Opinion
Opinion
IT security
-
A new security partnership to build a silicon valley in South Wales
The £140m acquisition of Newport Wafer Fab by American firm Vishay is to be welcomed but the UK needs needs security, stability and strategic investment to grow our domestic semiconductor capability, writes Alun Cairns MP Continue Reading
-
How to address third-party risk to ensure business resiliency
Identifying third-party risks, determining risk controls and treating third-parties as allies are some of the ways to address the risks associated with third-party transactions and business engagements Continue Reading
-
How Southeast Asia’s largest bank is riding the AI wave
DBS has scaled its AI capabilities across all parts of its business to deliver tangible outcomes and productivity gains Continue Reading
-
How can we adapt work practices to protect CISO mental health?
Cyber leaders are finding it harder to keep up with security requirements than just two years ago, risking a domino effect of dissatisfaction, burnout and eventually, resignation Continue Reading
-
Bouncing back from a cyber attack
Organisations need to move away from victim blaming when cyber attacks on OT systems occur and focus on fostering collaboration between teams to minimise downtime, among other efforts to bounce back and return to business Continue Reading
-
Executives must face down state-sponsored hacking groups targeting firmware
State-backed groups have ratcheted up the pressure for cyber security professionals and executives. But that’s not an excuse to cede them the territory. Continue Reading
-
Security Think Tank: The phishing forecast for 2024
Egress' Jack Chapman and James Dyer explore how phishing attacks are set to grow in their scope and sophistication this year, with generative AI playing a big role Continue Reading
-
Three predictions for responding to the cyber threat landscape in 2024
Nominet's Kim Wiles looks to the coming months and calls for cooperation and collaboration on tackling cyber security threats Continue Reading
-
AI everywhere all at once
Artificial intelligence became mainstream in 2023. Advances in technology and accessibility led to increased awareness and use of AI Continue Reading
-
Microsoft hack: Five questions enterprises should ask their IT leaders
Following the news about a Russia-backed hacking group infiltrating Microsoft's systems, enterprises may want to seek assurances from their IT and security leaders about the implications of the attack for them Continue Reading
-
Security Think Tank: Expect more from GenAI in 2024
But 2024 also feels slightly different; the past 12 months have seen generative AI burst on to the scene, and this year its impact will continue to be felt, says Turnkey Consulting's Harshini Carey. Continue Reading
-
Quantum, AI and geopolitical conflict: '24 will be a big year for cyber
With big trends like quantum, generative AI and geopolitical conflict, 2024 looks set to be a big year in security, but defenders have an unparalleled opportunity to harness these trends for good, says Quorum's Federico Charosky Continue Reading
-
Security Think Tank: What to expect in cyber this year
Risk arising from insecure generative AI, an explosion in mainstream acceptance of zero-trust, and increasingly tight cyber insurance policies will all be high on the agenda in 2024, writes Forrester senior analyst Alla Valente Continue Reading
-
Bulk sender authentication: More vital than ever
With new guidelines from Google and Yahoo governing bulk emails coming into force in February 2024, here's what you need to know to keep your sales and marketing lists compliant Continue Reading
-
The race to regulate AI: 2024 unpacked
EU’s AI Act is set to become ‘gold standard’ of AI regulation. Will other countries adopt the same high standards or like the UK opt for a light touch in favour of growth and investment? Continue Reading
-
Mitigating the risks of modern application development
Organisations need to have visibility over their software supply chain, secure and monitor interfaces to legacy systems and adopt zero trust to mitigate the risks of modern application development Continue Reading
-
Security Think Tank: 2024 is the year we bridge the cyber divide
ISACA's Steven Sim Kok Leong shares his thoughts on the coming year in cyber security, considering the impact of regulatory change, the evolving role of the CISO, and advances in innovative cyber tech Continue Reading
-
Tech trends: what will be hot in 2024?
Five major technology trends for 2024 Continue Reading
-
Powering up cyber security defences with AI
AI holds great promise when it comes to securing valuable, and vulnerable, data, but security teams face some challenges if they are to get the best out of it, writes IBM’s Christopher Meenan Continue Reading
-
The human toll of ransomware: how IT pros suffer during incidents
Any ransomware attack causes significant challenges for a business or organisation going through such incident. But ransomware attacks also have tremendous impact on the staff – especially IT teams – working on mitigating the attack’s effect Continue Reading
-
How the UK is supporting the Ukraine tech community
The launch of a TechBridge between UK and Ukraine allow IT experts from each country to collaborate and share experiences Continue Reading
-
Redefining the cyber domain to tackle the challenges of tomorrow
Emerging technologies have brought about a new age of cyber – and we need a 360-degree collaborative approach more than ever to succeed Continue Reading
-
Inadequate cloud logs are proving a headache for CISOs
The mass adoption of cloud environments is pushing strained CISOs to the brink and a lack of attention to logging isn't helping. Vectra's Mark Wojtasiak calls for organisations to do more to improve visibility in their clouds in 2024 Continue Reading
-
Mind the gap: AI leaders pulling ahead as LLMs take off
Advice on how to implement large language models safely within an enterprise IT environment Continue Reading
-
Beyond the office walls: Safeguarding remote workers from attack
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Zero-trust principles: Your gateway to securing remote workers
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
What we learned in cyber in 2023, and what to look out for
PA Consulting's Rasika Somasiri looks back at a busy 12 months in the cyber security world, and highlights some key learnings from 2023 Continue Reading
-
Evolving best practice: What next for securing remote work?
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Security Think Tank: Testing to improve remote worker security
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Security Think Tank: Anytime, anywhere access is achievable
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Considerations for the security of evolving workspaces
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Cyber and remote working: How Covid moved the cursor
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Security Think Tank: Four steps to secure remote workers
Remote working has enabled people to work from almost anywhere but has piled pressure on cyber pros. Three years after Covid, how are best practices evolving and what can we expect going forward? Continue Reading
-
Prepare for your worst day: How to create a cyber incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
DORA raises the stakes for cloud use in financial services
The EU's DORA regulations will raise the stakes for cloud in financial services but resilience is more than just a tech issue, says NetApp's Steve Rackham Continue Reading
-
Navigating the DPDI Bill: A transformative shift ahead
The Data Protection and Digital Information (No. 2) Bill, or DPDI, is set to reshape the UK’s data protection framework. Louise Brooks of DQM GRC considers the implications Continue Reading
-
Why transparency and accountability are important in cyber security
If we accept that the humans who build technology and systems are naturally fallible and mistakes inevitable, and then deal with that with good grace, we could do much to improve cyber standards, writes Bugcrowd's Casey Ellis Continue Reading
-
Security incident response teams are human, too
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Breached? Don't panic… if you created a robust IR plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
How the Online Safety Act will impact businesses beyond Big Tech
The Online Safety Act will impact an estimated 100,000 online services in the UK and overseas Continue Reading
-
The best IR plans are well-revised and deeply familiar
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
The plan for the inevitable cyber attack: Get the gist of NIST
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Enhancing security: The crucial role of incident response plans
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
IR plans: The difference between disaster and recovery
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Incident response planning requires constant testing
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Use existing structures to build your incident response plan
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
Incident response planning is vulnerable to legacy thinking
What goes into a good incident response plan, and what steps should security professionals take to ensure they are appropriately prepared for the almost inevitable attack, and secure buy-in from organisational leadership? Continue Reading
-
The implications of biased AI models on the financial services industry
The Bank of England has warned of the risk artificial intelligence models present in creating bias that could pose a threat to the UK’s financial services sector. How do those risks emerge and how they might be mitigated? Continue Reading
-
Reported major cyberattacks are falling – but watch out for the massive threats posed by gen AI
The number of reported major cyberattacks is falling. Are we just getting used to them? Continue Reading
-
The new data landscape: how will the new UK-US data bridge affect businesses?
With the UK-US data bridge coming into effect on 12 October 2023, find out what steps your organisation can take to take advantage of, and remain compliant with, the new framework Continue Reading
-
DORA: Moving into a new era of digital resilience
The EU’s Digital Operational Resilience Act will come into force in just over a year, the majority of risk management professionals are only at the beginning of their planning journey. Kate Needham-Bennett of Fusion Risk Management explains how to ... Continue Reading
-
The trust deficit in CNI: How to address a growing concern
When it comes to addressing the trust deficit in CNI, technological advancements, evolving threats, inadequate regulations, insufficient investment, public awareness, and international cooperation are all critical components that need attention Continue Reading
-
Security Think Tank: To encrypt or not to encrypt, that is the question
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
Security Think Tank: Three ways to identify the best encryption use cases
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
Fear is the mind-killer: Governance key to safety in the cyber dunes
Whether you’re tasked with protecting your organisation against cyber threats or ravenous subterranean worms, getting the basics of governance and risk management right counts for a lot and choosing the right framework will remove a huge burden from... Continue Reading
-
Ending the online fraud epidemic
A different approach to managing personal data across the web is possible - and it could minimise online fraud, boost e-commerce, and help make the web more secure. So why isn't the government doing it? Continue Reading
-
Security Think Tank: A user’s guide to encryption
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
Consciousness to address AI safety and security
The co-founder of KikenAI discuses why he has decided to make the technology for protecting LLMs open source Continue Reading
-
It might be too soon to claim victory against Qakbot
The multinational operation to take down the Qakbot (aka Qbot) malware has been hailed as a great victory, but Lumu Technologies’ Ricardo Villadiego argues that the celebrations may be a little premature Continue Reading
-
The quantum threat: Implications for the Internet of Things
The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum Continue Reading
-
AI and supply chain visibility key to mitigating OT security threats
Leveraging AI and maintain visibility into the security of your software supply chain are key to mitigating cyber attacks against operational technology systems Continue Reading
-
Vigilance advised if using AI to make cyber decisions
The AI arms race is heating up, and the battle lines are being redrawn. Still, organisations should proceed cautiously and remain vigilant in scrutinising AI’s ability to ensure accurate, safe, and informed decision-making. Continue Reading
-
AI has a place in cyber, but needs effective evaluation
Organisations that don’t leverage AI-based security solutions will find themselves more vulnerable than those that do., but cyber pros still need to ensure they can effectively evaluate AI-enhanced tech to ensure it meets their use case Continue Reading
-
Does AI have a future in cyber security? Yes, but only if it works with humans
Do AI and ML hold the promise of helping cyber pros achieving the holy grail of operating quicker, cheaper, and with higher efficiency? We shouldn’t hold our breath, says Nominet’s Paul Lewis Continue Reading
-
AI-enhanced cyber has potential, but watch out for marketing hype
As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove ... Continue Reading
-
NATO countries must coordinate their cyber forces to combat the Russian threat
The top item on the agenda at the Vilnius NATO Summit this month was the revamping the alliance’s defences. Continue Reading
-
Future Cyber Threats: The four ‘horsemen of the apocalypse’
How to deal with emerging security threats from deep fake humans to the end of secure encryption Continue Reading
-
The problem with ‘secure’ messaging
Secure instant messaging is becoming a norm for business communications but it raises three important security and compliance questions Continue Reading
-
At the gates – How to survive the era of cyber insecurity
Businesses face more legal risks, a mine field of regulation, and individual liability for failures. Getting the basis right is more important than ever. Continue Reading
-
We have lift off… The opportunities and risks of generative AI
How you can use AI to benefit your business while navigating the risks Continue Reading
-
Prepare for quantum to fundamentally change PKI effectiveness
Encryption has always been a fundamental aspect of Public Key Infrastructure but the rise of quantum computing poses a significant threat to this. Thales' John Cullen says post-quantum cryptography may hold the key to safeguarding the future. Continue Reading
-
The essential role of PETs in unlocking the trillion dollar SaaS market
Ahead of the Eyes-Off Data Summit in Dublin, Jack Fitzsimons of Oblivious AI explains why so-called Privacy Enhancing Technologies or PETs may hold the key to unlocking the full potential of SaaS in the enterprise Continue Reading
-
AI in cyber security: Distinguishing hype from reality
We know that malicious actors are starting to use artificial intelligence (AI) tools to facilitate attacks, but on the other hand, AI can also be a powerful tool within the hands of cyber security professionals Continue Reading
-
Improve business outcomes by managing data and analytics risk
An effective data and analytics risk and control environment requires a full understanding of data, analytics and AI risks, related risk decisions and their impact on business outcomes Continue Reading
-
The time to implement an internal AI usage policy is now
As with any emerging technology, AI’s growth in popularity establishes a new attack surface for malicious actors to exploit, thereby introducing new risks and vulnerabilities to an increasingly complex computing landscape. Continue Reading
-
Navigating cyber security under ChatGPT
Balancing the risk and reward of ChatGPT – as a large language model (LLM) and an example of generative AI – begins by performing a risk assessment of the potential of such a powerful tool to cause harm Continue Reading
-
How real and present is the malware threat from AI?
One of the most talked about concerns regarding generative AI is that it could be used to create malicious code. But how real and present is this threat? Continue Reading
-
ChatGPT’s phishing ‘problem’ may not be overstated
Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress Continue Reading
-
Regulatory ‘lacuna’ around facial recognition threatens rights
The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous Continue Reading
-
Discovering the Diversity Process Flow in cyber
The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector Continue Reading
-
Generative AI – the next biggest cyber security threat?
Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in ... Continue Reading
-
Is cyber training all the same old? Shift your perspective and get stuck in
Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads, and you can only achieve this by doing and changing your way of thinking. Continue Reading
-
Security Think Tank: A brief history of (secure) coding
From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think Continue Reading
-
Five key steps where there is a risk of fraud investigation
When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected. Continue Reading
-
Security Think Tank: Why “secure coding” is neither
Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle Continue Reading
-
Why we need a secure side door for encrypted apps, not a back door
Splitting a decryption key into multiple fragments held by 'guardians', including privacy rights group, may be an answer to policing encrypted messages Continue Reading
-
Security Think Tank: To secure code effectively, verify at every step
Verification at every step is an important part of ensuring your code is secure, writes Petra Wenham Continue Reading
-
What secure coding practices mean to modern cyber security
Joseph Foote of PA Consulting explores how we know the services we use most are protected, what we mean when we say 'secure coding practices', and what happens when secure coding practices are not followed? Continue Reading
-
Security Think Tank: Thinking beyond IAM in the cloud
Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control Continue Reading
-
Want to get cloud IAM right? Master the fundamentals
By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top Continue Reading
-
Could your employees’ use of ChatGPT put you in breach of GDPR?
Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely Continue Reading
-
Security Think Tank: Going beyond IAM for cloud security
Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud Continue Reading
-
Cloud identity: Are you who you say you are?
As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM Continue Reading
-
With cyber attacks on the rise, businesses should prepare for quantum hacks now
Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today. Continue Reading
-
Security Think Tank: Adopt a coherent framework for ID first security
With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud. Continue Reading
-
Preventing artificial deception in the age of AI
The proposals contained in Westminster’s AI whitepaper are a good start, but more creative thinking and investment will be required to achieve a truly pro-innovation regulatory environment Continue Reading
-
Security Think Tank: Training can no longer be a compliance exercise
Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting. Continue Reading
-
Cyber training in 2023 needs to drive measurable change
2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen Continue Reading
-
Cyber security training: Insights for future professionals
Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian Continue Reading
-
Security Think Tank: New trends and drivers in cyber security training
Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole Continue Reading