Opinion

Opinion

Regulatory compliance and standard requirements

• UK data plans aim to boost growth but will they isolate the UK from its international friends?

  The UK government has made strong statements about the nation’s post-Brexit data strategy but must be careful not to undermine its global credibility  Continue Reading

• Managing cyber risk through integrated supply chains

  High-profile supply chain cyber attacks have caused huge disruption this year. PA Consulting’s Carl Nightingale considers key questions business leaders should be asking of their organisations  Continue Reading

• Security Think Tank: Optimising privacy, post-GDPR

  Airbus CyberSecurity CTO Paddy Francis explores the impact of regulation on data protection, and how it has changed how one goes about optimising data privacy in the enterprise  Continue Reading

• Security Think Tank: A response to planned data protection changes

  The ISF’s Emma Bickerstaffe assesses how organisations might respond to proposed changes to the UK’s data protection regime  Continue Reading

• The rise of the chief risk officer

  The impact of the Covid-19 pandemic has seen chief risk officers take their rightful place in the boardroom  Continue Reading

• UK’s new data protection strategy risks costing business more than it gains

  The apparent business benefits of pursuing data adequacy agreements around the world may not be as enticing as they at first appear  Continue Reading

• Protecting children in the digital playground

  The ICO’s Age Appropriate Design Code ushers in a new set of standards that advance children’s rights in the digital age  Continue Reading

• Security Think Tank: Managing data securely throughout its lifecycle

  Managing data in a secure manner is key to ensuring its integrity and therefore its value to the organisation, as well as reducing risk from breaches and misinformation  Continue Reading

• How the cyber security market is evolving

  The cyber security market has gained even greater importance in the post-Covid era and continues to grow and evolve. But what factors are driving trends in that market and what should your organisation consider when making cyber security investments?  Continue Reading

• Security Think Tank: Steps to a solid data privacy practice

  Petra Wenham of the BCS shares her expertise on building, or rebuilding, a solid business data privacy practice in a post-Covid-19 world  Continue Reading

• The ransomware debate – to pay or not to pay?

  The debate around banning ransomware payments is highly nuanced, and we must take care to avoid overt victim-blaming, in favour of an open and honest approach, says SASIG’s Martin Smith  Continue Reading

• Five tips to ensure your crisis comms plan is ready for a cyber attack

  Business leaders take note: standard crisis communications plans are inadequate if you have fallen victim to a cyber attack. HPL’s Ted Birkhahn shares five tips to make sure you are ready to face the public  Continue Reading

• Security Think Tank: Consider cyber policies and procedures as you welcome employees back

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Security Think Tank: A return to the office is not a return to normal

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• Professionals need protection from the Computer Misuse Act

  The UK needs cyber legislation fit for the 21st century, so it is important for the industry to get behind the government’s proposed reform of the Computer Misuse Act  Continue Reading

• Choose the right ITSM tool for digital era success

  IT service management (ITSM) tools are essential for many organisations to help optimise the design, delivery, support, use and governance of IT, but not all ITSM solutions are created equal, therefore selecting the right one is crucial  Continue Reading

• Why identity is the central problem for the future of the internet

  As debate rages over who has the right to control user identities online, is the concept of decentralised identity about to have its day?  Continue Reading

• Security Think Tank: Reopening is an opportunity to reassess wider security posture

  With Covid-19 restrictions easing, offices are welcoming back remote workers this summer, bringing with them their notebooks and mobiles, and creating an endpoint management headache for CISOs. What do security teams need to account for to protect ...  Continue Reading

• The secret to building a future-proof cyber security team

  In a post-pandemic digital world, where cyber criminals see a feast of opportunities, what are the secrets to building a world-class cyber security function?  Continue Reading

• UK data exchanges with EU can continue after adequacy decision - but for how long?

  For now European businesses can continue to send data to the UK without additional safeguards and paperwork. How long will it last?  Continue Reading

• How CIOs can help their organisations accelerate digital transformation

  Companies need to win the trust of their customers to gather the data they need to transform their businesses  Continue Reading

• European ‘chat control’ plans in the name of ‘child safety’ threaten end-to-end encryption

  Proposals by European Commission to search for illegal material could mean the end of private messaging and emails  Continue Reading

• NHS Digital’s GP data-scraping plan must be publicised and delayed

  The UK government must launch a national awareness campaign and delay this month’s planned GP data slurp, say privacy consultants Ben Rapp and Sara Newman  Continue Reading

• Long-term thinking is vital to secure UK’s critical infrastructure

  To face down the threat of cyber warfare against UK CNI, the government needs long-term thinking that looks beyond the next general election cycle, says Advent-IM’s Mike Gillespie  Continue Reading

• Policies key to revolutionising Identity Governance and Administration

  The proliferation of digital identities, applications, data, security threats and compliance requirements means that Identity Governance and Administration (IGA) has never been more important, but not all organisations are approaching it in an ...  Continue Reading

• The shape of fraud and cyber crime: 10 things we learned from 2020

  While a pandemic-driven increase in cyber crime and an exacerbation of existing fraud trends were, to a large extent, to be expected, the LexisNexis Risk solutions UK cybercrime report 2020 still contained a few surprises  Continue Reading

• The case for vaccine passports: the real world versus the digital world

  What are the security issues challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports must be secure by design

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports cannot be taken lightly

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• What has a year of home working meant for the DPO?

  Byron Shirley of The Compliance Space explores how the role of the data protection officer has changed in the past 12 months  Continue Reading

• Security Think Tank: Evolving threats, tech, leaves CNI exposed

  In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Employees must be given the right to disconnect

  As enterprises increasingly turn to workplace monitoring technologies and more of the workforce moves to remote or hybrid working, unions are campaigning for workers’ ‘right to disconnect’ and not engage in digitally enabled work after hours  Continue Reading

• Security Think Tank: Take a realistic perspective on CNI cyber attacks

  In light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: CNI operators are in an unenviable position

  In the light of increasing cyber attacks on critical national infrastructure, what are the immediate risks to industrial control systems and other operational technology, and what steps can be taken to address them?  Continue Reading

• Security Think Tank: US security efforts may centre on collaboration

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Towards a united state of security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Renewed US stability may ease cyber tensions

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden must address insider security threat first

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden’s team can make a difference on security

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: UK well-placed to work with Biden on cyber

  As US president Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Biden has a chance to renew cyber alliances

  As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice ...  Continue Reading

• Security Think Tank: Time for security teams to learn from Covid

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Don’t bet on a new normal just yet

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: The year of the work-from-home hangover

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• How to manage non-human identities

  Identity management has traditionally focused on human identities, but non-human identities are proliferating and must not be overlooked. Businesses can reduce risk by managing both types of identity in the same way using a services-based approach  Continue Reading

• Negotiating the complexities of international transfers of personal data

  How to navigate international data transfers, standard contractual clauses and the impact of Brexit on data protection  Continue Reading

• SIEM or SOAR or both? Consider your business complexity first

  SIEM and SOAR have much in common, but there are key differences between the two that may influence the best fit for your organisation. What should security pros consider when making a choice?  Continue Reading

• How to modernise identity governance and administration

  Modernising identity governance and administration (IGA) capabilities is essential for organisations to manage identities effectively to ensure they remain competitive, compliant and secure  Continue Reading

• From front line to back office – how supporting the cyber community keeps the NHS safe

  NHS Digital’s chief information security officer describes how the Cyber Associates Network benefits security experts in health and care  Continue Reading

• Security Think Tank: Safeguarding PII in the current threat landscape

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cybercrime heighten risk for the ...  Continue Reading

• Security Think Tank: Tighten data and access controls to stop identity theft

  The threat of identity theft via a data breach is heightened with the rise of attacks where ransomware threat actors both encrypt and ransom, and exfiltrate and leak their victims’ data. How does this evolution in cyber crime heighten risk for the ...  Continue Reading

• Lapsing ISO certifications: Myth versus risk

  Allowing ISO certifications to lapse presents businesses with serious risks when workarounds are possible  Continue Reading

• The privacy and compliance challenges organisations face in 2021

  Privacy and compliance teams have a lot on their plate as 2021 approaches. What are the key issues to consider?  Continue Reading

• Covid-19 has changed how we think about cyber security forever

  Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson  Continue Reading

• Why business resilience management should be high on the agenda

  Business resilience management is key to business survival in the face of rapidly changing IT, cyber threat and regulatory environments  Continue Reading

• Security Think Tank: Edge security in the world of Covid-19

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentre to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: Edge datacentre security depends on specific needs

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: No secret sauce for edge security, just good practice

  That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Security Think Tank: Beware security blind spots at the edge

  That datacentre security is a complex subject is not in doubt and, given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• Sharing responsibility: Why we need to work together to keep the cloud secure

  The education sector has been fundamentally altered by months of lockdown, with cloud services topping must-have lists for academic staff, but now it’s time to consider security  Continue Reading

• Security Think Tank: Security at the distributed edge

  That datacentre security is a complex subject is not in doubt, and given the trend to move beyond centralised datacentres to distributed environments, this is not going to change. How can security professionals ensure such setups are just as secure ...  Continue Reading

• What are the latest GDPR security breach enforcement trends?

  A cyber breach specialist from Fieldfisher runs the rule over the latest trends in cyber security, data protection and GDPR  Continue Reading

• Why data exports from the EU will be challenging without Privacy Shield

  Organisations exporting data to the US under Privacy Shield or overseas generally, whether under standard contractual clauses or binding corporate rules, need to urgently review the legal basis of these transfers    Continue Reading

• The countdown is on for TikTok after Schrems II

  Given the US’ threatened actions against TikTok and the outcome of Schrems II, it is clear that the spotlight is now firmly on international data transfers  Continue Reading

• 11 obscure questions, Facebook, Max Schrems and the European Court of Justice

  Eleven obscure questions will be the first step towards explaining why we in the UK and Europe have experienced 13 years of what has been described as ‘mass and indiscriminate surveillance’ by the US  Continue Reading

• Security Think Tank: AI in cyber needs complex cost/benefit analysis

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• CCPA enforcement has begun: Here’s what to expect

  The US’s California Consumer Privacy Act came into force in January this year, but enforcement against technology companies did not begin until this month  Continue Reading

• Security Think Tank: Balancing human oversight with AI autonomy

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Time to rethink business continuity and cyber security

  Business continuity and cyber security remain largely in separate silos, but changes in the IT and cyber threat landscapes mean there is an urgent need for organisations to alter their approach  Continue Reading

• Security Think Tank: ‘Shift left’ to secure containers

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Why UK needs independent oversight body for contact-tracing app

  The public needs and deserves clarity, and not just assurances, over the UK’s Covid-19 contact-tracing app  Continue Reading

• Security Think Tank: Container security starts with good DevOps practice

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Container security is evolving, so must CISOs

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Why trust is the new currency

  Businesses need to engender trust with customers amid the complexity of digital transactions involving multiple third parties, even as consumers are not fully cognizant of the importance of data privacy  Continue Reading

• How effective security training goes deeper than ‘awareness’

  Cyber criminals are constantly developing their techniques and strategies, so security training needs to do the same  Continue Reading

• Security Think Tank: Burnt out CISOs are a huge cyber risk

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Security Think Tank: Create healthy habits to avoid burnout

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security professionals manage their increased workload, safeguard their mental well-being and avoid burnout?  Continue Reading

• Four risks to data privacy and governance amid Covid-19

  EY privacy experts assess some of the novel risks to data privacy, protection and governance during the Covid-19 coronavirus pandemic  Continue Reading

• Security Think Tank: CISOs must adapt to fight Covid-19 burnout

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Why you should think before you Zoom

  Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential  Continue Reading

• A legal perspective on data breaches and home working

  Legal experts from Fieldfisher share guidance on how to deal with cyber attacks during the coronavirus crisis, and what the ICO expects in terms of notification  Continue Reading

• Security Think Tank: Continuity planning doesn’t have to be complex

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Coronavirus and privacy – finding the middle ground

  Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used  Continue Reading

• Why zero trust may not be all it’s cracked up to be

  While they are discussed ad nauseam in the security industry, zero-trust architectures may not be all they’re cracked up to be, according to analyst Sam Bocetta  Continue Reading

• Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: A guide to security best practice for pandemics

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Security Think Tank: Coronavirus crisis helps put security in context

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Why ‘no breach’ is bad news for your compliance

  You might think it’s a good thing if your organisation has a clean record when it comes to data breaches, but this is not necessarily the case  Continue Reading

• Security Think Tank: Zero trust strategies must start small, then grow

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs approach moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Ask yourself if zero trust is right for you

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: How zero trust lets you take back control

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero trust ...  Continue Reading

• Security Think Tank: Practical steps to achieve zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is not the answer to all your problems

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• The fight against cyber crime: Why cooperation matters

  With the WEF’s Global Risk Report 2019 ranking cyber attack in the top five global risks, we now see rising consensus at institutional level that no individual stakeholder can address the breadth of security challenges we face today  Continue Reading

• Security Think Tank: Facing the challenge of zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust – just another name for the basics?

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think-Tank: Tackle insider threats to achieve data-centric security

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Learning from the Travelex cyber attack: Failing to prepare is preparing to fail

  The key lesson to take from the Travelex breach is that an effective response to a breach is a critical business function and no longer the sole province of the IT department  Continue Reading