All organisations plan for fires, floods, or any other type of incident that impacts business resilience, why should cyber security be any different? The purpose of a Security Playbook is to provide all members of an organisation with a clear understanding of their responsibilities regarding cyber security - before, during and after a security incident.
Many people were this week startled by reports that GCHQ technical director Dr Ian Levy had apparently claimed that security firms exaggerated the thr...
Children say and do the stupidest things. Adults say and do even stupider things. But no one says and does stupid things in quite the same way as cele...
Data is supposed to be the new oil, powering all industries and underpinning major business decisions. That said, ask any Tom, Dick or Harry on the street what the word data means to them and they are likely to draw a blank.
By having a Crisis Management Plan in place, organisations are better prepared to identify potential attack scenarios, enabling you to better handle a security incident irrespective of type and scale.
Every post you make, every breath you take, every search you make, they'll be watching you. Every bit of information you have ever entered anywhere online is stored, collated and held. For the most part, we give this data over without even thinking about the consequences, assuming it is safe.
Businesses - as well as the general public - will consequently have to get smarter and more agile if they don't want to fall victim to an increasingly sophisticated and well-coordinated network of cyber gangs.
If I had been writing this blog even three years ago, it is probable I would have talked about needing to recognise the cyber risk and not bury our heads in the sand to the industrialised threat caused by professional cybercrime.
Developing and implementing a security incident response plan can be time consuming and often costly - two things most organisations do not have. Without a response plan, incidents can escalate quickly and the impact can be severe. An incident response plan gives organisations a much better chance of isolating and controlling an incident in a timely and cost effective manner.
Industrial IoT (IIoT) is projected to be worth $151bn by 2020, so it's a pretty big deal. As a relatively young industry, the topics being hotly debated now in IIoT are set to shape its entire future.
Ethical hacking services are increasingly being recognised as a great way for businesses to unearth security weaknesses before they can be exploited by online criminals. Organisations adopting a proactive approach to threat identification invariably find that this is much easier than trying to manage the fall out of a full blown cyber incident, which can cause huge financial losses and reputational damage.
Honest insiders also are targeted by malicious outsiders through using social engineering. E-mail phishing (and spear-phishing to target high-value individuals) is one of the most common types of social engineering, but examples range from simple phone calls to carefully crafted Web sites hosting malicious content.
The size of attacks has increased exponentially, thanks to the cyber criminals making use of the IoT. These devices are typically designed to be quick and cheap to produce, and have very poor levels of security. Essentially stripped-down versions of your home computer
Clearly companies, both large and small, need to act now and start putting in place robust standards and procedures to counter the cyber security threat, or face the prospect of paying drastically increased costs in regulatory fines, as well as the reputational harm to their brand.
The risk of a cyber-attack has become an unfortunate fact of life in today's digital world. However, while businesses of all sizes and in all sectors should certainly be aware they are under threat, just like all thieves, cyber criminals have their preferred targets and methods.
In Mr Robot, Elliott Alderson explicitly exploits 'easy' vulnerabilities: obvious passwords, open back doors, etc. As the world inevitably becomes more connected, risks will accompany benefits; the starting point for security must always be best-practice encryption and protocols. Just as in the 'real' world, there will be break-ins - but they become much less likely if you lock all your doors and windows.