Science meets Practice
This article is inspired by a recent article on the Computerworld site for Denmark, where one of the CISO’s for a big energy company lamented the lack of formal skills in the cybersecurity community on the security requirements for Operational Technology (OT) and Industrial Control Systems (ICS). This triggered light research from me on the options out there for relevant trainings and certifications.
Read more
he Biden administration is reportedly considering a first-ever integrated action plan for global water security, linking global access to clean, reliable water to U.S. national security for the first time. At home, the linkage between national security and security of the water and wastewater sector is self-evident by its very definition as critical infrastructure. Yet decades of chronic underinvestment and under-resourcing of federal support to the industry has left this life-supporting and life-sustaining infrastructure vulnerable to cyber threats.
Read more
We all know the problems with users picking weak passwords, whether it is “PassW0rd123” or “JamesBond007”. We also know that there are lists of passwords which have been obtained from hacks into websites, and from these we can work out what are the most commonly used weak passwords in circulation. Surely there must be a way of checking, when a user chooses a new password for a website, whether the password lies on the known list of common weak passwords? There are two obvious solutions to this problem: Firstly, the browser could maintain the list of weak passwords locally on the user’s computer. This solution however does not scale as the list is huge, and needs to be continually updated. The second solution is for the new password to be sent to a central site and compared against the list of common weak passwords. But this solution then leaks the new (potentially strong) password to the central site doing the checking. Is there a better way?
Read more
Seemingly all companies today prioritize cloud security as part of a comprehensive cybersecurity strategy, and for good reason. The proliferation and sophistication of cyberattacks bring endless possibilities for hackers to steal and misuse data at a pace previously unimaginable. Ransomware alone rose more than 100 percent in volume globally in 2021, and the expectation is that with such “success,” the rate of attacks will only grow in 2022.
Yet, too many enterprises and smaller companies still struggle with the transformation to the cloud because of the variables that come along with choosing the best product. Lack of awareness about the complexities with the switch, namely technology-related issues and typical adjustments needed to workflows and processes, also contributes to the confusion. Adding to the quandary is the existence of very few companies that are dedicated to cloud security as opposed to general cybersecurity products.
The role of the Chief Information Security Officer (CISO) has evolved considerably in recent years. So much so that in many organisations CISOs now regularly consult with the CFO, CTO and CEO on security strategy, cyber risk, and how to approach digital transformation. However, while some CISOs have been given a seat at the table on many executive boards, this hasn’t been the case everywhere.
In the past, digital security was a high priority for highly regulated industries such as banks, insurance companies as well as utilities and public sector organisations. But the recent and rapid escalation of online channels in the wake of the global pandemic has made companies in every industry sector a potential target for cyber criminals. This means C-Suite executives need to be fully informed and educated on the preventative steps that need to be taken – and why.
This is an opinion piece, and an opinion that I am fully aware of, can be controversial in some sectors of the cybersecurity industry. Still, selling the state of the cybersecurity of customers, that most of us are doing our outmost to protect from the nefarious underbelly of the Internet, is actively undermining the security. And yes, I feel that it is actively undermining the security, to sell 0-days to brokers, on the darknet or companies on the Internet, instead of disclosing them to the vendors for patching.
Read more
Ransomware is big business. It’s difficult to accurately measure just how big; the true size of the ransomware industry is masked by the fact that not all attacks and payments are made public. However, a simple analysis of the ransom payments in the news – where new ransomware headlines appear almost daily – reveals a multi-billion-dollar industry. Ransomware attacks are estimated to occur every 11 seconds, with the total cost of attacks to businesses exceeding $20 billion last year.
In 2022, there are no signs ransomware is slowing down. From ransomware as a service (RaaS) to Big Game Hunting, cybercriminals are becoming increasingly sophisticated; ransomware represents one of the greatest threats facing businesses today. For chief information security officers (CISOs) and the wider executive leadership team, navigating the modern ransomware landscape is challenging. Attackers are almost always one step ahead – with innovative, well-funded and coordinated teams utilising every tool at their disposal to penetrate corporate networks. It can be difficult to know exactly what form a threat might take and where best to focus risk mitigation efforts.
In our increasingly data-driven world, personal data is shared every second – when shopping, at work, travelling, or simply browsing the internet. It is the responsibility of every organisation to make an active commitment to protect the data it holds. After all, it could have serious implications for its reputation if a data breach occurred and its customers’ personal data was stolen and misused.
Data Protection Day seeks to raise awareness and promote best practices around keeping data safe and secure. In this article, eleven experts in the technology industry give advice on how to best protect your data and maintain trust from your customers.
The introduction of 5G was supposed to change how humanity uses mobile internet. From providing low-latency connectivity for mobile phones to making things like robotic surgery possible over long distances, 5G has the potential to be an invaluable tool.
On paper, it sounds like the perfect plan, but now that companies have begun to roll out the technology, a new challenge has appeared. Can 5G communications interfere with aviation instruments? Here’s what is known now and what the implications could mean for flight.
Life is beginning to return to some kind of normal for many of us. But for IT and cybersecurity teams
Read more