More than just an ocean separates American and European approaches to cybersecurity

The recent revision of the National Standards and Technology Institute’s (NIST) Cybersecurity Framework and the publication of European Network and Security Agency’s (ENISA) proposals on implementation of the Network and Information Security (NIS) Directive have made me pause and ponder the progress made (or indeed not) in securing our critical infrastructures since they were both introduced. I was also struck by how much the differences in political culture affect policy … Read more »

How the Asia-Pacific region is advancing cybersecurity

Earlier this year, my team and I had the great privilege and pleasure of spending several days in Japan, participating in the Information Technology Promotion Agency (IPA) Symposium. We also met with industry colleagues to discuss global cybersecurity trends and opportunities to engage in public policy, and met with Japanese government partners to examine the question of cloud security.

Use Enterprise Threat Detection to find “invisible” cyberattacks

This post is authored by Roberto Bamberger, Principal Consultant, Enterprise Cybersecurity Group. Amongst the plethora of stories about cyberattacks in the news, multiple recent articles have been published describing the more difficult to detect cyberattacks which leverage normal tools, already present in an enterprise, to achieve their mission. SecureList calls the techniques used in these situations “invisible” and “diskless”. This post describes the challenges your organization can face in detecting … Read more »

How the GDPR is driving CISOs’ agendas

As an Executive Security Advisor for the Central and Eastern European region, I engage every day with Chief Information Security Officers (CISOs) to learn their thoughts and concerns. One very hot topic raised at nearly every meeting, conference or seminar I attend with customers and partners, regards the General Data Protection Regulation or GDPR. In essence, the GDPR is fundamentally about protecting and enabling the privacy rights of individuals. It … Read more »

It’s time for a new perspective on Shadow IT

Over 80 percent of employees admit to using non-approved SaaS applications in their jobs, and for the most part they have well-intentioned reasons for adopting them. Many report wanting to use software they are familiar with, that is cheaper, quicker to deploy, and better meets their needs than the IT-approved equivalent. This isn’t just about personal preference. It allows employees to skip the learning curve of new software and enables … Read more »

Singapore: Realizing that for the future to be smart, it needs to be secure

In 2005, just over a decade ago, the majority of large internet user populations, certainly as a percentage of their total national population, were still to be found in North America and Europe. In 2025, less than a decade from now, many of the largest internet user populations will be in Asia. Asia will be a fulcrum of cyberspace and it will also be, inevitably, a fulcrum of both cybercrime … Read more »

Mind the air gap: Network separation’s cost, productivity and security drawbacks

In some of my recent discussions with policy-makers, network separation, i.e. the physical isolation of sensitive networks from the Internet, has been floated as an essential cybersecurity tool. Why? It promises the holy grail of security, i.e. 100% protection, because cyberattacks can’t cross the “air gap” to reach their target. In my experience, however, network separation has its place in the governments’ cybersecurity toolkit but it also suffers from significant … Read more »

Supply chain security demands closer attention

Often in dangerous situations we initially look outwards and upwards for the greatest threats. Sometimes we should instead be looking inwards and downwards. Supply chain security in information and communication technology (ICT) is exactly one of those situations where detailed introspection could be of benefit to all concerned. The smallest security breach can have disastrous implications, irrespective of whether the attackers’ entry point is within one’s own system or within … Read more »

How future policy and regulations will challenge AI

I recently wrote about how radical the incorporation of artificial intelligence (AI) to cybersecurity will be. Technological revolutions are however frequently not as rapid as we think. We tend to see specific moments, from Sputnik in 1957 to the iPhone in 2007, and call them “game changing” – without appreciating the intervening stages of innovation, implementation and regulation, which ultimately result in that breakthrough moment. What can we therefore expect … Read more »

4 steps to managing shadow IT

Shadow IT is on the rise. More than 80 percent of employees report using apps that weren’t sanctioned by IT. Shadow IT includes any unapproved hardware or software, but SaaS is the primary cause in its rapid rise. Today, attempting to block it is an outdated, ineffective approach. Employees find ways around IT controls. How can you empower your employees and still maintain visibility and protection? Here are four steps … Read more »