Opinion

Opinion

Web application security

• Why we need to reset the debate on end-to-end encryption to protect children

  Private messaging is the front line of abuse, yet E2EE in its current form risks engineering away the ability of firms to detect and disrupt it where it is most prevalent  Continue Reading

• Security Think Tank: Security culture must underpin vaccine passports

  What are the security challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Vaccine passports must be secure by design

  What are the security issues and challenges presented by vaccine passports, and how should they be designed and used with ethics and privacy in mind?  Continue Reading

• Security Think Tank: Time to rethink stopgap solutions

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: It’s time to secure the collaboration revolution

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Plan for hybrid working to become normal

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Security Think Tank: Cyber effectiveness, efficiency key in 2021

  After a year of unprecedented disruption thanks to Covid-19, it looks like remote working is set to remain with us for now, which means security strategies will change in 2021. What will this change look like, and what tools and services will be ...  Continue Reading

• Covid-19 has changed how we think about cyber security forever

  Six months into the global pandemic, the true impact on the future of cyber security is beginning to look clearer, says Microsoft’s Ann Johnson  Continue Reading

• Don’t believe the hype: AI is no silver bullet

  We want to believe AI will revolutionise cyber security, and we’re not necessarily wrong, but it’s time for a reality check  Continue Reading

• Security Think Tank: The past and future of security automation

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: Balancing human oversight with AI autonomy

  Artificial intelligence and machine learning techniques are said to hold great promise in security, enabling organisations to operate an IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the...  Continue Reading

• Security Think Tank: Get your house in order before deploying AI

  AI and machine learning techniques are said to hold great promise in security, enabling organisations to operate a IT predictive security stance and automate reactive measures when needed. Is this perception accurate, or is the importance of ...  Continue Reading

• Security Think Tank: ‘Shift left’ to secure containers

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Securing containers needn’t be taxing

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Container security starts with good DevOps practice

  Adopting containers promises great organisational efficiency advantages, but the fast-evolving technology can be problematic for security teams. What do CISOs need to know to safeguard containers?  Continue Reading

• Security Think Tank: Security teams are key workers and need support

  Cyber criminals are enjoying a boom during the Covid-19 pandemic, and security teams are working overtime as a result. How can security pros manage their increased workload, safeguard their mental wellbeing, and avoid burnout?  Continue Reading

• Why you should think before you Zoom

  Feel free to use Zoom during the coronavirus lockdown, but think before you discuss anything confidential  Continue Reading

• JavaScript skimmers: An evolving and dangerous threat

  Cyber attacks exploiting Magecart JavaScript skimmers are spiking during the coronavirus pandemic, and like biological viruses, they just keep evolving  Continue Reading

• Coronavirus and privacy – finding the middle ground

  Data collection has a role to play in fighting the deadly Covid-19 coronavirus outbreak, but governments need to be accountable for how it is used  Continue Reading

• Security Think Tank: Amid panic, how to find a sound level of security

  In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of which may be felt by CISOs. What responsibilities do security professionals have in such circumstances?  Continue Reading

• Addressing the IoT security challenge

  We consider how best to address some of the critical security challenges around the internet of things  Continue Reading

• Security Think Tank: Practical steps to achieve zero trust

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: Zero trust is complex, but has rich rewards

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: No trust in zero trust need not be a problem

  In theory, the elimination of trust on the network simplifies IT security, but zero trust also brings new complications and new challenges. How should CISOs go about moving their organisations from traditional network security to a zero-trust ...  Continue Reading

• Security Think Tank: In-depth protection is a matter of basic hygiene

  The belief that effective perimeter security is the best way to protect data is a fallacy that is being repeatedly exposed. We must recognise the need for a data-centric security model to protect data from both internal and external threats, but ...  Continue Reading

• Can we live without passwords?

  Can you imagine a future in which we can be secure online without having to remember an unwieldly list of passwords? Solutions are emerging that could make passwords redundant, but there will be other security problems to resolve  Continue Reading

• Think Tank: Application layer attack mitigation needs to start with risk analysis

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Security Think Tank: Focus on security before app deployment

  What should organisations be doing to address application layer attacks and reduce the likelihood of a breach through this type of attack?  Continue Reading

• Everyone, everywhere is responsible for IIoT cyber security

  Cyber security in the industrial internet of things is not limited to a single company, industry or region – it is an international threat to public safety, and can only be addressed through collaboration that extends beyond borders and competitive ...  Continue Reading

• Safer Internet Day: Building online safety practices with young people

  Many organisations around the UK are contributing to the important work on making the internet a safer place for everyone  Continue Reading

• Security Think Tank: Automating basic security tasks

  How can organisations evolve their security operations teams to do more automation of basic tasks and cope with dynamic IT environments?  Continue Reading

• Security Think Tank: Encourage employees to use an approved messaging app

  What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees?  Continue Reading

• Security Think Tank: Four steps to securing messaging apps

  What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees?  Continue Reading

• Security Think Tank: Use technical controls and policy to secure messaging apps

  What criteria should organisations use to assess the security of smartphone messaging apps and how can they ensure only approved apps are used by employees?  Continue Reading

• My brother Lauri Love should have the right to a trial in the UK

  Lauri Love should face trial over hacking allegations in a British Court, rather than be extradited to the US, where his extraordinary skills will be lost to society, says his younger sister  Continue Reading

• Security Think Tank: Web security guidelines from FS-ISAC

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Web security down to good risk management

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Approaches to effective web security

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Look at full security development lifecycle to reduce web threats

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Risk assess all web connections to shore up security

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Three areas of web security challenges

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Secure your web applications without prejudice

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Web opportunities must be met with appropriate security controls

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Starter for 10 in the web security challenge

  What are the main web security challenges for organisations and how are they best addressed?  Continue Reading

• Security Think Tank: Use a combination of approaches to create cyber safe work environments

  What are the best security controls to ensure a safe working environment where employees do not have the unfair pressure of being the first line of cyber defence?  Continue Reading

• Finance firms are vulnerable to cyber attacks, so why do customers think they are secure?

  The public are overly confident in the ability of banks and financial institutions to protect their data, but that will change when mandatory reporting comes in next year under the General Data Protection Regulation  Continue Reading

• Why Azure developers need security skills

  The unprecedented adoption of Microsoft Azure is a huge opportunity for developers, but they must keep their security skills updated  Continue Reading

• Gary McKinnon: Why Lauri Love should be spared the nightmare of extradition

  Computer activist Lauri Love should be spared a life sentence in a US jail, says former hacker Gary McKinnon  Continue Reading

• What does Brexit mean for the digital economy?

  It has become increasingly clear that there is no plan beyond the Brexit, so what do we do now, asks Chi Onwurah, the shadow minister for business  Continue Reading

• The problem with passwords: how to make it easier for employees to stay secure

  An organisation’s IT security can be compromised if staff do not follow a strict policy of using strong passwords to access internal systems  Continue Reading

• Are cloud users worrying about nothing when it comes to data sovereignty?

  With the upheaval surrounding the EU-US Privacy Shield, Clive Longbottom takes a closer look at the issue of sovereignty  Continue Reading

• When a slowdown in IT budgets is a good thing

  IT budgets will grow at their slowest rate for four years in 2016, yet companies are spending more on digital technology  Continue Reading

• Network security systems – dedicated or multifunction?

  For small and medium-sized businesses looking to secure their networks, multifunction security systems are a better option than best-of-breed technology  Continue Reading

• Why HTML5 must replace Flash

  Author Robin Nixon explains why the days of Flash are numbered  Continue Reading

• Life’s a breach: How to handle the press after a hacking attack

  Emily Dent, specialist in crisis PR, offers some advice to organisations that unexpectedly find themselves in the headlines  Continue Reading

• Security Think Tank: Cyber security should be a pillar of any business plan

  How can development, operations and security teams collaborate around change to ensure security is maintained and even improved?  Continue Reading

• European regulation shakes up online payments security

  Payment service providers and merchants should lose no time in assessing the affect of proposed European security regulations  Continue Reading

• The internet of things is an opportunity not a threat

  Businesses need to explain how they will use data generated by the internet of things to avoid public fears over how that data is used  Continue Reading

• The bad theatre of the Intelligence and Security Committee

  The report of the Intelligence and Security Committee was like a piece of bad theatre  Continue Reading

• US technology companies facing growing UK pressure over internet spying

  Tension is growing between the UK and US over Prism spying  Continue Reading

• A phisher’s paradise

  Email is one of the earliest services created on the internet and, arguably, remains the most important  Continue Reading

• Security Think Tank: Patch Shellshock vulnerability without delay

  What steps should businesses take to assess their vulnerability to the Shellshock Bash bug and patch vulnerable systems?  Continue Reading

• Balancing user desires with business needs

  With users increasingly taking IT decisions into their own hands, businesses need to try harder to keep up  Continue Reading

• Why collaboration is the only way to combat cyber threats

  Cyber threats are the most effective way to attack an organisation and those with malicious intent are finding more sophisticated ways of carrying out their activities  Continue Reading

• How to prepare the IT workforce for cloud and mobility    

  CompTIA is working to identify the key skills that staff responsible for cloud and mobility implementations need  Continue Reading

• So when do employees start following security rules?

  As security needs are rapidly transformed, when do enterprises feel that they are getting on top of information security?  Continue Reading

• The dangers of internet cafés

  Businesses need clear computer use policies and need to ensure staff are properly trained in data protection, writes Garry Mackay  Continue Reading

• How to build a website security programme

  Follow this step-by-step strategy for building a website security programme that yields results  Continue Reading

• Securing the hypervisor: expert tips

  There are many potential security issues with the various components of a virtualised infrastructure, and nowhere is this more of a concern than with the hypervisor platforms that host virtual systems and application instances  Continue Reading

• Security Think Tank: Web-based app security needs data-centric, risk-based approach

  What are the security pitfalls of web-based applications and how are they best avoided?  Continue Reading