Opinion

Opinion

Managing IT and business issues

• Security Think Tank: A user’s guide to encryption

  The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum  Continue Reading

• Ethical perspectives on ChatGPT

  In the final of three essays, Marc Steen uses ChatGPT as a case study for how to use different ethical perspectives, and practical steps people can take to start incorporating ethics into their projects  Continue Reading

• It might be too soon to claim victory against Qakbot

  The multinational operation to take down the Qakbot (aka Qbot) malware has been hailed as a great victory, but Lumu Technologies’ Ricardo Villadiego argues that the celebrations may be a little premature  Continue Reading

• The quantum threat: Implications for the Internet of Things

  The Security Think Tank assesses the state of encryption technology, exploring topics such as cryptographic techniques, data-masking, the legal ramifications of end-to-end encryption, and the impact of quantum  Continue Reading

• Alternative perspectives: relational and virtue ethics in tech

  In the second of three essays, Marc Steen explores the benefits of grounding ethical considerations in an understanding of social and power dynamics, and how relational and virtue ethics can help  Continue Reading

• Vigilance advised if using AI to make cyber decisions

  The AI arms race is heating up, and the battle lines are being redrawn. Still, organisations should proceed cautiously and remain vigilant in scrutinising AI’s ability to ensure accurate, safe, and informed decision-making.  Continue Reading

• AI has a place in cyber, but needs effective evaluation

  Organisations that don’t leverage AI-based security solutions will find themselves more vulnerable than those that do., but cyber pros still need to ensure they can effectively evaluate AI-enhanced tech to ensure it meets their use case  Continue Reading

• IT Sustainability Think Tank: Recruitment and the regulatory landscape

  There is an ever-growing list of rules and regulations for enterprises to get their heads around when it comes to sustainability, but what can they do to keep on top of things?  Continue Reading

• Does AI have a future in cyber security? Yes, but only if it works with humans

  Do AI and ML hold the promise of helping cyber pros achieving the holy grail of operating quicker, cheaper, and with higher efficiency? We shouldn’t hold our breath, says Nominet’s Paul Lewis  Continue Reading

• AI-enhanced cyber has potential, but watch out for marketing hype

  As AI is a hot topic right now, it is no surprise there are some cyber solutions coming to market that have been thrown together in haste, but that said, genuine AI-powered security products do exist and their abilities could yet prove ...  Continue Reading

• Hello ChatGPT, RIP software developer?

  How generative AI will change the lives of software developers and the shape of the IT department  Continue Reading

• The problem with ‘secure’ messaging

  Secure instant messaging is becoming a norm for business communications but it raises three important security and compliance questions    Continue Reading

• At the gates – How to survive the era of cyber insecurity

  Businesses face more legal risks, a mine field of regulation, and individual liability for failures. Getting the basis right is more important than ever.  Continue Reading

• We have lift off… The opportunities and risks of generative AI

  How you can use AI to benefit your business while navigating the risks  Continue Reading

• Five non-traditional talent pools that will help CIOs plug skills gaps

  Some alternative ways for CIOs to fill talent gaps when its hard to find people with the right technology skills in the jobs market  Continue Reading

• Prepare for quantum to fundamentally change PKI effectiveness

  Encryption has always been a fundamental aspect of Public Key Infrastructure but the rise of quantum computing poses a significant threat to this. Thales' John Cullen says post-quantum cryptography may hold the key to safeguarding the future.  Continue Reading

• The essential role of PETs in unlocking the trillion dollar SaaS market

  Ahead of the Eyes-Off Data Summit in Dublin, Jack Fitzsimons of Oblivious AI explains why so-called Privacy Enhancing Technologies or PETs may hold the key to unlocking the full potential of SaaS in the enterprise  Continue Reading

• AI in cyber security: Distinguishing hype from reality

  We know that malicious actors are starting to use artificial intelligence (AI) tools to facilitate attacks, but on the other hand, AI can also be a powerful tool within the hands of cyber security professionals  Continue Reading

• Improve business outcomes by managing data and analytics risk

  An effective data and analytics risk and control environment requires a full understanding of data, analytics and AI risks, related risk decisions and their impact on business outcomes  Continue Reading

• The time to implement an internal AI usage policy is now

  As with any emerging technology, AI’s growth in popularity establishes a new attack surface for malicious actors to exploit, thereby introducing new risks and vulnerabilities to an increasingly complex computing landscape.  Continue Reading

• Navigating cyber security under ChatGPT

  Balancing the risk and reward of ChatGPT – as a large language model (LLM) and an example of generative AI – begins by performing a risk assessment of the potential of such a powerful tool to cause harm  Continue Reading

• How real and present is the malware threat from AI?

  One of the most talked about concerns regarding generative AI is that it could be used to create malicious code. But how real and present is this threat?  Continue Reading

• ChatGPT’s phishing ‘problem’ may not be overstated

  Some data now suggests that threat actors are indeed using ChatGPT to craft malicious phishing emails, but the industry is doing its best to get out in front of this trend, according to the threat intelligence team at Egress  Continue Reading

• Keeping your culture as the business scales

  Three guiding principles will help businesses stay true to their roots as they grow and change  Continue Reading

• Regulatory ‘lacuna’ around facial recognition threatens rights

  The UK is heading for a “legal quagmire” around live facial recognition if the government and regulators do not take action to rein in use of the technology before it becomes ubiquitous  Continue Reading

• Discovering the Diversity Process Flow in cyber

  The UK Cyber Security Council's Simon Hepburn explains the Council's new Diversity Process Flow framework, and outlines its potential implications for ethnic minorities in the cyber sector  Continue Reading

• Generative AI – the next biggest cyber security threat?

  Following the launch of ChatGPT in November 2022, several reports have emerged that seek to determine the impact of generative AI in cyber security. Undeniably, generative AI in cyber security is a double-edged sword, but will the paradigm shift in ...  Continue Reading

• Is cyber training all the same old? Shift your perspective and get stuck in

  Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads, and you can only achieve this by doing and changing your way of thinking.  Continue Reading

• Security Think Tank: A brief history of (secure) coding

  From controlling who was allowed to work with IBM mainframes to present-day DevSecOps techniques, the concept of secure coding has a longer history than you might think  Continue Reading

• Five key steps where there is a risk of fraud investigation

  When fraud investigators come knocking, there are some important ways in which management and senior IT professionals can make sure their company is best protected.  Continue Reading

• Security Think Tank: Why “secure coding” is neither

  Ensuring the security of code is just one element of a complex software lifecycle and risk management process that people need to think about more holistically, says Ed Moyle  Continue Reading

• Why we need a secure side door for encrypted apps, not a back door  

  Splitting a decryption key into multiple fragments held by 'guardians', including privacy rights group, may be an answer to policing encrypted messages  Continue Reading

• Security Think Tank: To secure code effectively, verify at every step

  Verification at every step is an important part of ensuring your code is secure, writes Petra Wenham  Continue Reading

• What secure coding practices mean to modern cyber security

  Joseph Foote of PA Consulting explores how we know the services we use most are protected, what we mean when we say 'secure coding practices', and what happens when secure coding practices are not followed?  Continue Reading

• How to build an environmental cloud sustainability strategy

  Environmental sustainability continues to be a top 10 business priority for organisations. Here are the factors to consider when evaluating the environmental sustainability efforts of cloud providers  Continue Reading

• Security Think Tank: Thinking beyond IAM in the cloud

  Looking beyond IAM, there are other aspects of securing public cloud environments that admins can reasonably expect to control  Continue Reading

• Want to get cloud IAM right? Master the fundamentals

  By getting the basics right, you’re setting yourself up for success to then can build more advanced and complex functionalities on top  Continue Reading

• Could your employees’ use of ChatGPT put you in breach of GDPR?

  Following Italy's run-in with OpenAI’s ChatGPT, legal expert Richard Forrest emphasises the necessity for additional scrutiny while using AI tools in a work environment, and practical guidance on doing so safely  Continue Reading

• Security Think Tank: Going beyond IAM for cloud security

  Managing access and privilege across complex and powerful cloud tooling is not a straightforward task; but there are some key considerations that can help security teams stay on top of identities in the cloud  Continue Reading

• Cloud identity: Are you who you say you are?

  As identity, rather than networking segmentation, becomes the primary determining factor in accessing cloud resources. ISACA’s Ser Yoong Goh highlights three trends driving cloud IAM  Continue Reading

• With cyber attacks on the rise, businesses should prepare for quantum hacks now

  Advances in quantum computing have brought the world is on the cusp of a technological revolution, but it is not without risk. Find out why you should start to prepare for post-quantum cryotography today.  Continue Reading

• Security Think Tank: Adopt a coherent framework for ID first security

  With IAM central to enabling appropriate access to cloud-based services, identity first security is becoming a key trend for IAM in the cloud.  Continue Reading

• Preventing artificial deception in the age of AI

  The proposals contained in Westminster’s AI whitepaper are a good start, but more creative thinking and investment will be required to achieve a truly pro-innovation regulatory environment  Continue Reading

• Women on Boards: how to get there, how to flourish there

  Having a good network, listening to advice, taking on more responsibility coupled with drive and commitment can help women reach a place on the board  Continue Reading

• Computer says no. Will fairness survive in the AI age?

  New forms of regulation will be needed to safeguard against the risks posed by AI  Continue Reading

• Security Think Tank: Training can no longer be a compliance exercise

  Historically, security training has tended to take a compliance-based focus, a ‘tick-box’ exercise using generic, off-the-shelf courses. This needs to change, says Hayley Watson of Turnkey Consulting.  Continue Reading

• Cyber training in 2023 needs to drive measurable change

  2023 will see more focus on security training programmes that not only provide employees with an understanding of the risks they face but more importantly drive measurable behavioural change, says PA Consulting’s Richard Allen  Continue Reading

• Cyber security training: Insights for future professionals

  Future cyber security professionals need soft skills as well as technical ones, says security educator Sudeep Subramanian  Continue Reading

• Security Think Tank: New trends and drivers in cyber security training

  Self-paced, interactive, bite-sized learning is becoming the optimum path for cyber security training in the workplace, says John Tolbert of KuppingerCole  Continue Reading

• What charities should know about ransomware and reputational threats

  The NCSC recently called for charities to elevate their cyber security practice. Find out why charities are a soft target for cyber criminals, and what they can do to fight back  Continue Reading

• How to protect your business from fraud during a recession

  This winter, the chilly winds of a global recession have fraudsters turning up the heat. PJ Rohall of SEON Fraud Fighters shares some guidance on how to bundle up against fraud  Continue Reading

• What do the tech sector redundancy rounds mean for international employees working in the UK?

  Individuals that have chosen to relocate to the UK to develop their careers sponsored by their employers face not only losing their job but their right to remain in the UK. What are the options?  Continue Reading

• What’s the technology talent and recruitment outlook for 2023?

  Despite layoffs from technology companies demand for IT staff in 2023 is expected to be robust, but organisations may turn towards contractors and off-shoring  Continue Reading

• Security Think Tank: Poor training is worse than no training at all

  Bad security training is a betrayal of users, a security risk, and ultimately a waste of money, but there are some reasons to be optimistic about the future, say Mike Gillespie and Ellie Hurst of Advent IM  Continue Reading

• Security Think Tank: In 2023, we need a new way to cultivate better habits

  Regular, small adjustments to behaviour offer a better way to keep employees on track and cultivate a corporate culture of cyber awareness, writes Elastic’s Mandy Andress  Continue Reading

• Security Think Tank: Getting the training and development mix right

  Rob Dartnall, CEO at SecAlliance and chair of Crest’s UK Council, describes the need for formal, varied and continuous development in the cyber security sector  Continue Reading

• Three outsourcing trends to look out for in 2023

  ISG's Andreas Fahr outlines three IT sourcing trends to look out for in the coming year.  Continue Reading

• The rise of fraud in pop culture is impacting consumers’ digital trust

  Shows such as The Tinder Swindler and Inventing Anna were big money-earners for Netflix in 2022, but Onfido’s Mike Tuchen says their popularity risks damaging consumer trust  Continue Reading

• Europe’s cyber security strategy must be clear about open source

  Europe’s cyber security policy on open source is lagging behind the US, and despite growing government awareness of the issues, that poses a problem  Continue Reading

• What will be trending in technology in 2023?

  This year will be a bit year for IT spending despite the prospects of recession, inflation and rising costs. But companies will focus more on technology that delivers measurable pay-offs  Continue Reading

• How ITV built a data team from scratch

  Clemence Burnichon, director of data innovation at ITV, describes how the broadcaster has built a data management and analytics team  Continue Reading

• How does red teaming test the ultimate limits of cyber security?

  An expert ethical hacker reveals how he goes about carrying out a red team exercise  Continue Reading

• Why the current fraud model is broken, and how to fix it

  Scammers and fraudsters are catching up with the good guys; a new technological approach is needed to fight skyrocketing volumes of digital fraud, says Darwinium founder Alisdair Faulkner  Continue Reading

• Post-Brexit cyber dynamics in the UK and Europe: diverging paradigms?

  The UK faces a choice in terms of its ongoing cyber security relationship with the EU – to preserve its collaboration with the EU by adopting an aligned approach or to adopt a divergent approach  Continue Reading

• Security Think Tank: 2022 brought plenty of learning opportunities in cyber

  At the end of another busy 12 months, Turnkey Consulting’s Andrew Morris sums up some of the most important takeaways for cyber pros  Continue Reading

• Security Think Tank: How much digital trust can you place on zero-trust?

  The events of the past couple of years have highlighted many considerations that should be taken into consideration when pursuing a zero-trust strategy, says ISACA’s Steven Sim Kok Leong  Continue Reading

• Security Think Tank: Embrace prioritisation, people, imperfections

  Security and IT professionals should try to make peace with their imperfections in 2023, says Nominet CISO Paul Lewis  Continue Reading

• Security Think Tank: 2022 changed how we thought about resilience

  Increasing cyber resilience is at the heart of the people-processes-technology triangle, and 2022 saw shifts in all three of these aspects, says PA Consulting’s Sharon Shochat  Continue Reading

• Security Think Tank: As cyber pros, we need to articulate our needs better

  There is always a lot to learn about security, but one of the most important lessons may not relate to technology at all, says Petra Wenham  Continue Reading

• Ransomware: Is there hope beyond the overhyped?

  Up-and-coming cyber concepts attack surface management and security mesh architectures seem to hold some promise in tackling ransomware, but they are a little way off maturity  Continue Reading

• Think technology, process, human risk to manage ransomware

  Effective ransomware handling boils down to three core areas – technology, process and human risk  Continue Reading

• Chartered status and aligned standards are crucial for the UK's cyber sector

  As the UK moves closer to ushering in the world’s first chartered cyber professionals, the UK Cyber Security Council’s Simon Hepburn outlines the sector’s defining moment  Continue Reading

• Your staff are the frontline in your ransomware fight

  As part of a solid cyber defence plan, the CISO must make sure that the frontline within the organisation is prepared for an attack, says Theodore Wiggins of Airbus Protect  Continue Reading

• Redundancies – are tech companies getting it right?

  With recession now a reality, big tech companies have started slimming down their workforces, but they have legal responsibilities  Continue Reading

• Security Think Tank: Ransomware defences: An extended to-do list

  Strategies to extend ransomware protection beyond backups and intrusion detection must centre dark web monitoring, among other things  Continue Reading

• Security Think Tank: Let’s be transparent about ransomware

  Greater transparency regarding ransomware attacks, including details about attack methods used and what kinds of assets were compromised, would likely help the community prevent future attacks  Continue Reading

• Cyber insurance: The good, the bad and the ugly

  Most cyber insurance contracts are innately flawed because they exclude losses arising from state-backed cyber attacks, and this will make proper attribution even more important in the future, says Cisco Talos’ Martin Lee  Continue Reading

• Security Think Tank: To stop ransomware, preparation is the best medicine

  You can’t ‘stop’ ransomware, but you can do a lot to keep yourself from becoming ensnared when it strikes  Continue Reading

• All means all when it comes to encryption

  Nigel Thorpe, technical director at SecureAge, makes the case for encrypting everything all of the time when it comes to protecting data  Continue Reading

• Security Think Tank: Anti-ransomware strategies should be as easy as ABC

  When developing and implementing ransomware protection strategies, the importance of paying thorough attention to security measures you might consider elementary cannot be understated  Continue Reading

• To fight ransomware, we must treat digital infrastructure as critical

  Ransomware defence is failing because we don’t view our digital infrastructure in the same way as our physical infrastructure, argues Elastic’s Mandy Andress  Continue Reading

• Three million empty seats: What can we do about the cyber skills shortage?

  Companies should look for candidates with the right skills potential, rather than insist they tick a hundred different security skills boxes  Continue Reading

• Security Think Tank: Ransomware and CISOs’ balancing act

  Ransomware has the potential to cause irreversible business damage, so CISOs should consider not only protection but also response and recovery  Continue Reading

• More women in tech will bridge the skills gap and bolster growth

  Large global technology firms will reach nearly 33% overall female representation in their workforces in 2022. Growth is slow, but heading in the right direction  Continue Reading

• Fewer CIOs have a seat on the board but we still need technology leaders

  This democratisation of technology still needs a leader, but it’s a healthy sign that discussion of tech has become part of business as usual at board level  Continue Reading

• Security Think Tank: Know your networks, know your suppliers

  To combat the ransomware scourge, we must work harder to monitor and learn from the increasingly complex threat environment, keep a closer eye on supply chains, and share our insights  Continue Reading

• The rise and risks of sovereign data strategies

  Data and analytics leaders need to understand what is happening now to mitigate risk and exploit data-driven opportunities  Continue Reading

• How to build consumer trust with a privacy-by-design approach

  Undertaken with the right mindset and technology, privacy by design delivers value to consumers and builds trust for the long term  Continue Reading

• The risk of losing our EU data adequacy agreement is real

  While some may welcome the government’s ambition to shake up the UK’s data protection regime, Westminster should be wary of drifting too far from the path charted by our US and European partners  Continue Reading

• Security Think Tank: Container security: why so different?

  Done well, container security can be a model for securing the enterprise, and businesses that focus their teams on solving it can help accelerate positive change in other areas  Continue Reading

• How has container security changed since 2020, and have we taken it too far?

  While containers are now one of the most popular ways to deploy applications, it is fair to say that the adoption and implementation of security best practice to govern their use has not kept up  Continue Reading

• The Conservatives are laughing at cyber security pros

  If causing a security breach is a resigning matter, then you shouldn’t expect to get your old job back a week later. Unless you’re a Conservative home secretary, apparently  Continue Reading

• IT Sustainability Think Tank: Helping IT leaders avoid falling victim to greenwashing

  How can IT leaders separate fact from fiction when weighing up a tech supplier’s sustainability claims? And, crucially, what are the dangers or risks enterprises face if they do not do their due diligence on the green claims of their providers?  Continue Reading

• IT Sustainability Think Tank: How IT buyers can verify the green claims of their supply chain

  How can IT leaders separate fact from fiction when weighing up a tech supplier’s sustainability claims? And, crucially, what are the dangers or risks enterprises face if they do not do their due diligence on the green claims of their providers?  Continue Reading

• Reducing the cyber stack with API security

  Budgets are tight, making it difficult to secure spend, but is there an argument for jettisoning fragmented approaches to securing APIs in favour of a dedicated end-to-end approach? Doubling down on API security could help businesses not just reduce...  Continue Reading

• Currency markets causing choppy waters for UK outsourcing

  Anthony Drake, director at tech advisory ISG, explains how the UK government’s botched mini-Budget announcement raised the cost of IT outsourcing  Continue Reading

• Security Think Tank: Design security in to reap container benefits

  Provided container security basics are built into your development and runtime environment from the start, containerised services and applications can provide rapid – and secure – achievement of business objectives  Continue Reading

• IT Sustainability Think Tank: Getting to grips with greenwashing

  How can IT leaders separate fact from fiction when weighing up a tech supplier’s sustainability claims? And, crucially, what are the dangers or risks that enterprises face if they do not do their due diligence on the green claims of their providers?  Continue Reading

• Security Think Tank: Three steps to a solid DevSecOps strategy

  Read about how buyers can manage third-party risk when procuring applications, how to secure the software development process, and even how to affect cultural change among developers not used to thinking cyber first  Continue Reading

• It’s time for engineering teams to own DevSecOps

  It may seem counterintuitive, but maybe organisations should consider delegating responsibility for DevSecOps to engineering teams, not security teams, argues Elastic’s Mandy Andress  Continue Reading