NIST publishes guidance on supply chain risk management practices
NIST has announced the release of NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information Systems and Organizations.
Many organizations still vulnerable to Heartbleed
Venafi has published new research reevaluating the risk of attacks that exploit incomplete Heartbleed remediation in Global 2000 organizations.
FFIEC issues cyber attacks advice
The US Federal Financial Institutions Examination Council (FFIEC) has released two statements about ways that financial institutions can identify and mitigate cyber attacks that compromise user credentials or use destructive software (malware).
DDoS attacks increasing as a business continuity threat to EMEA organizations
Survey shows more than a third of multiple DDoS attacks affected impacted businesses for more than 24 hours.
Organizations fear the Cryptoapocalypse
A Ponemon Institute and Venafi survey report has found that the information security incident that organizations are most concerned about is a ‘Cryptoapocalypse-like event’: a scenario where the standard algorithms of trust, such as RSA and SHA, are compromised and exploited overnight.
ASIC issues major cyber resilience report
The Australian Securities and Investments Commission has published 'Cyber resilience: Health Check (REP 429)' to help its regulated population improve cyber resilience.
Survey highlights DDoS impacts
Revenue and reputation losses are the most damaging consequences of a DDoS attack.
Survey finds that good information security is a positive business benefit
Research shows that businesses investing in cyber security experience faster growth.
Apple and Microsoft issue FREAK fixes
FREAK update amongst a number of critical updates; organizations using Windows, Office, Exchange and/or IE, will find themselves in a very busy patching month.
Social messaging and file-sharing content is left unmanaged in a third of firms: AIIM study
Lack of information governance for digital channels increases the risk of a data breach and reputational damage.
Organizations still leaving security gaps unfilled
IT professionals believe their organizations aren't doing enough to protect critical data and systems, according to a survey commissioned by Sungard Availability Services.
Information security management is changing: Gartner
The focus of information security management is moving from blocking and detecting attacks, to detecting and responding to attacks.
The 2015 Cyber Risk Report
New HP report looks at the security threat landscape.
Endpoint Protection: Attitudes and Trends 2015
Bromium, Inc., has published the results of a survey of more than 100 information security practitioners focused on the greatest challenges and risks facing their organizations today.
Bank cyber-attacks highlight the need for ‘war games’
Playing war games is one effective way of highlighting potential weak spots, says KPMG.
The limits of prevention-centric information security programs highlighted
Damballa Q4 2014 State of Infections Report underlines the importance of adopting a proactive stance to threat detection.
NIST Industrial Control Systems Security Guide update published for final public review
The US National Institute of Standards and Technology (NIST) has issued proposed updates to its Guide to Industrial Control Systems (ICS) Security (NIST Special Publication 800-82) for final public review and comment.
How much could a DDoS attack cost your business?
A Kaspersky Lab survey report has quantified the average cost of DDoS attacks on organizations.
The 10th Annual Worldwide Infrastructure Security Report
Distributed denial-of-service (DDoS) is now a very serious threat to business continuity says Arbor Networks report.
President Obama proposes ‘Enabling Cybersecurity Information Sharing’ legislation
President Obama has made an updated proposal to introduce legislation to require US organizations to share information about cyber attacks.
IBM study: number of cyber attacks on retailers drops by half in 2014 compared to 2012
However the severity of individual attacks increased.
British companies at risk of becoming cyber-dominoes
This is the key finding from Radware’s ‘Global application and security report’.
Badly managed access rights put critical data at risk
Employees with needlessly excessive data access privileges represent a growing risk for organizations due to both accidental and conscious exposure of sensitive or critical data.
UK businesses ‘sleepwalking into reputational time bomb’: BSI
Lack of awareness on how to protect data assets is leaving businesses exposed.
SolarWinds survey points to a false sense of security in UK organizations
A lack of widespread adherence to best practices, combined with the number of organizations that have suffered a significant cyber attack, potentially indicates a false sense of security.
Despite the hype ‘encrypted’ does not equal ‘safe’
A Blue Coat survey reveals the security risks hiding in encrypted web traffic.
Less than half of critical business data in UK organizations is secure: survey
Senior executives within UK businesses say that critical data is not being protected, a new report from NTT Com Security shows.
University of Maryland experts discover lapses in Heartbleed bug fix
A detailed analysis by cybersecurity experts from the University of Maryland found that website administrators tasked with patching security holes exploited by the Heartbleed bug may not have done enough.
>> More news
Sign up for a free e-mail newsletter.
Why security need not stifle agility
Many CIOs are struggling to realise the full benefits of their increasingly virtualized IT estates, largely due to the strains of staying secure. But Reuven Harrison says it doesn’t have to be this way...
Boards must up their game before the hackers claim checkmate
The connected world is under siege and current security solutions and approaches are outdated and inadequate: it’s time for organizational boards to recognise this and take action.
Don’t panic! Six steps for surviving your first data breach
Getting breached doesn’t establish whether or not you have a decent security program in place: but how you respond to a security breach does.
Seven things you need to know about the ‘GHOST’ vulnerability
GHOST could potentially allow an attacker to take over the control of an entire Linux system: Szilard Stange provides more details and lists actions that organizations can take to protect their systems.
Cybersecurity predictions for 2015
Proofpoint looks at how information security threats are likely to evolve during the coming year.
What can you do to make sure your organization is not the next Sony?
WatchGuard Technologies urges action, not panic.
2015 cyber risk and data protection predictions
EY has outlined some of the key areas that cyber risks threaten to impact in the coming year.
Shaping mobile security
Keith Bird shows how a new approach to mobile security can help organizations achieve the right balance of protection, mobility and productivity.
Security predictions for 2015
New challenges and risk mitigation drive changes to IT security.
Blind faith in security standards could create cyber vulnerabilities
Relying on standards and IT audits often leads to 'checklist syndrome', with the security strategy failing to address the wider business risks.
Four questions to consider when building a security platform
Useful advice from Steve Salinas.
You can't always stop a breach: but you should always be able to spot one
December 15th is the anniversary that Target's infamous security breach was discovered; but has anything really changed in the year that has gone by? Retailer after retailer is still falling foul of the same form of malware attack. So just what is going wrong?
Defending the firewall
Despite claims of its demise, the firewall is still the foundation stone of security deployments says Keith Bird.
What you need to know about ‘WinShock’
Yet again the information security world is buzzing with the news of another serious vulnerability, this time in all versions of Microsoft Windows.
ISM: ‘detect and respond’ is no silver bullet
Solutions to complex problems often require organizational changes: yet this critical element is often either ignored or seems impossible to implement.
Have we learnt from our Heartbleed mistakes?
David Sandin looks at whether we have heeded the lessons of Heartbleed bug, the implications of Shellshock and the future security of open-source coding.
Reducing the risk that your people pose to your organization
People and process are frequently disregarded when it comes to improving security posture, partly because the security risk they pose to an organization is difficult to measure and track.
All you need to know about the Bash vulnerability
Craig Young overviews the Bash / Shellshock vulnerability which was recently identified and looks at whether it really is worse than Heartbleed, as has been widely claimed.
Information risk management lessons
Most companies are doing something to mitigate information risk, but few are doing enough says Christian Toon.
Managing mobile device risks
Ian Kilpatrick looks at the risks involved with mobile devices and how to secure them.
Active risk management: defending against the cyber storm
How to put your organizations into a more confident, competitive position when it comes to information security threats.
Protecting business-critical information in virtual environments
Advice from David Phillips.
Lessons learned from Heartbleed
As the dust settles after the initial Heartbleed crisis response, what lessons are starting to emerge? By Russ Spitler.
Back to basics…
Security breaches are on the rise. Yet as security experts face ever more complex and challenging threats, is there a risk some of the basic components of IT security are being overlooked?
Integrating cyber security and business continuity
Actions an organization can take to better align business continuity and cyber security.
Reducing threats from within the organization
Despite the headlines that high profile external attacks engender, insider threats are more likely to have financial and business continuity impacts on organizations.
What do business continuity managers need to know about Heartbleed?
Andrew Waite gives an overview of the Heartbleed vulnerability.
DDoS: a seven-point action plan
No business continuity plan is complete without taking into account the risk represented by DDoS attacks. Rakesh Shah explains the measures that can be taken to mitigate the threat.
Has cyber security awareness improved among the largest UK businesses?
It isn't all doom and gloom when it comes to cyber security, says Tom Neaves.
Less risk, more reward
Managing vulnerabilities in a business context.
>> More articles