Security policy and user awareness

A third of organisations do not have a security expert, survey shows

Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: A good password policy alone is not enough

In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Bruce Beam , (ISC)²

Security Think Tank: Cracking the code – what makes a good password?

In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Ramsés Gallego, Isaca

Security Think Tank: Some basic password guidelines

In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Petra Wenham

Security Think Tank: Firms need to support good password practices

In the light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Mike Gillespie

Security Think Tank: How to create good passwords and add security layers

In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough? Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: Complex passwords provide a false sense of security

In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Tim Holman, 2-sec

Israel accuses Hamas of using spy apps to target soldiers

Israel has accused Hamas of using apps to hijack soldiers’ phones to spy on them, and UK defence secretary demonstrates how effective that could be Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use pass phrases and 2FA to beef up access control

In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password – and when is a password alone not enough? Continue Reading

By

• Paddy Francis

Security Think Tank: Put more layers around passwords to up security

In light of the fact that complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Maxine Holt, Omdia

HMRC deactivates record number of fake websites

HM Revenue & Customs has removed more than 20,000 malicious websites in the past year, but warns people to stay alert to the threat from online fraudsters Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber security – why you’re doing it all wrong

Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong? Continue Reading

By

• Ed Tucker, Human Firewall

UK government cyber security standard welcomed

The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences Continue Reading

By

• Warwick Ashford, Senior analyst

NHS Digital signs three-year cyber security partnership with IBM

Partnership with IBM aims to bolster cyber security responses and defences, including expanding NHS Digital’s Cyber Security and Operations Centre Continue Reading

By

• Lis Evenstad

Lorca will help drive UK cyber exports, says ex-GCHQ boss

New London cyber security innovation centre will help to boost exports of UK cyber security expertise, says former GCHQ director Continue Reading

By

• Warwick Ashford, Senior analyst

Brexit a greater risk to UK financial system than cyber attack

While Brexit is seen as the biggest risk to the stability of the UK financial system, cyber attack is the most difficult risk to manage for over half of firms Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Global IoT security standard remains elusive

Despite the lack of a global internet of things security standard, existing security frameworks are on the same page in areas such as device upgradability and data stewardship Continue Reading

By

• Aaron Tan, Informa TechTarget

Digital transformation is just business change

Don't always start with the technology if you're driving transformation, but always start with the business Continue Reading

By

• Ed Tucker, Human Firewall

CDO interview: Andrei Belevtsev, Gazprom Neft

Russian oil giant will harness the latest technologies right across its business, says chief digital officer Continue Reading

By

• Vladimir Kozlov

Younger employees 'main culprits' for security breaches

UK senior decision makers believe younger workers are the biggest risk to cyber security, but are doing little to support them and reduce that risk, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Palo Alto Networks opens cyber range in Australia

The first of its kind in Asia-Pacific, the cyber range training facility will let Australian IT and security teams hone their skills through cyber security exercises Continue Reading

By

• Aaron Tan, Informa TechTarget

Dutch organisations must unite to fight DDoS attacks

Experts in the Netherlands call on Dutch corporations and institutions to work together to help prevent distributed denial of service attacks Continue Reading

By

• Tijs Hofmans

Most small businesses fail to act after a cyber attack  

Nearly half of small businesses have suffered at least one cyber attack in the past year, yet most fail to take action afterwards, citing lack of budget at the biggest challenge Continue Reading

By

• Warwick Ashford, Senior analyst

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading

By

• Aaron Tan, Informa TechTarget

Surface web used in private data sales

The surface web plays an integral role in the selling of personal information, a report on identify fraud has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Email-based cyber attacks gathering momentum

Email-based cyber attacks are gathering momentum and the cost of these attacks are rising, with several hidden costs, a survey of IT professionals in Europe, Middle East and Africa reveals Continue Reading

By

• Warwick Ashford, Senior analyst

APAC remains a hotbed for software piracy

The Asia-Pacific region is still seeing the highest use of unlicensed software installations globally, making enterprises more susceptible to cyber attacks from malware Continue Reading

By

• Kimberly Chua

Parliamentary computers at risk after staff targeted by phone phishing

Police are investigating phone phishing attacks targeted against Parliament. Staff warned not to disclose details of their computers to fraudulent callers. Continue Reading

By

• Bill Goodwin, Investigations Editor

Cyber security focus too much on tech, says Domino’s CISO

Many organisations are still focusing only on technology and compliance, which means their cyber defences are not as solid as they think, according to Domino’s Pizza chief information security officer Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Data controllers are essential in modern business environment

Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading

By

• Petra Wenham

Security Think Tank: Data governance is good for business and security

Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading

By

• Maxine Holt, Omdia

GDPR puts people first, says ICO

The day of 25 May 2018 marks the biggest change to UK data protection law in a generation, with benefits for businesses and consumers, according to the UK privacy watchdog Continue Reading

By

• Warwick Ashford, Senior analyst

Pen testers find weaknesses in banks’ cyber security

Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed Continue Reading

By

• Warwick Ashford, Senior analyst

BSI launches kitemark for internet of things devices

The British Standards Institution has launched a new kitemark for IoT devices, designed to improve consumer trust in the technology Continue Reading

By

• Alex Scroxton, Security Editor

IoT and personal devices pose huge security risk to enterprises

After years of speculation about the risk IoT and personal devices pose to enterprise security, research has revealed the threat is “immense” and probably greater than most firms realise Continue Reading

By

• Warwick Ashford, Senior analyst

Police Scotland did not inform public of mobile phone searches

Members of the Scottish Parliament heard that Police Scotland did not conduct impact assessments or give explanations to the public when they were accessing private data on their mobile phones Continue Reading

By

• Bill Goodwin, Investigations Editor

Hacking the internet of things just got easier – it’s time to look at your security

Are you taking security for internet-connected devices seriously enough? Continue Reading

By

• Dan Mosca, PA Consulting

Security Think Tank: Five tips for killing the campers on your network

Why is reducing cyber attacker dwell time important and how should this be tackled? Continue Reading

By

• Adrian Davis, (ISC)²

Twitter password security bug underlines need for industry change

Twitter has revealed that a bug in its systems resulted in some passwords being stored in a log in clear text, underlining the need for alternative authentication methods, say industry commentators Continue Reading

By

• Warwick Ashford, Senior analyst

City Police use Lego simulation to teach businesses cyber security

City of London Police are offering to train business leaders and IT security in cyber security using a Lego simulation that is surprisingly close to real life Continue Reading

By

• Bill Goodwin, Investigations Editor

Redscan warns of GDPR phishing scams

Cyber criminals are using fake GDPR-related privacy notices to trick recipients into disclosing personal data and spread malware, a security firm warns Continue Reading

By

• Warwick Ashford, Senior analyst

Security industry welcomes City of London Police cyber initiative

The security industry has welcomed plans to fight cyber crime in the heart of London using a community-based approach, but says more investment in cyber security skills is required Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Reducing cyber attacker dwell time is critical

Why is reducing cyber attacker dwell time important, and how should it be tackled? Continue Reading

By

• Simon Persin, Turnkey Consulting

Password practices still poor despite increased threats

Despite growing cyber threats and heightened global awareness of hacking and data breaches, password behaviours remain poor and UK users are in denial, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Conquer the end-user productivity balancing act

Keeping users productive is one of the most critical jobs IT pros have. But there are some hurdles to jump, including understanding the risks with collaboration tools. Continue Reading

By

• Gary Olsen

Government urges UK businesses to beef up cyber crime defences

Government is urging UK organisations to defend against cyber crime, as newly released figures show that large numbers of businesses and charities suffered at least one cyber attack in the past year Continue Reading

By

• Warwick Ashford, Senior analyst

Employees still in the dark about data protection

With just a month to go before the GDPR compliance deadline, many employees still don’t know how to protect confidential data, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber fraud costs SMEs more than £1,000 per case

Just over half of IT and telecoms SMEs are targeted by fraudsters, with each case of cyber fraud costing more than £1,000, study reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Nearly half of UK manufacturers hit by cyber attacks

Nearly half of UK manufacturers have been hit by a cyber security incident, according to a report by an industry organisation, which calls for greater government focus on the specific security needs of the sector Continue Reading

By

• Warwick Ashford, Senior analyst

No business safe from cyber attack, says KPMG

Businesses that operate online should be working to ensure operational resilience, while the financial sector should focus more on collaboration, says professional services firm KPMG Continue Reading

By

• Warwick Ashford, Senior analyst

Data protection is a business issue, says IAPP

Data privacy is a rapidly maturing profession as organisations around the world increasingly see data protection as a business issue, according to an industry association Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use good practice to address cryptojacking risk

How can organisations best defend against cryptojacking? Continue Reading

By

• Simon Persin, Turnkey Consulting

UK identity fraud reaches record level

The level of identity fraud has reached its highest level to date, a UK fraud report shows Continue Reading

By

• Warwick Ashford, Senior analyst

Top tech firms take cyber security pledge

Top tech firms have committed to protecting customers worldwide from cyber attacks and prevent the misuse of their technology Continue Reading

By

• Warwick Ashford, Senior analyst

Australian healthcare services most hit by data breaches

Nearly a quarter of data breaches reported under Australia’s new mandatory data breach regime took place in the healthcare sector Continue Reading

By

• Beverley Head

Cyber security a shared responsibility, says Amber Rudd

The UK home secretary has emphasised that cyber security is a shared responsibility and committed to promote EU cyber cooperation post-Brexit at the National Cyber Security Centre’s conference in Manchester Continue Reading

By

• Warwick Ashford, Senior analyst

Government to set up £13.5m cyber security centre

Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

NSA calls for cyber security community collaboration

A US National Security Agency (NSA) representative has called for cyber security community collaboration at the National Cyber Security Centre’s conference in Manchester Continue Reading

By

• Warwick Ashford, Senior analyst

Mobile phishing a growing threat, warns report

Phishing on mobile devices is a growing threat to business as attacks move beyond email to text messages and apps Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber criminals earn up to $2m a year, study shows

Academic study reveals just how lucrative cyber crime can be, with top-level cyber criminals out-earning government leaders and university graduates Continue Reading

By

• Warwick Ashford, Senior analyst

Security of big data fashions a whole new look with GDPR

As data managers scramble to protect their precious lakes of washed and unwashed data from the evils of hacking, malware, ransomware and botnets, there comes a privacy regulation of European Union origin that could change the way many U.S. companies protect their data from inside and outside forces. For some U.S. companies doing business in Europe and preparing for compliance, the EU's General Data Protection Regulation could be a well-intended enforcer of better data governance practices. But for businesses forced to change their old data protection habits, GDPR can be a four-letter word.

The April issue of Business Information opens with our editor's note and historical insights into the fundamental differences in attitude between the U.S. and Europe when it comes to protecting the data privacy of customers. As data breaches mount, however, the U.S. government -- willing or not -- may have to take steps beyond current regulations to ensure companies increase their security of big data.

Along those lines, our cover story examines some GDPR rules that can directly impact U.S. companies doing business overseas and, in the process, their data governance and ethics procedures. With the noted lack of maturity in data governance and security tools, we see in another feature how IT teams are addressing data security issues upfront in do-it-yourself ways when deploying big data systems.

Also in this issue, a GDPR compliance expert advises data managers on the best ways to prepare for a regulation that puts more control of information in the hands of users, the internet of things and edge computing could be compromising the security of big data and surveys show that companies place data protection among the top reasons for escalating their security spending.

 Continue Reading

GDPR requirements put focus on data ethics, governance

The General Data Protection Regulation makes privacy paramount and reinforces the practice of good data governance. Will a new focus on data ethics be an important side effect? Continue Reading

By

• Jack Vaughan

U.S. data protection laws fall short in the age of big data

Data breaches and a history of data abuse led the EU to adopt GDPR, but it might take massive scale data security crises for the U.S. to legislate similar data protection laws. Continue Reading

By

• Bridget Botelho, Editorial Director, News

Security Think Tank: Cryptojacking can be costly

How can organisations best defend against cryptojacking? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: Six tips for securing your organisation against cryptojacking

How can organisations best defend against cryptojacking? Continue Reading

By

• Adrian Davis, (ISC)²

Why businesses must think like criminals to protect their data

Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place Continue Reading

By

• Andy Barratt, Coalfire

Retail sector top cyber attack target

The retail sector was the top cyber attack target in 2017, as cyber attacks evolved to become more organised and structured, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: User vigilance key to cryptojacking defence

How can organisations best defend against cryptojacking? Continue Reading

By

• Tim Holman, 2-sec

Lawyers more influential than IT staff in cloud deployments

Traditionally considered risk-adverse, lawyers are twice as more influential than in-house technology staff about cloud, research finds Continue Reading

By

• Aaron Tan, Informa TechTarget

Europol operation nabs another 20 cyber criminals

Police have arrested 20 cyber criminals in connection with a €1m fraud operation across Italy and Romania Continue Reading

By

• Warwick Ashford, Senior analyst

Most airports not protected from cyber threats

The chairman of the Israel Airports Authority paints a dismal picture of the state of cyber security in aviation, and offers advice on what can be done to avert the next disaster Continue Reading

By

• Aaron Tan, Informa TechTarget

Majority of European firms unprepared for phishing attacks

Most cyber attacks can be traced back to a phishing email, but more than half of European firms are unprepared to deal with email-based attacks, research has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch SMEs’ cyber security is insufficient

Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading

By

• Kim Loohuis

Businesses lack cyber security confidence after majority were breached in past year

Most businesses were hit by a data breach in the past year, yet less than half are confident they would detect a breach, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

Think tank reports lifts lid on police cyber crime training

UK think tank Parliament Street has lifted the lid on spending by police forces on training staff to deal with cyber crime and recommended greater collaboration in this regard Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: Time to boost cyber defences

With a relatively young and tech-savvy population, ASEAN has been at the forefront of technology adoption. Yet, this has exposed its people and businesses to more cyber threats, including the massive data leak in Malaysia in 2017. In this month’s issue of CW ASEAN, we take a closer look at ASEAN’s patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats. Download the issue now. Continue Reading

CW ANZ: Report data break-ins – it’s the law

Cyber security is an increasingly global endeavour, with threat actors who know no boundaries unleashing attacks from nearly anywhere in the world. In this month’s issue of CW ANZ, we look at how Australia’s mandatory data breach notification law underscores recent efforts to lift its cyber security game, both locally and internationally. Download the issue now. Continue Reading

Security Think Tank: Fileless malware not totally undetectable

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Greg Temm

Government ‘unlawfully delegated’ bulk data powers to GCHQ, court hears

Privacy International urges Britain’s most secret court, the Investigatory Powers Tribunal, to rule that the government illegally collected surveillance data from internet and phone companies until at least September 2017 Continue Reading

By

• Bill Goodwin, Investigations Editor

Security Think Tank: Human, procedural and technical response to fileless malware

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Mike Gillespie

UK government criticised over lack of GDPR explanation

Most IT decision makers in the UK are critical of the government for failing to educate organisations about the GDPR and its implications, and few have a clear understanding of it, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

Security researchers demonstrate ransomware attack on robots

Researchers have carried out a ransomware attack on robots to show that such attacks are possible and should be guarded against Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use layered security and patch management to defeat fileless malware

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Maxine Holt, Omdia

Security Think Tank: Multi-layered security key to fileless malware defence

What should organisations do, at the very least, to ensure business computers are protected from fileless malware? Continue Reading

By

• Simon Persin, Turnkey Consulting

Mac malware more than doubled in 2017

Malware targeting Apple Mac computers more than doubled from 2016 to 2017, according to security firm Malwarebytes Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber security is a team sport, says NCSC

The UK’s national cyber security agency aims to help organisations understand the need to act collaboratively and collectively against the cyber threat, urging them to raise the bar Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Social engineering at the heart of fileless malware attacks

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: How to tackle fileless malware attacks

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Adrian Davis, (ISC)²

Cyber crime is a top threat to UK charities, says NCSC

Cyber crime poses the most serious threats to UK charities, the National Cyber Security Centre has warned Continue Reading

By

• Warwick Ashford, Senior analyst

New privacy fears as IT challenges delay surveillance oversight body by a year

IT challenges have delayed government plans for an independent body to authorise requests to access the public’s internet and phone records by nearly a year, raising new legal and privacy concerns Continue Reading

By

• Bill Goodwin, Investigations Editor

Singapore firms unprepared for GDPR

An EY study reveals that only 10% of organisations in Singapore are ready to comply with Europe’s new data protection regime Continue Reading

By

• Aaron Tan, Informa TechTarget

Surveillance watchdog investigates security risks of GCHQ IT contractors

The investigatory powers commissioner is reviewing the security arrangements for IT contractors that have access to live computer systems at GCHQ holding highly sensitive records on the UK population Continue Reading

By

• Bill Goodwin, Investigations Editor

Avast discovers Tempting Cedar Android spyware campaign

Security researchers have uncovered a three-year-old Android spyware campaign spread through social media and targeting people in the Middle East Continue Reading

By

• Warwick Ashford, Senior analyst

Unprotected Kubernetes consoles expose firms to cryptojacking

A number of big companies have been targeted by crytojacking attacks, where cyber criminals hijack computing power to mine cryptocurrencies, but some have unprotected Kubernetes consoles in common Continue Reading

By

• Warwick Ashford, Senior analyst

UK plans laws to protect company directors from ID theft

Legislation will make it easier for directors to remove their personal addresses from the company register Continue Reading

By

• Warwick Ashford, Senior analyst

CW Nordics: Nordics CIOs’ priorities in 2018

A select group of CIOs and analysts in Denmark, Finland, Norway and Sweden give their views on the top IT priorities in 2018. As in 2017, digital transformation will continue to be a buzzword. Also read how Sweden is tightening up its cyber security defences as part of a wider national security strategy, and how Nordic banks cannot afford to slow their digital transformations as PSD2 comes into force. Continue Reading

Hawaii missile alert: Why the wrong guy was fired

In January 2018, an employee at Hawaii’s emergency management agency sent out a false alarm of an imminent missile attack, and was subsequently fired – but perhaps poor system design is really to blame Continue Reading

By

• Jonny Corbett, Norman & Sons

Businesses face unprecedented volume of cyber attacks

Organisations are facing the highest levels of cyber attacks in both number and sophistication as automated swarm attacks increase, a cyber threat report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Strategic cyber criminals likely to capitalise on GDPR

As cyber criminals concentrate on targeted, strategic, money-making attacks, they are likely to use GDPR fines as leverage to extort money from organisations, a report warns Continue Reading

By

• Warwick Ashford, Senior analyst