational companies

  The rapidly changing business, regulatory and IT environment makes identity and access management a tough nut to crack for large multinationals  Continue Reading

• Why data exports from the EU will be challenging without Privacy Shield

  Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers    Continue Reading

• Don’t believe the hype: AI is no silver bullet

  We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check  Continue Reading

• The countdown is on for TikTok after Schrems II

  Given the US’ threatened actions against TikTok and the outcome of Schrems II, it is clear that the spotlight is now firmly on international data transfers  Continue Reading

• Taking back control of government data mustn’t leave the public in the dark

  Boris Johnson has quietly transferred control over government data to Number 10, without explaining why. The public deserves more involvement in how their personal data is being used, says Labour  Continue Reading

• How Schrems II will impact data sharing between the UK and the US

  At the end of this year, the UK will no longer be subject to the EU’s treaties, opening the way for it and the US to finalise a new trade relationship. Could the UK leave EU data protection standards behind?  Continue Reading

• 11 obscure questions, Facebook, Max Schrems and the European Court of Justice

  Eleven obscure questions will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as ‘mass and indiscriminate surveillance’ by the US  Continue Reading

• Security Think Tank: AI in cyber needs complex cost/benefit analysis

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: Ignore AI overheads at your peril

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading