• Data driven Bosch develops innovative security solution with NetApp

    NetApp, a data authority for hybrid cloud, and Bosch Building Technologies, an expert in security, safety and communication solutions, have announced the details of their joint high-performance security solution.

  • DataVita secures its place on Scottish Government Cloud Services Framework

    Lanarkshire-based DataVita has announced its inclusion on the Scottish Government’s new Cloud Services Framework.

  • DigiCert survey: is quantum computing a threat to data security?

    Despite Google’s breakthrough in quantum computing, it doesn’t seem like everyone is optimistic about the technology’s promise. In fact, according toa new study from DigiCert, 71% of global organisations see the emergence of quantum computers as a large threat to security. 

  • ECA: Fireproofing your data

    Steve Martin, director of technical at ECA, considers the unique challenges and implications that come with fire safety in data centres.

  • Egress’ new tool calculates how many email-based data breaches your company could suffer

    Egress, a provider of people-centric data security solutions, has launched a new online Insider Breach Calculator aimed at helping businesses better determine the probability of suffering an email-based insider data breach.

  • Europe its own biggest enemy as cyberattacks continue to soar

    Europe endures more cyberattacks from within its own geographic region than any other part of the world, according to new analysis by F5 Labs.

  • First passwords, now hackers are going for the jugular

    It's one thing having your password hacked – passwords can be changed and replaced. But what happens when hackers go after your biometrics? Etienne Greeff, CTO and co-founder, SecureData offers his insight.

  • FortiOS 6.4 further enhances the cybersecurity chops of Fortinet’s Security Fabric

    Fortinet has announced the release of FortiOS 6.4, the latest version of its flagship operating system powering the Fortinet Security Fabric. With over 350 new features, FortiOS 6.4 introduces new automation, scalability, performance, and AI capabilities, which the company says will deliver full protection across the entire digital infrastructure.

    To address today’s risks, Fortinet continues to enhance the Fortinet Security Fabric, with the firm launching a slurry of new features to support organisations’ digital transformation goals. These new features include: 

    Security-driven Networking: Secure and accelerate the network and user experience

     

    • New intuitive SD-WAN orchestrator and granular application analytics in Fabric Management Center to simplify and automate Secure SD-WAN deployments.
    • Real-time SD-WAN application optimisation in FortiGate to enable consistent and resilient business application experience.
    • Broader segmentation visibility by connecting multi-tenant VDOMs into the Security Fabric with FortiGate to protect internal risks of organisations.
    • Expanded Secure Web Gateway and IPS use cases to enable better protection and simplify administration operations.
    • Enhanced SD-Branch capabilities with FortiAP Controller, and simplified operation of LTE links through integrated management with FortiExtender and broadened FortiAP portfolio with WiFi 6 models.

     

    Zero-trust Network Access: Identify and secure users and devices, on and off network

     

    • Increased native device visibility across the Fortinet Security Fabric through integration of FortiNAC into the Fabric Topology Map and with FortiAnalyzer. 
    • Enhanced profiling of devices within FortiNAC that includes better visibility into Linux devices, and simplifying zero-trust network access implementations with such capabilities as automatic IoT detection and segmentation to reduce the complexities of securing IoT devices.
    • Improved user identification and management with FortiManager docker for FortiAnalyzer Cloud that delivers overall workflow improvements and enhanced SAML in FortiAuthenticator alongside 2FA with FortiToken Cloud.
    • On- and off-network visibility and management with Fabric agent telemetry for devices on-network, and secure VPN tunnels with FortiClient as well as secure offsite access with FortiGuard Cloud for devices off-network.

     

    Dynamic Cloud Security: Secure and control cloud infrastructure and applications

     

    • Broader cloud application protection with increased Office 365 security coverage through integrations with FortiMail and FortiCASB; new FortiWeb deep-learning capabilities to protect continuously changing applications running anywhere. FortiWeb can be deployed as a physical and virtual appliance, as a SaaS offering in public or private cloud or as a Docker container.
    • Stronger cloud network security effectiveness through support of advanced hybrid cloud use cases, including SD-WAN for AWS Outposts and GCP Anthos using FortiGate VM, and auto remediation capabilities with FortiGate VM Cloud IDS.
    • Enhanced workload protection capabilities and multi-cloud visibility via FortiCWP asset inventory and streamlined security operations workflows.

     

    AI-driven Security Operations: Automatically prevent, detect, and respond to cyber threats

     

    • Adds new advanced threat detection and prevention capability at the endpoint with new next-gen AV (NGAV) capabilities, complementing endpoint-hardening of FortiClient with machine learning-based NGAV, real-time ransomware protection and the ability to defuse threats in FortiEDR.
    • Increased automation in FortiAnalyzer and FortiSIEM, as well as the full orchestration of our new FortiSOAR, to reduce the SOC burden and company exposure. While FortiAnalyzer is the foundation of Security Fabric analytics and FortiSIEM extends to multi-vendor environments, FortiSOAR in particular adds the most robust automated collection of additional context and data to enrich incident response (IR), case management for more effective coordination and collaboration across customer security teams, and visual playbook orchestration and guided response.
    • Also, supplements the Security Fabric with dynamic threat hunting and staff augmentation to extend their resource-constrained security teams with Fortinet’s remote monitoring and IR service 24x7.

     

    FortiGuard Labs: The Fortinet 360 Protection bundle delivered by FortiGuard Labs provides a complete package of operational, support, and security services to enable customers to easily deploy and benefit from the full power of the Fortinet Security Fabric and is optimized for SD-WAN deployments.

     

    • New services within the Fortinet 360 Protection bundle enable organizations to leverage intuitive SD-WAN orchestration, automated IoT device identification and segmentation, as well as optimize operations with IP Address Management (IPAM) across the Security Fabric.
    • New enhancements to 360 Protection’s Security Rating service also allows customers to proactively identify and remediate configuration, policy, security, and compliance gaps as well as benchmark against industry peers to assess relative posture and investment strategies.

     

    John Maddison, EVP of products and CMO at Fortinet, noted of the new release, “With the release of FortiOS 6.4, we’re continuing to build out the Fortinet Security Fabric to deliver automated workflows across multi-attack vectors and infrastructure. Combined with one of the most extensive alliance partner ecosystems in the industry, an industry-leading research and analyst team, and integrated security intelligence ecosystem, Fortinet delivers the most comprehensive cybersecurity platform on the market.” 

  • French YouTuber Micode goes undercover to infiltrate scammer network

    In a recent series of videos on his YouTube channel aiming to popularise cybersecurity, Micode looked into one of the most lucrative scams of the internet. 

  • Google’s OpenTitan is an open source project to build an ultra-secure chipset

    ARM may be partnering with the UK government to create more secure chips, but Google wants the help of the open source community. The company has announced the OpenTitan project, which the company hopes will deliver an ultra-secure Root of Trust chip design that can be used to protect data centres. 

  • How can data centre managers ensure cyber resilience?

    Tasked with tightening up your facility’s cyber defences? Mathivanan V, director of product management at ManageEngine, offers five key pieces of advice for data centre managers.

  • How hybrid IT is remaking the perimeter in its own image

    Scott Gordon, (CISSP) CMO at Pulse Secureexplores how the increased investment in hybrid IT is creating a new perimeter demanding a matched investment in Secure Access technology. As IT service models are diversified, organisations will need to think about how they can protect their assets, access, users and devices whether in the private cloud, public cloud, data centre or – as is looking increasingly likely – a combination of all three.

  • How to design security for biometric threats

    How to design security for biometric threats

    The FBI launched a Cyber Most Wanted list in 2014, which featured 42 people and groups in 2018, when Park Jin Hyok topped the list. His achievements included hacking into banks, attempting to steal one billion dollars and attacking Sony Pictures Entertainment. Now that biometric data is becoming more widespread, cyber attacks could get very personal. Here, Jonathan Wilkins, director at automation equipment supplier EU Automation, discusses the growing prevalence of biometric data and what manufacturers can do to secure it.

  • Huawei joins Paris Call to help secure cyberspace

    Huawei Technologies has joined the Paris Call, a declaration aimed at spurring collective action toward securing cyberspace (which in my opinion, more companies need to get behind).

  • Iberdrola to collaborate on enhancing the energy sector’s cyber defences with ENCS membership

    Utility companies are amongst the most targeted when it comes to cyberattacks, which is why Iberdrola, the Spanish utility company that owns Scottish Power, has signed up to the European Network for Cyber Security (ENCS). The company hopes that by collaborating with other firms, the energy sector can strengthen its cyber defences. 

  • Industry experts discuss the biggest threats facing businesses this Cyber Security Month

    Cyber security is a crucial component to IT that every organisation needs to take into account all year round – not just for a day when big breaches hit the headlines and act as a reminder of the potential risks. Despite this, Cyber Security Month serves a good opportunity to reflect on the threats that individuals and businesses need to be aware of in the digital age, whether they’re traditional or new and emerging attack methods.

    With businesses embarking on their biggest digital transformation journeys yet and innovations in emerging technologies heating up, the way we live, work and play is continuing to transform. As a result, the attack surface that hackers can exploit is significantly expanding. So, this Cyber Security Month, industry experts have come together to highlight a selection of the biggest threats organisations should be aware of, and what policies and security processes can be put in place to reduce serious risks and consequences.

    According to Russell Haworth, CEO, Nominet, “The last 25 years have seen more and more elements of our daily lives shift over to the online world, bringing about vast benefits for businesses and citizens alike. But unfortunately, with progress comes risk. For example, our research found that 77% of Brits think they know enough to stay safe online, and 41% think it’s unlikely they’ll be victim to a cyber-attack in the next 12 months.

    “While it’s encouraging that many Brits feel they know enough to stay safe, the assumption that cyber-attacks simply won’t affect them is dangerous. Too many of us are still not following even basic security advice, with just under a quarter admitting they didn’t change their password when a provider suffered a breach. In fact, quite astonishingly, recent National Cyber Security Centre breach analysis found that 23.2 million victim accounts still used a 123456 password. This poses obvious risks to the individual, but it is when employees bring this same attitude to cyber security to the workplace that the issue can really escalate.

    “Cyber Security Awareness Month is a perfect opportunity to raise awareness of the associated cyber risks we face, but it’s important that everyone follows continual cyber security best practice to protect themselves and businesses from online threats.”

    Rich Turner, SVP EMEA, CyberArk explains, “Businesses of all stripes are embracing digital technologies and processes to deliver products and services to market faster. But the ‘need for speed’ and consequent shorter feedback loops introduce a host of new risks which must be priced into the overall package. Our recent Global Advanced Threat Landscape report indicated that less than half of organisations have a strategy that helps secure, control, manage and monitor privileged access to new workflows and technologies such as DevOps, IoT and RPA – technologies foundational to digital initiatives. The net result is a much bigger chance that sensitive data and assets can be breached through compromising these unprotected privileged credentials.

    Turner continues, “The issue is that as they adopt these technologies, organisations are increasingly operating in cloud-first environments. This removes a natural security barrier – access is no longer limited to the network, and the perimeter is no longer defensible. To counter this, security strategies must shift to protecting the business’s most important information from within. Zero Trust security models are making this possible: they presume trust nothing and verify everything, whether it comes from inside or outside the network perimeter, before granting access. By practicing defence-in-depth and incorporating privileged access security controls at the core of their strategy, organisations can drive down risk while maintaining business velocity.”

    One of the biggest risks posed to UK organisations as a consequence of digital transformation is ransomware, according to Chris Huggett, SVP, UK and India, Sungard Availability Services. “As well as being an effective tool for cybercriminals to extort money and cause business disruption, the ability for ransomware to exploit individuals on a psychological level has enabled it to become a major source of disruption,” explains Huggett. 

    “While feelings of guilt and responsibility may plague the end-user unknowingly deceived into creating an exploit, a similar or even higher level of stress is likely to be felt by a public-facing executive who must answer to a disgruntled customer base in response to a data breach or service outage. In fact, recent research has revealed that over half (54%t) of C-level executives in the UK have suffered from stress-related illnesses and/or damage to their mental well-being as the result of a technology crisis.”

    Dave Palmer, director of technology, Darktrace, echoes Huggett’s thoughts in explaining that traditional attack methods should still be a primary concern for businesses, in particular phishing attacks. “Despite hackers becoming increasingly sophisticated in their attack methods, traditional strategies such as phishing and social engineering are still widely used and often successful,” says Palmer. 

    “In fact, 90% of malware today originates in the inbox, disguised within phishing emails whose senders impersonate trusted colleagues, and nearly three-quarters of targeted cyber-attacks involve “spear-phishing” emails.

    “For this reason, any organisation should take Cyber Security Month as an opportunity to think about implementing processes that will aid them in detecting and preventing spear-phishing campaigns, such as programmes for staff education, as well as adopting a platform approach to cyber defence – as opposed to siloed, email-specific solutions. There is no silver bullet for countering these kinds of attacks, regardless of how robust perimeter-oriented protections become. Rather, we must employ our own solutions to secure our digital assets from the inside-out.”

    But as well as these traditional methods, new forms of attack are on the rise, and the stakes are even higher, not just for individuals and organisations, but for entire nations. Paul Dignan, systems engineering manager, F5 Networks says, “we have now entered a new, critical phase of cyber warfare – one where hackers act on behalf of nation-state powers to not only disrupt critical infrastructures, but also actively seek trade secrets. Worryingly, the recent Verizon Data Breach Investigations Report (VDBIR) notes a sharp uptick in nation-state attacks, from 12% of all analysed breaches to 23% in the past year. A quarter of breaches are currently influenced by cyberespionage too. New battle lines have been drawn across the world and organisations need to tool up accordingly.

    “The issue, which is one that needs to be considered, not only this month but for the foreseeable future, is that the number of state sponsored attacks is only going to rise with the imminent impact of new trends that will expand attack surfaces for hackers, such as like 5G and IoT. A range of new technologies are emerging to help fight back, such as AI solutions to analyse all traffic in real-time and spot anomalies that were previously out of sight. But whatever the technology mix looks like, the priority is to apply security at every level and on every surface: endpoint, application, and infrastructure,” concludes Dignan.

    But when implementing security measures to defend from these traditional, new and evolving threats, Mark Grainger, VP Europe, at Engage Hub believes businesses need to continue to have the customer front of mind. 

    “A crucial priority is providing an engaging and streamlined customer experience. One of the main challenges posed by enhanced security is that it usually requires additional steps and hoops that customers need to jump through,” Grainger comments. 

    He adds, “An important aspect banks might want to consider when it comes to improved security and speed is biometric authentication. Many banks are already using fingerprint ID for mobile banking apps, and facial recognition is gaining traction too. In fact, studies show that the global facial recognition market is expected to grow from $3.2bn in 2019 to $7bn by 2024.”

    Tim Hickman, partner at White & Case, highlights that, “The financial and reputational consequences of failing to implement appropriate cyber security measures can have a severely detrimental effect on businesses. Companies that are affected by a cyberattack do not always incur a fine. However, penalties are more likely to be imposed if it becomes apparent that a business has inadequate cyber security measures in place. Once a successful cyber-attack becomes public knowledge, customer and market confidence in an organisation can take a real hit.”



  • Internal SOCs halve the financial impact of enterprise data breaches, Kaspersky says

    Enterprises with an internal Security Operation Center (SOC) estimate their financial damage from a cyberattack at £548k, which is less than half the average impact cost for all enterprise-level organisations (£1.1m), a new survey from Kaspersky and B2B International has revealed.

  • Is the cloud safe? Thinking about the cloud through a security lens

    Optimal cloud security requires a distinct way of thinking about IT infrastructure, says Ray Pompon, principal threat evangelist at F5 Labs.

  • Just 20% of IBM mainframe customers embracing multi-factor authentication

    Concerns about disrupting essential applications, skills shortages and end user resistance are among the key reasons holding back MFA adoption by mainframe user organisations.

  • Kaspersky Lab: Cloud adoption is the biggest security risk to business

    After surveying more than 250 IT security leaders, Kaspersky Lab has discovered that uncontrolled cloud expansion is the top security concern for more than half (58%) of CISOs.

Page 2 of 4