Security policy and user awareness

Mimecast extends core email security to enable cyber resilience

Mimecast continues to widen its cyber security capability through in-house development and strategic acquisition, as well as extend its core email security technologies to all other areas it applies Continue Reading

By

• Warwick Ashford, Senior analyst

Butlin’s warns of potential personal data breach

Holiday camp chain blames cyber breach on a phishing attack, implying that attackers were able to steal user credentials to access customer data – and underlining the need for security awareness training Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch organisations must unite to fight DDoS attacks

 Continue Reading

Australia calls for interventionist approach in new cyber agenda

The Australian government is forming a cyber defence network comprising security agencies and private sector partners to support a more interventionist approach towards cyber security Continue Reading

By

• Aaron Tan, TechTarget

Mobile banking Trojans reach all-time high

Mobile banking Trojans topped the list of cyber threats in the second quarter of the year, according to research by Kaspersky Lab Continue Reading

By

• Warwick Ashford, Senior analyst

UK security centre to launch IoT security standard

The London-based Centre for Strategic Cyber Space and Security Science is working on an internet of things security standard and has roped in participants from eight markets Continue Reading

By

• Aaron Tan, TechTarget

SamSam ransomware reaps $5.9m and counting

In just two and a half years, SamSam campaigns are believed to have netted nearly $6m for cyber criminals, an analysis of this adaptive and evasive strain of active ransomware reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Australia’s health sector reports most data breaches again

In the first full quarter since Australia’s mandatory breach disclosure scheme came into effect, healthcare providers reported the most data breaches amid controversy over the national health record system Continue Reading

By

• Beverley Head

Search begins for UK’s cyber security Unsung Heroes

The Security Serious cyber awareness campaign has opened nominations for the third annual cyber security Unsung Heroes awards Continue Reading

By

• Warwick Ashford, Senior analyst

Burden of data protection rests on firms and governments

A senior executive at Singapore’s Cyber Security Agency stressed the role of corporate data governance and government regulations in raising the bar on cyber security Continue Reading

By

• Ai Lei Tao

App users in developing APAC prefer convenience over security

By Kimberly Chua Mobile app users in developing Asia-Pacific (APAC) countries prefer convenience over security, signaling a potential rift between companies and users, a new F5 Networks study has ... Continue Reading

By

• Aaron Tan, TechTarget

Combat mobile device security threats at home and abroad

Employees that travel for business face a higher risk of a mobile security breach. Take these steps to ensure that your mobile device fleet is secure. Continue Reading

By

• Kevin Beaver, Principle Logic, LLC

Ransomware concern drops despite being top cost

Fewer organisations are worried about ransomware even though it remains one of the most costly cyber attacks Continue Reading

By

• Warwick Ashford, Senior analyst

Australian energy sector caught in security catch-22

With regulators unwilling to accept security investments that would lead to higher tariffs, there is a chance that Australia’s National Energy Market could face increased cyber risks Continue Reading

By

• Beverley Head

Top execs cyber security hypocrites, report shows

There is a critical disconnect between the cyber security behaviour that top executives recommend and the way they behave themselves, while many firms do not know where their data lives and moves, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Most firms have software security vulnerability

Most firms have a software vulnerability that can be exploited by cyber attackers, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

MPs call for inquiry into smart meter roll-out

Government urged to conduct a review of the roll-out of smart meters for electricity and gas, and to intervene to tackle a number of failures Continue Reading

By

• Alex Scroxton, Security Editor

Cyber criminals use fake domains to scam businesses

UK police are warning businesses that cyber criminals are using fake domains to scam businesses out of hundreds of thousands of pounds Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: Defend against disruption

The security of industrial control systems (ICS) has come under the spotlight with several high-profile incidents affecting power plants and other critical infrastructure in recent years. What are the threats to these systems in ASEAN, and what is the common approach to securing ICS systems? In this month’s issue of CW ASEAN, we take a closer look at how ICS operators are improving the visibility of ICS environments without jeopardizing operations, addressing security vulnerabilities and enhancing cooperation between IT and operational technology teams. Read the issue now. Continue Reading

Singapore to bolster threat intelligence sharing in financial sector

Singapore’s Cyber Security Agency has partnered the Financial Services Information Sharing and Analysis Centre to glean cyber threat intelligence for the country’s financial industry Continue Reading

By

• Aaron Tan, TechTarget

A third of organisations do not have a security expert, survey shows

Around a third of organisations are vulnerable to cyber attacks due to a lack of dedicated in-house cyber security experts, finds Gartner survey Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Security Think Tank: A good password policy alone is not enough

In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Bruce Beam , (ISC)²

Security Think Tank: Cracking the code – what makes a good password?

In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Ramsés Gallego, Isaca

Security Think Tank: Some basic password guidelines

In light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Petra Wenham

Security Think Tank: Firms need to support good password practices

In the light of the fact that complex passwords are not as strong as most people think and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Mike Gillespie

Security Think Tank: How to create good passwords and add security layers

In light of the fact complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password - and when is a password alone not enough? Continue Reading

By

• Simon Persin, Turnkey Consulting

Security Think Tank: Complex passwords provide a false sense of security

In the light of the fact that complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Tim Holman, 2-sec

Israel accuses Hamas of using spy apps to target soldiers

Israel has accused Hamas of using apps to hijack soldiers’ phones to spy on them, and UK defence secretary demonstrates how effective that could be Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use pass phrases and 2FA to beef up access control

In light of the fact complex passwords are not as strong as most people think, and that most password strategies inevitably lead to people following them blindly, what actually makes a good password – and when is a password alone not enough? Continue Reading

By

• Paddy Francis

Security Think Tank: Put more layers around passwords to up security

In light of the fact that complex passwords are not as strong as most people think and most password strategies inevitably lead to people following them blindly, what actually makes a good password and when is a password alone not enough? Continue Reading

By

• Maxine Holt, Omdia

HMRC deactivates record number of fake websites

HM Revenue & Customs has removed more than 20,000 malicious websites in the past year, but warns people to stay alert to the threat from online fraudsters Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber security – why you’re doing it all wrong

Most organisations can list the IT security tools and controls they have, so why do most of them still get the security basics wrong? Continue Reading

By

• Ed Tucker, Human Firewall

UK government cyber security standard welcomed

The information security community has welcomed the publication of the government’s minimum cyber security standard, which could be used by any organisation to improve its cyber defences Continue Reading

By

• Warwick Ashford, Senior analyst

NHS Digital signs three-year cyber security partnership with IBM

Partnership with IBM aims to bolster cyber security responses and defences, including expanding NHS Digital’s Cyber Security and Operations Centre Continue Reading

By

• Lis Evenstad

Lorca will help drive UK cyber exports, says ex-GCHQ boss

New London cyber security innovation centre will help to boost exports of UK cyber security expertise, says former GCHQ director Continue Reading

By

• Warwick Ashford, Senior analyst

Brexit a greater risk to UK financial system than cyber attack

While Brexit is seen as the biggest risk to the stability of the UK financial system, cyber attack is the most difficult risk to manage for over half of firms Continue Reading

By

• Karl Flinders, Chief reporter and senior editor EMEA

Global IoT security standard remains elusive

Despite the lack of a global internet of things security standard, existing security frameworks are on the same page in areas such as device upgradability and data stewardship Continue Reading

By

• Aaron Tan, TechTarget

Digital transformation is just business change

Don't always start with the technology if you're driving transformation, but always start with the business Continue Reading

By

• Ed Tucker, Human Firewall

CDO interview: Andrei Belevtsev, Gazprom Neft

Russian oil giant will harness the latest technologies right across its business, says chief digital officer Continue Reading

By

• Vladimir Kozlov

Younger employees 'main culprits' for security breaches

UK senior decision makers believe younger workers are the biggest risk to cyber security, but are doing little to support them and reduce that risk, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Palo Alto Networks opens cyber range in Australia

The first of its kind in Asia-Pacific, the cyber range training facility will let Australian IT and security teams hone their skills through cyber security exercises Continue Reading

By

• Aaron Tan, TechTarget

Dutch organisations must unite to fight DDoS attacks

Experts in the Netherlands call on Dutch corporations and institutions to work together to help prevent distributed denial of service attacks Continue Reading

By

• Tijs Hofmans

Most small businesses fail to act after a cyber attack  

Nearly half of small businesses have suffered at least one cyber attack in the past year, yet most fail to take action afterwards, citing lack of budget at the biggest challenge Continue Reading

By

• Warwick Ashford, Senior analyst

Singapore remains hotbed for cyber threats

Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency Continue Reading

By

• Aaron Tan, TechTarget

Surface web used in private data sales

The surface web plays an integral role in the selling of personal information, a report on identify fraud has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Email-based cyber attacks gathering momentum

Email-based cyber attacks are gathering momentum and the cost of these attacks are rising, with several hidden costs, a survey of IT professionals in Europe, Middle East and Africa reveals Continue Reading

By

• Warwick Ashford, Senior analyst

APAC remains a hotbed for software piracy

The Asia-Pacific region is still seeing the highest use of unlicensed software installations globally, making enterprises more susceptible to cyber attacks from malware Continue Reading

By

• Kimberly Chua

Parliamentary computers at risk after staff targeted by phone phishing

Police are investigating phone phishing attacks targeted against Parliament. Staff warned not to disclose details of their computers to fraudulent callers. Continue Reading

By

• Bill Goodwin, Computer Weekly

Cyber security focus too much on tech, says Domino’s CISO

Many organisations are still focusing only on technology and compliance, which means their cyber defences are not as solid as they think, according to Domino’s Pizza chief information security officer Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Data controllers are essential in modern business environment

Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading

By

• Petra Wenham

Security Think Tank: Data governance is good for business and security

Why is it important to know where data flows, with whom it's shared and where it lives at rest, and what is the best way of achieving this? Continue Reading

By

• Maxine Holt, Omdia

GDPR puts people first, says ICO

The day of 25 May 2018 marks the biggest change to UK data protection law in a generation, with benefits for businesses and consumers, according to the UK privacy watchdog Continue Reading

By

• Warwick Ashford, Senior analyst

Pen testers find weaknesses in banks’ cyber security

Humans are the biggest weakness in banks’ cyber defences, but there are several others that also need attention, penetration testers have revealed Continue Reading

By

• Warwick Ashford, Senior analyst

BSI launches kitemark for internet of things devices

The British Standards Institution has launched a new kitemark for IoT devices, designed to improve consumer trust in the technology Continue Reading

By

• Alex Scroxton, Security Editor

IoT and personal devices pose huge security risk to enterprises

After years of speculation about the risk IoT and personal devices pose to enterprise security, research has revealed the threat is “immense” and probably greater than most firms realise Continue Reading

By

• Warwick Ashford, Senior analyst

Police Scotland did not inform public of mobile phone searches

Members of the Scottish Parliament heard that Police Scotland did not conduct impact assessments or give explanations to the public when they were accessing private data on their mobile phones Continue Reading

By

• Bill Goodwin, Computer Weekly

Hacking the internet of things just got easier – it’s time to look at your security

Are you taking security for internet-connected devices seriously enough? Continue Reading

By

• Dan Mosca, PA Consulting

Security Think Tank: Five tips for killing the campers on your network

Why is reducing cyber attacker dwell time important and how should this be tackled? Continue Reading

By

• Adrian Davis, (ISC)²

Twitter password security bug underlines need for industry change

Twitter has revealed that a bug in its systems resulted in some passwords being stored in a log in clear text, underlining the need for alternative authentication methods, say industry commentators Continue Reading

By

• Warwick Ashford, Senior analyst

City Police use Lego simulation to teach businesses cyber security

City of London Police are offering to train business leaders and IT security in cyber security using a Lego simulation that is surprisingly close to real life Continue Reading

By

• Bill Goodwin, Computer Weekly

Redscan warns of GDPR phishing scams

Cyber criminals are using fake GDPR-related privacy notices to trick recipients into disclosing personal data and spread malware, a security firm warns Continue Reading

By

• Warwick Ashford, Senior analyst

Security industry welcomes City of London Police cyber initiative

The security industry has welcomed plans to fight cyber crime in the heart of London using a community-based approach, but says more investment in cyber security skills is required Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Reducing cyber attacker dwell time is critical

Why is reducing cyber attacker dwell time important, and how should it be tackled? Continue Reading

By

• Simon Persin, Turnkey Consulting

Password practices still poor despite increased threats

Despite growing cyber threats and heightened global awareness of hacking and data breaches, password behaviours remain poor and UK users are in denial, a study has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Conquer the end-user productivity balancing act

Keeping users productive is one of the most critical jobs IT pros have. But there are some hurdles to jump, including understanding the risks with collaboration tools. Continue Reading

By

• Gary Olsen

Government urges UK businesses to beef up cyber crime defences

Government is urging UK organisations to defend against cyber crime, as newly released figures show that large numbers of businesses and charities suffered at least one cyber attack in the past year Continue Reading

By

• Warwick Ashford, Senior analyst

Employees still in the dark about data protection

With just a month to go before the GDPR compliance deadline, many employees still don’t know how to protect confidential data, a study shows Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber fraud costs SMEs more than £1,000 per case

Just over half of IT and telecoms SMEs are targeted by fraudsters, with each case of cyber fraud costing more than £1,000, study reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Nearly half of UK manufacturers hit by cyber attacks

Nearly half of UK manufacturers have been hit by a cyber security incident, according to a report by an industry organisation, which calls for greater government focus on the specific security needs of the sector Continue Reading

By

• Warwick Ashford, Senior analyst

No business safe from cyber attack, says KPMG

Businesses that operate online should be working to ensure operational resilience, while the financial sector should focus more on collaboration, says professional services firm KPMG Continue Reading

By

• Warwick Ashford, Senior analyst

Data protection is a business issue, says IAPP

Data privacy is a rapidly maturing profession as organisations around the world increasingly see data protection as a business issue, according to an industry association Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: Use good practice to address cryptojacking risk

How can organisations best defend against cryptojacking? Continue Reading

By

• Simon Persin, Turnkey Consulting

UK identity fraud reaches record level

The level of identity fraud has reached its highest level to date, a UK fraud report shows Continue Reading

By

• Warwick Ashford, Senior analyst

Top tech firms take cyber security pledge

Top tech firms have committed to protecting customers worldwide from cyber attacks and prevent the misuse of their technology Continue Reading

By

• Warwick Ashford, Senior analyst

Australian healthcare services most hit by data breaches

Nearly a quarter of data breaches reported under Australia’s new mandatory data breach regime took place in the healthcare sector Continue Reading

By

• Beverley Head

Cyber security a shared responsibility, says Amber Rudd

The UK home secretary has emphasised that cyber security is a shared responsibility and committed to promote EU cyber cooperation post-Brexit at the National Cyber Security Centre’s conference in Manchester Continue Reading

By

• Warwick Ashford, Senior analyst

Government to set up £13.5m cyber security centre

Located at the 2012 Olympic Park, the London Cyber Innovation Centre could create up to 2,000 jobs in cyber security Continue Reading

By

• Alex Scroxton, Security Editor

NSA calls for cyber security community collaboration

A US National Security Agency (NSA) representative has called for cyber security community collaboration at the National Cyber Security Centre’s conference in Manchester Continue Reading

By

• Warwick Ashford, Senior analyst

Mobile phishing a growing threat, warns report

Phishing on mobile devices is a growing threat to business as attacks move beyond email to text messages and apps Continue Reading

By

• Warwick Ashford, Senior analyst

Cyber criminals earn up to $2m a year, study shows

Academic study reveals just how lucrative cyber crime can be, with top-level cyber criminals out-earning government leaders and university graduates Continue Reading

By

• Warwick Ashford, Senior analyst

Security of big data fashions a whole new look with GDPR

As data managers scramble to protect their precious lakes of washed and unwashed data from the evils of hacking, malware, ransomware and botnets, there comes a privacy regulation of European Union origin that could change the way many U.S. companies protect their data from inside and outside forces. For some U.S. companies doing business in Europe and preparing for compliance, the EU's General Data Protection Regulation could be a well-intended enforcer of better data governance practices. But for businesses forced to change their old data protection habits, GDPR can be a four-letter word.

The April issue of Business Information opens with our editor's note and historical insights into the fundamental differences in attitude between the U.S. and Europe when it comes to protecting the data privacy of customers. As data breaches mount, however, the U.S. government -- willing or not -- may have to take steps beyond current regulations to ensure companies increase their security of big data.

Along those lines, our cover story examines some GDPR rules that can directly impact U.S. companies doing business overseas and, in the process, their data governance and ethics procedures. With the noted lack of maturity in data governance and security tools, we see in another feature how IT teams are addressing data security issues upfront in do-it-yourself ways when deploying big data systems.

Also in this issue, a GDPR compliance expert advises data managers on the best ways to prepare for a regulation that puts more control of information in the hands of users, the internet of things and edge computing could be compromising the security of big data and surveys show that companies place data protection among the top reasons for escalating their security spending.

 Continue Reading

GDPR requirements put focus on data ethics, governance

The General Data Protection Regulation makes privacy paramount and reinforces the practice of good data governance. Will a new focus on data ethics be an important side effect? Continue Reading

By

• Jack Vaughan

U.S. data protection laws fall short in the age of big data

Data breaches and a history of data abuse led the EU to adopt GDPR, but it might take massive scale data security crises for the U.S. to legislate similar data protection laws. Continue Reading

By

• Bridget Botelho, Editorial Director, News

Security Think Tank: Cryptojacking can be costly

How can organisations best defend against cryptojacking? Continue Reading

By

• Emma Bickerstaffe, Information Security Forum (ISF)

Security Think Tank: Six tips for securing your organisation against cryptojacking

How can organisations best defend against cryptojacking? Continue Reading

By

• Adrian Davis, (ISC)²

Why businesses must think like criminals to protect their data

Cyber criminals use three main methods of operation to steal commercial data. Understanding their mindset can help organisations put the right defences in place Continue Reading

By

• Andy Barratt, Coalfire

Retail sector top cyber attack target

The retail sector was the top cyber attack target in 2017, as cyber attacks evolved to become more organised and structured, a report reveals Continue Reading

By

• Warwick Ashford, Senior analyst

Security Think Tank: User vigilance key to cryptojacking defence

How can organisations best defend against cryptojacking? Continue Reading

By

• Tim Holman, 2-sec

Lawyers more influential than IT staff in cloud deployments

Traditionally considered risk-adverse, lawyers are twice as more influential than in-house technology staff about cloud, research finds Continue Reading

By

• Aaron Tan, TechTarget

Europol operation nabs another 20 cyber criminals

Police have arrested 20 cyber criminals in connection with a €1m fraud operation across Italy and Romania Continue Reading

By

• Warwick Ashford, Senior analyst

Most airports not protected from cyber threats

The chairman of the Israel Airports Authority paints a dismal picture of the state of cyber security in aviation, and offers advice on what can be done to avert the next disaster Continue Reading

By

• Aaron Tan, TechTarget

Majority of European firms unprepared for phishing attacks

Most cyber attacks can be traced back to a phishing email, but more than half of European firms are unprepared to deal with email-based attacks, research has revealed Continue Reading

By

• Warwick Ashford, Senior analyst

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns Continue Reading

By

• Warwick Ashford, Senior analyst

Dutch SMEs’ cyber security is insufficient

Nowhere in the Netherlands is digitisation as big as it is in small and medium-sized enterprises, but the sector still has a lot to do in terms of cyber security Continue Reading

By

• Kim Loohuis

Businesses lack cyber security confidence after majority were breached in past year

Most businesses were hit by a data breach in the past year, yet less than half are confident they would detect a breach, a survey shows Continue Reading

By

• Warwick Ashford, Senior analyst

Think tank reports lifts lid on police cyber crime training

UK think tank Parliament Street has lifted the lid on spending by police forces on training staff to deal with cyber crime and recommended greater collaboration in this regard Continue Reading

By

• Warwick Ashford, Senior analyst

CW ASEAN: Time to boost cyber defences

With a relatively young and tech-savvy population, ASEAN has been at the forefront of technology adoption. Yet, this has exposed its people and businesses to more cyber threats, including the massive data leak in Malaysia in 2017. In this month’s issue of CW ASEAN, we take a closer look at ASEAN’s patchy cyber security landscape, including varying levels of cyber resilience across the region, cyber security strategies adopted by different countries, as well as efforts to improve cyber capabilities and foster greater collaboration in the common fight against cyber threats. Download the issue now. Continue Reading

CW ANZ: Report data break-ins – it’s the law

Cyber security is an increasingly global endeavour, with threat actors who know no boundaries unleashing attacks from nearly anywhere in the world. In this month’s issue of CW ANZ, we look at how Australia’s mandatory data breach notification law underscores recent efforts to lift its cyber security game, both locally and internationally. Download the issue now. Continue Reading

Security Think Tank: Fileless malware not totally undetectable

What should organisations do at the very least to ensure business computers are protected from fileless malware? Continue Reading

By

• Greg Temm

Government ‘unlawfully delegated’ bulk data powers to GCHQ, court hears

Privacy International urges Britain’s most secret court, the Investigatory Powers Tribunal, to rule that the government illegally collected surveillance data from internet and phone companies until at least September 2017 Continue Reading

By

• Bill Goodwin, Computer Weekly