Insight

The pre-COVID-19 CISO. The global COVID-19 pandemic has been a tumultuous time for Chief information security officers (CISOs) who on any given day have a long and complicated list of responsibilities. CISOs are no strangers to disruption and challenges, but during the pandemic they have faced many disruptions it has caused and created a wealth of new challenges. Securing a rapid transition to a remote workforce. COVID-19 accelerated the shift to remote working globally and,...

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak.  The NSO Group has always maintained that the purpose of the Pegasus Project was for governments to monitor terrorist activity. However, this recent story, if true, could suggest that the solution has been...

Being struck by ransomware has been compared to having a heart attack. It’s something that stalks everyone in theory and yet when it happens the shock of the experience is always a surprise. For the first seconds, minutes - and sometimes hours - organisations are on their own. It’s a moment of unexpected trauma which many organisations find paralysing, something attackers plan for. This makes the attack’s effects even worse. Eventually a growing number call...

In the famous words of David Byrne, there is no time for “dancing, or lovey dovey” when it comes to security. In a world where technology is constantly evolving, it is important to always stay on top of protecting confidential and sensitive information. The standard go-to for security within organisations is the account-based approach; however, this exposes the issue with specialised IT resources being so heavily involved in identity and account administration. The way accounts...

Vulnerabilities in enterprise IT are everywhere. While it’s clear that they need to be addressed, how to do so isn’t as clear. The sheer number of vulnerable software versions in an enterprise environment can be overwhelming, making it challenging to address them. The process requires time: to identify the need for an update, to create and test a successful update package, and then to deploy that throughout the environment. As a result, it isn't realistic...

Ransomware is a crime that is predominantly financially motivated, yet the effects of attacks are far broader and more profound than just the financial impact. Pervasive attacks against healthcare, local government, schools and other forms of critical infrastructure are threatening our quality and safety of life every day. These disruptive attacks tear at the very fabric of our society, while also causing economic and reputational harm. Further, ransom payments are fuelling the activities of organized...

In May the US Colonial Pipeline shut its operational network after a ransomware cyber-attack. It’s said to be one of the costliest attacks for an economy. A painful accolade if ever there was one. New details are emerging about the specifics of the pipeline attack all the time but there are a few concerns that every boardroom must acknowledge. The first relates to reports that there was no Chief Security Officer (CSO) in place. Ten...

In the last 13 months the UK lost a reported £10.4 million to cybercrime, as per official police statistics. One of the most damaging forms of cybercrime comes in the form of Ransomware.  Not only that, but 81% of cyber security experts believe we are likely to see more ransomware than ever across the next few years, thanks to its increasing prevalence. It’s a terrifying prospect for businesses especially, who stand to lose everything, and...

Hackers are using weak and stolen credentials in a significant way to compromise business-critical environments. Stealing access to your environment using a known password for a user account is a much easier way to compromise systems than relying on other vulnerabilities. Therefore, using good password security and robust password policies is an excellent way for organizations to bolster their cybersecurity posture. What characteristics make up an effective password policy? Developing an effective reporting structure for...

It was long overdue, but Netflix has finally started to explore ways to address its password problem. By prompting viewers to prove that they live with the holder of that account by receiving a code, sent via text or email, they are hoping to weed out password freeloaders who, let’s face it, are probably costing Netflix millions of dollars each year. The issue of password sharing, which isn’t just a Netflix problem, is almost universally...