User credentials are by far the best hack
Losing sight of the biggest cause of security breaches isn’t surprising when there are often more column inches in the
Read moreLosing sight of the biggest cause of security breaches isn’t surprising when there are often more column inches in the
Read moreThinking your organisation is at less risk of a data breach is one of the biggest mistakes any business can
Read moreData is arguably an organisation’s biggest asset, which makes it a key target for cybercriminals. With 26 per cent of
Read moreCybercriminals are notoriously good at the art of uncovering the paths of least resistance that lead to an organisation’s valuable
Read moreIn the last few years, many large businesses have overhauled their approach to cyber security. The rise of remote working forced them to bring forward long-planned upgrades to both security technology and processes, resulting in far better data security across the board.
On paper it seems like very good news, but it isn’t necessarily for everyone. Why? Because the majority of cyber criminals are opportunists looking for the quickest and easiest way to make the maximum amount of money possible from victims. Consequently, they tend to target larger businesses that have more assets for exploitation. However, as these large businesses continue to shore up their cyber defences, cyber criminals have started looking elsewhere for easier targets, and many of them are turning their attention to lesser protected mid-market enterprises instead.
Shadow APIs (Application Programming Interfaces) are now the biggest threat facing API security today. Analysis of more than 20 billion transactions from the first half of 2022 found 16.7 billion of these were malicious in nature and the majority (5 billion) were against unknown, unmanaged and unprotected APIs, more commonly referred to as Shadow APIs.
Read moreSecurity is a real concern among consumers when it comes to the Internet of Things (IoT) which have time and again succumbed to a litany of attacks due to poor protection mechanisms and vulnerabilities. Yet vendors remain slow to implement the 13 guidelines contained in the UK DCMS Secure by Design Code of Conduct published way back in 2018 and which aligns with the international standard ETSI EN 303-645.
To help boost uptake, the UK Department for Culture, Media and Sport put out a tender to the industry to devise a scheme that would incentivise manufacturers to demonstrate proactive security compliance to customers. The result was the IASME scheme which offers three levels of compliance – Basic, Silver and Gold – in a bid to encourage the industry to take action. Those meeting the criteria can then display the associated badge on their products, reassuring customers. It’s the carrot, if you will, ahead of the legislation expected to be brought in next year under the Product Security and Telecommunications Infrastructure (PSTI) Bill.
The invention of Artificial Intelligence will shift the trajectory of human civilization. But to reap the benefits of such powerful technology – and to avoid the dangers – we must be able to control it. Currently we have no idea whether such control is even possible. My view is that Artificial Intelligence – and specifically its more advanced version, Artificial Super Intelligence– could never be fully controlled.
Read moreThe growing prevalence of large-scale cloud native deployments is forcing enterprises to combine ‘shift left’ DevSecOps, intelligent automation, CSPM (cloud
Read moreIt’s time the CFO got involved in cybersecurity. Remote working has opened vast possibilities for cyber-attackers to access financial data and processes, spreading risk factors well beyond the borders of the IT department.
Everything can be done, and is, on the internet these days, thanks to the global pandemic.