Simple steps to help prevent data breaches at your company

Every company has cybersecurity risks and needs to be aware of them, but understanding your company’s risk profile is just the beginning. Watch this Modern Workplace episode “Cyber Intelligence: Help Prevent a Breach” to get advice on how to best approach cybersecurity at your company from two Chief Information Security Officers (CISO) – Vanessa Pegueros, CISO at DocuSign, and Mike Convertino, CISO at F5 Networks. Learn how these seasoned security … Read more »

7 types of highly effective hackers (and what to do about them)

Would you know what to do if you drew the attention of a hacktivist group? Knowing that damages from a hacktivist attack are typically minor is no relief, as a breach will surely damage your reputation. However, knowing about the different types of hackers, what motivates them, and the tools and techniques they use, can help better prepare your organization to protect against them. Attacks on organizations around the world … Read more »

More than just an ocean separates American and European approaches to cybersecurity

The recent revision of the National Standards and Technology Institute’s (NIST) Cybersecurity Framework and the publication of European Network and Security Agency’s (ENISA) proposals on implementation of the Network and Information Security (NIS) Directive have made me pause and ponder the progress made (or indeed not) in securing our critical infrastructures since they were both introduced. I was also struck by how much the differences in political culture affect policy … Read more »

How the Asia-Pacific region is advancing cybersecurity

Earlier this year, my team and I had the great privilege and pleasure of spending several days in Japan, participating in the Information Technology Promotion Agency (IPA) Symposium. We also met with industry colleagues to discuss global cybersecurity trends and opportunities to engage in public policy, and met with Japanese government partners to examine the question of cloud security.

Use Enterprise Threat Detection to find “invisible” cyberattacks

This post is authored by Roberto Bamberger, Principal Consultant, Enterprise Cybersecurity Group. Amongst the plethora of stories about cyberattacks in the news, multiple recent articles have been published describing the more difficult to detect cyberattacks which leverage normal tools, already present in an enterprise, to achieve their mission. SecureList calls the techniques used in these situations “invisible” and “diskless”. This post describes the challenges your organization can face in detecting … Read more »

How the GDPR is driving CISOs’ agendas

As an Executive Security Advisor for the Central and Eastern European region, I engage every day with Chief Information Security Officers (CISOs) to learn their thoughts and concerns. One very hot topic raised at nearly every meeting, conference or seminar I attend with customers and partners, regards the General Data Protection Regulation or GDPR. In essence, the GDPR is fundamentally about protecting and enabling the privacy rights of individuals. It … Read more »

It’s time for a new perspective on Shadow IT

Over 80 percent of employees admit to using non-approved SaaS applications in their jobs, and for the most part they have well-intentioned reasons for adopting them. Many report wanting to use software they are familiar with, that is cheaper, quicker to deploy, and better meets their needs than the IT-approved equivalent. This isn’t just about personal preference. It allows employees to skip the learning curve of new software and enables … Read more »

Singapore: Realizing that for the future to be smart, it needs to be secure

In 2005, just over a decade ago, the majority of large internet user populations, certainly as a percentage of their total national population, were still to be found in North America and Europe. In 2025, less than a decade from now, many of the largest internet user populations will be in Asia. Asia will be a fulcrum of cyberspace and it will also be, inevitably, a fulcrum of both cybercrime … Read more »

Mind the air gap: Network separation’s cost, productivity and security drawbacks

In some of my recent discussions with policy-makers, network separation, i.e. the physical isolation of sensitive networks from the Internet, has been floated as an essential cybersecurity tool. Why? It promises the holy grail of security, i.e. 100% protection, because cyberattacks can’t cross the “air gap” to reach their target. In my experience, however, network separation has its place in the governments’ cybersecurity toolkit but it also suffers from significant … Read more »

Supply chain security demands closer attention

Often in dangerous situations we initially look outwards and upwards for the greatest threats. Sometimes we should instead be looking inwards and downwards. Supply chain security in information and communication technology (ICT) is exactly one of those situations where detailed introspection could be of benefit to all concerned. The smallest security breach can have disastrous implications, irrespective of whether the attackers’ entry point is within one’s own system or within … Read more »