This Week's Gurus

Last year we saw the first Global Cyber Security Innovation Summit take place in the UK with Vince Cable announcing £4m of Government funding for UK businesses to develop ideas for tackling cyber security threats.   This is good news – not just for those fighting the cyber criminals, but also for those who recognise that innovation is at the very heart of the security industry.   Investment to boost innovation in a mature sector...

I've been one to accuse the identity and access management space of being slow moving, without any real chance to write about. Yes, it lets people in and it is hard to manage who has access, and the biggest challenge is privileged user access - which is also hard to manage. We've heard it all before, right? In conversation with Chris Sullivan, vice president of advanced solutions at Courion, he introduced me to the concept...

As high profile security breaches continue to make headlines, IT managers across Europe are feeling the pressure to keep their organisations protected. The influx of devices in the workplace and the increased number of users accessing corporate networks has created new headaches for organisations to manage security. In the age of the cloud and the Internet of Things (IoT), organisations are expected to have the right foundations in place and adapt to future requirements. But...

Another vulnerability shocked the Linux world on 27th January. The Qualys security research team found a critical vulnerability in the Linux GNU C Library (glibc) that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials – according to Qualys reports. What does it mean for you as an Internet user and what does it mean for Linux system administrators? Was it really a shocking event? Here's...

FireEye’s “M-Trends 2014: Beyond the Breach” report contained some sobering numbers regarding the current state of incident response and breach response around the world. Security incidents go undetected an average of 229 days. Once detected, responding to and fully containing an incident takes an average of an additional 32 days. Further, third parties detect more than two of every three (67 per cent) incidents, rather than the victim organisation itself. Worse yet, these numbers seldom...

When I hear about another software bug, I’m tempted to shrug.  Big deal.  Another bug in software.  It happens. But there are some things about this coding mistake which are interesting:   This is a security bug, which can be exploited locally and remotely.  That's interesting because modern OS protections like ASLR, NX, and safe malloc were supposed to limit the exploitation of this type of bug (a small heap buffer overflow).  (And those protections...

Today marks 25 years in business for software services company Networks First, and this week I got some time with two of their directors to learn about a new concept in staff morale.   Sitting with head of operations Sallie-Ann Allen and head of services Daljit Paul, they explained that the company is growing and in an effort to encourage its sales team’s entrepreneur spirit, for three years service with achieved targets employees can claim...

How can we get very small firms to take cybercrime seriously? Recent research by Kaspersky Lab], shows that 82 per cent of companies with up to ten employees believe they are not a target for cyber-attacks because they are too small or don’t have anything worth stealing. Yet according to the Federation of Small Business, small firms are in fact a prime target for cyber-attacks. A significant 41 per cent of its members were hit...

The use of encryption has not really gone away. Headlines from the past seven days and the resulting hysteria have proved just how important the security of communications really is.   So are there drivers to use encryption, or even better forms of it? I recently met with Terence Spies, CTO of encryption provider Voltage Security, whilst he was visiting London for a conference on advanced cryptography.   He claimed that within the industry, the...

While the rate of cyber attacks is certainly on the increase, has the nature of the breaches changed? The answer to the question lies in the different types of breaches and attacks that occurred in 2014.   2014: The year of sophistication While the types of attacks, for example distributed denial of service (DDoS) attacks, which seek to disrupt systems and services by crashing an organisation’s website, have not changed, the sophistication of the hackers...