Opinion

Opinion

Regulatory compliance and standard requirements

• 11 obscure questions, Facebook, Max Schrems and the European Court of Justice

  Eleven obscure questions will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as ‘mass and indiscriminate surveillance’ by the US  Continue Reading

• Security Think Tank: AI in cyber needs complex cost/benefit analysis

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• CCPA enforcement has begun: Here’s what to expect

  The US’s California Consumer Privacy Act came into force in January this year, but enforcement against technology companies did not begin until this month  Continue Reading

• Security Think Tank: Balancing human oversight with AI autonomy

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Time to rethink business continuity and cyber security

  Business continuity and cyber security remain largely in separate silos, but changes in the IT and cyber threat landscapes mean there is an urgent need for organisations to alter their approach  Continue Reading

• Security Think Tank: ‘Shift left’ to secure containers

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Why UK needs independent oversight body for contact-tracing app

  The public needs and deserves clarity, and not just assurances, over the UK’s Covid-19 contact-tracing app  Continue Reading

• Security Think Tank: Container security starts with good DevOps practice

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Container security is evolving, so must CISOs

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Why trust is the new currency

  Businesses need to engender trust with customers amid the complexity of digital transactions involving multiple third parties, even as consumers are not fully cognizant of the importance of data privacy  Continue Reading

• How effective security training goes deeper than ‘awareness’

  Cyber criminals are constantly developing their techniques and strategies, so security training needs to do the same  Continue Reading

• Security Think Tank: Burnt out CISOs are a huge cyber risk

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Security Think Tank: Create healthy habits to avoid burnout

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security professionals manage their increased workload, safeguard their mental well-being and avoid burnout?  Continue Reading

• Four risks to data privacy and governance amid Covid-19

  EY privacy experts assess some of the novel risks to data privacy, protection and governance during the Covid-19 coronavirus pandemic  Continue Reading

• Security Think Tank: CISOs must adapt to fight Covid-19 burnout

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Why you should think before you Zoom

  Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential  Continue Reading

• A legal perspective on data breaches and home working

  Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification  Continue Reading

• Security Think Tank: Continuity planning doesn’t have to be complex

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Coronavirus and privacy – finding the middle ground

  Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used  Continue Reading

• Why zero trust may not be all it’s cracked up to be

  While they are discussed ad nauseam in the security industry, zero-trust architectures may not be all they’re cracked up to be, according to analyst Sam Bocetta  Continue Reading

• Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: A guide to security best practice for pandemics

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: Coronavirus crisis helps put security in context

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Why ‘no breach’ is bad news for your compliance

  You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case  Continue Reading

• Security Think Tank: Zero trust strategies must start small, then grow

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Ask yourself if zero trust is right for you

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: How zero trust lets you take back control

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ...  Continue Reading

• Security Think Tank: Practical steps to achieve zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is not the answer to all your problems

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• The fight against cyber crime: Why cooperation matters

  With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today  Continue Reading

• Security Think Tank: Facing the challenge of zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust – just another name for the basics?

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think-Tank: Tackle insider threats to achieve data-centric security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

  The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department  Continue Reading

• Security Think Tank: Let’s call time on inciting fear among users

  The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security?  Continue Reading

• Can Europe legally share data with the US? A court far away is about to decide

  The European Court of Justice will deliver an opinion on whether Europe can legally continue to send private data about European citizens to the US  Continue Reading

• Security Think Tank: Data-centric security requires a holistic approach

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• We can’t allow fake news and disinformation to upend our democracy

  Fake news, misinformation and cyber attacks are part of our political process – now is the time to act  Continue Reading

• The art of surveillance: the Stasi archives and the Investigatory Powers Act

  A photographic exhibition captures the chilling impact of surveillance in the UK and the former German Democratic Republic  Continue Reading

• Security Think Tank: Time for a devolution of responsibility

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Security Think Tank: Optimise data-centric strategies with AI

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Cyber security: How to avoid a disastrous PICNIC

  Fieldfisher’s David Lorimer examines how individual employees often facilitate cyber attacks, and what can be done to reduce the risk  Continue Reading

• Security Think Tank: Stopping data leaks in the cloud

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Base cloud security posture on your data footprint

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Cloud security is a shared responsibility

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security in the supply chain – a post-GDPR approach

  A year and a half after the introduction of the EU’s General Data Protection Regulation, Fieldfisher's James Walsh reviews the fundamentals of supply chain security  Continue Reading

• What changes are needed to create a cyber-savvy culture?

  PA Consulting's Cate Pye considers the people and process changes that are necessary to build a security aware business culture  Continue Reading

• Security Think Tank: Adapt security posture to your cloud model

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: The cloud needs security by design

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Secure the cloud when negotiating contracts

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: In the cloud, the buck stops with you

  Misconfigured cloud environments are increasingly identified as the source of damaging data breaches and leaks, raising serious questions for enterprises. Where does responsibility for data security in the cloud lie, and how can security ...  Continue Reading

• Security Think Tank: Embedding security in governance

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Focus on metrics to manage risk

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Security Think Tank: Embed security professionals in your risk strategy

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Risk management must go beyond spreadsheets

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Security Think Tank: Consider risk holistically, not just from an IT angle

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision making?  Continue Reading

• Small business guide: How to keep your organisation secure from fraudsters and hackers

  Doing a few things well can keep your organisation protected from common cyber attacks and fraudsters  Continue Reading

• Security Think Tank: The operational approach to integrated risk management

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Risk is unavoidable in digital transformation

  How can security professionals help their organisations move from traditional governance, risk and compliance to integrated risk management that integrates risk activities from across an organisation to enable better strategic decision-making?  Continue Reading

• Security Think Tank: Close interdisciplinary ties are key to security integration

  How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: CIA at heart of infosec-data architect partnership

  How can infosec professionals and data architects work together to support business goals and achieve a good level of cyber security?  Continue Reading

• Security Think Tank: Engage business to address commercial risk

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Translating GDPR compliance into business benefits

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Aligning data privacy with business objectives

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Don’t dismiss the business benefits of GDPR

  What strategies can infosec pros use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Align compliance objectives with business goals

  What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Changing the GDPR focus to business benefit

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Benefits of GDPR compliance

  What strategies can information security professionals use to shift focus from General Data Protection Regulation fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Security Think Tank: Embrace data protection as a necessary business process

  What strategies can information security professionals use to shift focus from GDPR fines to enabling business gains and success, changing the way data is used, and aligning data privacy with business purpose?  Continue Reading

• Is GDPR worth the cost?

  Regulations have costs, which are meant to be recouped by the expected benefits. But who decides whether this is a good deal? Ultimately, it’s you  Continue Reading

• Security Think Tank: Cyber attack survival not a matter of luck

  How should businesses plan to survive a potential cyber attack extinction event?  Continue Reading

• Mind the Brexit gap in cyber security

  Leaving the EU could mean a new cyber security regime for the UK – firms need to understand how the changes might affect them  Continue Reading

• Security Think Tank: Is it true you can't manage what you don't measure?

  What should be the key cyber security risk indicator for any business?  Continue Reading

• Wearable technology in the workplace and data protection law

  Wearable technology is slowly creeping into the workplace to monitor staff performance and health, but do employers understand the legal implications? We assess the data protection implications  Continue Reading

• Security Think Tank: Approach UTM with caution

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Security Think Tank: Many routes to UTM to boost security capabilities

  How can organisations best use unified threat management tools to help stem the tide of data breaches?  Continue Reading

• Brexit and data protection: What’s next?

  PA Consulting assesses how a no-deal Brexit would affect the flow of data from the UK into and out of Europe  Continue Reading

• How to prepare for the UK’s uncertain Brexit terms

  Analyst firm Gartner looks at the main business continuity plans that need to be in place  Continue Reading

• Security Think Tank: Meeting the security challenge of multiple IT environments

  How can organisations combine software defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network?  Continue Reading

• Can we live without passwords?

  Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve  Continue Reading

• Making the UK the safest place to live and work online

  Government, industry and individuals all have to play their part in enhancing cyber security practices  Continue Reading

• As data volumes grow, backup needs analytics, says StorageCraft CEO

  Backup appliance maker’s CEO says backup needs analytics so customers can prioritise restore of critical data in a world where volumes increase by 50% a year  Continue Reading

• Mitigating third-party cyber risks in a new regulatory environment

  GDPR and the NIS Directive increase the focus on managing cyber security throughout the supply chain. Organisations need to check their suppliers are compliant  Continue Reading

• Security Think Tank: Monitoring key to outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based, and how can an organisation test if its security defences are delivering the desired outcome?  Continue Reading

• Customers need to be at the centre of GDPR plans

  Responding to a breach is not just about data, it is about taking care of, and protecting, customers  Continue Reading

• Security Think Tank: Use Cyber Essentials to kick-start outcomes-based security

  What is the first step towards moving from a tick-box approach to security to one that is outcomes-based and how can an organisation test whether its security defences are delivering the desired outcome?  Continue Reading

• Better the data you know – how GDPR is affecting UK tech companies

  As the dust settles from the General Data Protection Regulation, the implications for technology firms in the UK are becoming clearer  Continue Reading

• Security Think Tank: Outsource responsibility, not accountability

  What critical security controls can be outsourced and how do organisations, SMEs in particular, maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Security Think Tank: Risk tolerance key to security outsourcing policy

  What critical security controls can be outsourced, and how do organisations – SMEs in particular – maintain confidence that they are being managed effectively and appropriately?  Continue Reading

• Beyond GDPR: ePrivacy could have an even greater impact on mobile

  From how we monitor air pollution and manage our public transport systems, to how we enable connected cars and the next generation of 5G mobile services, the forthcoming ePR could have a lasting impact on European society  Continue Reading

• What the ICO's Facebook fine teaches us

  Legal expert Alexander Egerton considers whether the ICO’s planned £500,000 fine for Facebook is the precursor of a spate of increased fines across the board, or if it shows the ICO’s stance has not changed and will continue to target certain ...  Continue Reading

• Security Think Tank: Understand data for risk-based protection

  Why is it important to know where data flows, with whom it is shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• Security Think Tank: Data controllers are essential in modern business environment

  Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this?  Continue Reading

• GDPR may not be perfect, but it’s an important milestone in data protection

  It's GDPR day, and TechUK's CEO Julian David writes about what is an important milestone in data protection in the digital world  Continue Reading

• It’s not too late to get GDPR ready

  With the GDPR compliance deadline on 25 May 2018, there is little time to get ready, but it is not too late, according to the IAPP, which provides a checklist to help organisations ensure they are in the best position possible for the deadline  Continue Reading

• Hacking the internet of things just got easier – it’s time to look at your security

  Are you taking security for internet-connected devices seriously enough?  Continue Reading

• Security Think Tank: Reducing dwell has never been more important

  Why is reducing cyber attacker dwell time important, and how should this be tackled?  Continue Reading

• Security Think Tank: GDPR compliance one good reason to cut attacker dwell time

  Why is reducing cyber attacker dwell time important, and how should this be tackled?  Continue Reading

• How a new ISO standard helps you take control of your IT assets

  The updated ISO standard 19770-1:2017 offers IT managers a way to bring their hardware and software assets under a single management standard  Continue Reading