It’s Time to Secure the Water Sector from Cyber Threats

he Biden administration is reportedly considering a first-ever integrated action plan for global water security, linking global access to clean, reliable water to U.S. national security for the first time. At home, the linkage between national security and security of the water and wastewater sector is self-evident by its very definition as critical infrastructure. Yet decades of chronic underinvestment and under-resourcing of federal support to the industry has left this life-supporting and life-sustaining infrastructure vulnerable to cyber threats.

Read more...

A Standard for Home Gateway Security

ETSI’s recently published TS 103 848 is one of a number of standards that ETSI is developing that derive from the security template for Internet of Things devices defined in ETSI EN 303 645. The reason that a standard for the security of Home Gateways is so important is embedded in its title. It protects our homes from the digital thief and burglar in the same way that our front doors protect our homes from the more traditional thief and burglar.

Read more...

Is Fully Homomorphic Encryption now a reality?

We all know the problems with users picking weak passwords, whether it is “PassW0rd123” or “JamesBond007”. We also know that there are lists of passwords which have been obtained from hacks into websites, and from these we can work out what are the most commonly used weak passwords in circulation. Surely there must be a way of checking, when a user chooses a new password for a website, whether the password lies on the known list of common weak passwords? There are two obvious solutions to this problem: Firstly, the browser could maintain the list of weak passwords locally on the user’s computer. This solution however does not scale as the list is huge, and needs to be continually updated. The second solution is for the new password to be sent to a central site and compared against the list of common weak passwords. But this solution then leaks the new (potentially strong) password to the central site doing the checking. Is there a better way?

Read more...

How to Balance Cybersecurity and Productivity

Today’s business world is becoming more data-driven and increasingly remote at a rapid pace. New technologies enable companies to gather more information, while the COVID-19 pandemic ushered in the unprecedented trend in remote work.
Many businesses realize the benefits of employees working remotely, but unfortunately, so do cybercriminals. Threat actors are capitalizing on the remote work trend and executing a range of cyberattacks to exploit companies and their sensitive data. At the same time, emphasizing employee productivity is a top concern for most employers.
Cybersecurity and productivity are two critical components of any business, regardless of industry. However, finding a healthy and suitable balance can be challenging. Employees require access to company data during the workday, and IT professionals must implement strong cybersecurity measures to protect that information. How can the two functions work in tandem?

Read more...

Pain-Free Cloud Security Transformation? There’s No Such Thing

Seemingly all companies today prioritize cloud security as part of a comprehensive cybersecurity strategy, and for good reason. The proliferation and sophistication of cyberattacks bring endless possibilities for hackers to steal and misuse data at a pace previously unimaginable. Ransomware alone rose more than 100 percent in volume globally in 2021, and the expectation is that with such “success,” the rate of attacks will only grow in 2022.
Yet, too many enterprises and smaller companies still struggle with the transformation to the cloud because of the variables that come along with choosing the best product. Lack of awareness about the complexities with the switch, namely technology-related issues and typical adjustments needed to workflows and processes, also contributes to the confusion. Adding to the quandary is the existence of very few companies that are dedicated to cloud security as opposed to general cybersecurity products.

Read more...

Security Considerations in Choosing Cloud Data Platforms

Cloud security is more important than ever. Cybercrime is on the rise, and changes in the business world — the pivot to work from home — have made companies of all kinds more vulnerable to cyberattacks.
Data security has become a critical consideration for businesses migrating to the cloud or building a multi-cloud environment. It’s vital to know what to keep in mind when choosing a cloud data platform. Here are some things savvy companies should consider when making their selection.

Read more...

Model behaviour: Using AI to beat financial cybercrime

As the gatekeepers to personal and business wealth, banks and financial institutions are prime targets for cybercrime.  Financial cybercrime attempts are increasingly frequent, costly and highly successful in many cases. According to research and advisory group UK Finance’s report Fraud – The Facts 2021, the sector prevented £1.6bn of unauthorised fraud losses in 2020, approximately £6.73 in every £10 attempted. UK Finance’s Information and Intelligence Unit also helped protect over 2.1 million compromised card numbers in 2020.

Read more...

Closing the Cybersecurity Communications Gap: What Every CISO Needs the C-Suite to Know

The role of the Chief Information Security Officer (CISO) has evolved considerably in recent years. So much so that in many organisations CISOs now regularly consult with the CFO, CTO and CEO on security strategy, cyber risk, and how to approach digital transformation. However, while some CISOs have been given a seat at the table on many executive boards, this hasn’t been the case everywhere.
In the past, digital security was a high priority for highly regulated industries such as banks, insurance companies as well as utilities and public sector organisations. But the recent and rapid escalation of online channels in the wake of the global pandemic has made companies in every industry sector a potential target for cyber criminals. This means C-Suite executives need to be fully informed and educated on the preventative steps that need to be taken – and why.

Read more...