Opinion

Opinion

Privacy and data protection

• Vaccine passports highlight social impact of systems design

  Vaccine or immunity passports are an opportunity to advance the design of trustworthy digital systems, but much more work still needs to be done  Continue Reading

• Security Think Tank: Renewed US stability may ease cyber tensions

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden must address insider security threat first

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden’s team can make a difference on security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: UK well-placed to work with Biden on cyber

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden has a chance to renew cyber alliances

  As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• The ransomware routine: pages from the Secret IR Insider’s diary

  The Secret Incident Response Insider shares behind-the-scenes stories of what really happens after organisations are hit by cyber attacks – and shows how they could have been avoided  Continue Reading

• Security Think Tank: In 2021, enable, empower and entrust your users

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Plan for hybrid working to become normal

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Time for security teams to learn from Covid

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Don’t bet on a new normal just yet

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• How to manage non-human identities

  Identity management has traditionally focused on human identities, but non-human identities are proliferating and must not be overlooked. Businesses can reduce risk by managing both types of identity in the same way using a services-based approach  Continue Reading

• It’s time to accept that disinformation is a cyber security issue

  Tackling the manipulation of truth and facts is no easy task, and it’s time for the cyber security sector to take up the challenge  Continue Reading

• Negotiating the complexities of international transfers of personal data

  How to navigate international data transfers, standard contractual clauses and the impact of Brexit on data protection  Continue Reading

• From front line to back office – how supporting the cyber community keeps the NHS safe

  NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health and care  Continue Reading

• Brexit and risks to data privacy and governance

  EY privacy specialists assess the risks to data privacy, protection and governance on the table for businesses, with less than two months until Brexit  Continue Reading

• Security Think Tank: Essential tools to mitigate double extortion attacks

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: Safeguarding PII in the current threat landscape

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Essential tools to mitigate data loss and identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Adapting defences to evolving ransomware and cyber crime

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Security Think Tank: What you need to know about addressing the doxing threat

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Tighten data and access controls to stop identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• The privacy and compliance challenges organisations face in 2021

  Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider?  Continue Reading

• Gartner: Balance safety, privacy and productivity when employees return to the workplace

  Organisations may decide that data collection can help keep employees safe in a Covid-secure workplace – but employers must consider all the privacy and productivity implications  Continue Reading

• Security Think Tank: Edge security in the world of Covid-19

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: No secret sauce for edge security, just good practice

  That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• What are the latest GDPR security breach enforcement trends?

  A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR  Continue Reading

• Why data exports from the EU will be challenging without Privacy Shield

  Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers    Continue Reading

• Don’t believe the hype: AI is no silver bullet

  We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check  Continue Reading

• The countdown is on for TikTok after Schrems II

  Given the US’ threatened actions against TikTok and the outcome of Schrems II, it is clear that the spotlight is now firmly on international data transfers  Continue Reading

• Taking back control of government data mustn’t leave the public in the dark

  Boris Johnson has quietly transferred control over government data to Number 10, without explaining why. The public deserves more involvement in how their personal data is being used, says Labour  Continue Reading

• How Schrems II will impact data sharing between the UK and the US

  At the end of this year, the UK will no longer be subject to the EU’s treaties, opening the way for it and the US to finalise a new trade relationship. Could the UK leave EU data protection standards behind?  Continue Reading

• 11 obscure questions, Facebook, Max Schrems and the European Court of Justice

  Eleven obscure questions will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as ‘mass and indiscriminate surveillance’ by the US  Continue Reading

• Security Think Tank: AI in cyber needs complex cost/benefit analysis

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: Ignore AI overheads at your peril

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• The pandemic has made UK government rethink its relationship with data

  Data has been essential to fighting the coronavirus outbreak, and the forthcoming National Data Strategy promises to place data at the heart of the UK's economic recovery  Continue Reading

• CCPA enforcement has begun: Here’s what to expect

  The US’s California Consumer Privacy Act came into force in January this year, but enforcement against technology companies did not begin until this month  Continue Reading

• Security Think Tank: Balancing human oversight with AI autonomy

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Why UK needs independent oversight body for contact-tracing app

  The public needs and deserves clarity, and not just assurances, over the UK’s Covid-19 contact-tracing app  Continue Reading

• Security Think Tank: Container security starts with good DevOps practice

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Why trust is the new currency

  Businesses need to engender trust with customers amid the complexity of digital transactions involving multiple third parties, even as consumers are not fully cognizant of the importance of data privacy  Continue Reading

• The impact of spycraft on how we secure our data

  The history of cyber security owes much to the world of espionage, as a recent, pre-lockdown Science Museum exhibition showed  Continue Reading

• How effective security training goes deeper than ‘awareness’

  Cyber criminals are constantly developing their techniques and strategies, so security training needs to do the same  Continue Reading

• Security Think Tank: Security teams are key workers and need support

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Four risks to data privacy and governance amid Covid-19

  EY privacy experts assess some of the novel risks to data privacy, protection and governance during the Covid-19 coronavirus pandemic  Continue Reading

• Why you should think before you Zoom

  Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential  Continue Reading

• Technology has brought us together, but can it lead us out of lockdown?

  The government needs to tell us more about the NHSX contact tracing app - choices made now around privacy and transparency will affect all our lives as we aim to ease lockdown, says the shadow digital minister  Continue Reading

• A legal perspective on data breaches and home working

  Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification  Continue Reading

• Security Think Tank: Why and how cyber criminals exploit world events

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Coronavirus: What does the ‘new normal’ mean for how we work?

  Examining the long-term impact of the Covid-19 coronavirus pandemic on the world of work, security, privacy and networks  Continue Reading

• JavaScript skimmers: An evolving and dangerous threat

  Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving  Continue Reading

• Coronavirus and privacy – finding the middle ground

  Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used  Continue Reading

• Why zero trust may not be all it’s cracked up to be

  While they are discussed ad nauseam in the security industry, zero-trust architectures may not be all they’re cracked up to be, according to analyst Sam Bocetta  Continue Reading

• Security Think Tank: Amid panic, how to find a sound level of security

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: A guide to security best practice for pandemics

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: Coronavirus crisis helps put security in context

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Don’t forget to consider GDPR when using artificial intelligence in the workplace

  While references to artificial intelligence in the workplace may conjure up images of future-gazing movies, the use of AI and people analytics by employers is already present at all stages of the employment lifecycle  Continue Reading

• Why ‘no breach’ is bad news for your compliance

  You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case  Continue Reading

• Is the EU better equipped than the US to supervise the use of facial recognition?

  Clearview AI can be an indispensable tool to reinforce national security, but there are many risks associated with the use of facial recognition technology that the EU might be better equipped to deal with than the US  Continue Reading

• The greatest contest ever – privacy versus security

  Examining the technical, legal and ethical challenges around the privacy versus security debate  Continue Reading

• Addressing the IoT security challenge

  We consider how best to address some of the critical security challenges around the internet of things  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: No trust in zero trust need not be a problem

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is not the answer to all your problems

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• The fight against cyber crime: Why cooperation matters

  With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today  Continue Reading

• Security Think Tank: Facing the challenge of zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Bug bounties are changing the image of hackers

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Teens in basements don’t represent a positive security culture

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think-Tank: Tackle insider threats to achieve data-centric security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

  The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department  Continue Reading

• Security Think Tank: Hooded hackers? More like ruthless competitors

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Changing attitudes to cyber is a team sport

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Hero or villain? Creating a no-blame culture

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Get your users to take pride in security

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Let’s call time on inciting fear among users

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Security Think Tank: Put information at the heart of security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Can Europe legally share data with the US? A court far away is about to decide

  The European Court of Justice will deliver an opinion on whether Europe can legally continue to send private data about European citizens to the US  Continue Reading

• Security Think Tank: Data-centric security requires a holistic approach

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• We can’t allow fake news and disinformation to upend our democracy

  Fake news, misinformation and cyber attacks are part of our political process – now is the time to act  Continue Reading

• Security Think Tank: Data-centric security requires context and understanding

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Risk-based response critical to protect data

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• The art of surveillance: the Stasi archives and the Investigatory Powers Act

  A photographic exhibition captures the chilling impact of surveillance in the UK and the former German Democratic Republic  Continue Reading

• Security Think Tank: Is data more or less secure in the cloud?

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Time for a devolution of responsibility

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Optimise data-centric strategies with AI

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Cyber security: How to avoid a disastrous PICNIC

  Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk  Continue Reading

• Security Think Tank: In-depth protection is a matter of basic hygiene

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Stopping data leaks in the cloud

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Base cloud security posture on your data footprint

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Cloud security is a shared responsibility

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security in the supply chain – a post-GDPR approach

  A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security  Continue Reading

• What changes are needed to create a cyber-savvy culture?

  PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture  Continue Reading

• Security Think Tank: Adapt security posture to your cloud model

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: In the cloud, the buck stops with you

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Gartner: Three Barriers to AI Adoption

  CIOs are set to include artificial intelligence in their IT strategy. Technical, legislative and cultural challenges could influence their AI ambitions  Continue Reading

• Security Think Tank: Embed security professionals in your risk strategy

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Risk management must go beyond spreadsheets

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Security Think Tank: Consider risk holistically, not just from an IT angle

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading