Four Cyber Risk Trends to Watch in 2023 and How Businesses Can Mitigate Them
…for in 2023: 1. More Cyber Attacks and Breaches This likely doesn’t come as a surprise. In 2021, a number of major brands fell victim to ransomware, and 2022 was…
…for in 2023: 1. More Cyber Attacks and Breaches This likely doesn’t come as a surprise. In 2021, a number of major brands fell victim to ransomware, and 2022 was…
…architecturally, making 2023 a risky year for organisations in the region. One thing that is guaranteed is that the region will experience more cyberattacks. Therefore, management of this key risk…
In 2023 a set of threats will coalesce, accelerated by global events and amplified by a misguided belief in the power of technology. The information security function will find itself…
…ISF Chief Executive Steve Durbin uses this ISF Podcast to explore how you can be proactive and get ahead of the cyber threats of tomorrow. …security organisations coming out of…
Hear from Steve Durbin, Chief Executive of the ISF, as he explores the key topics of our Threat Horizon 2023 report. Threat Horizon 2023 is a comprehensive look at the…
…But AI is a tool that can also be exploited by bad actors. There’s a risk that the industrialization of high-volume, high-impact, tailored cyber attacks could leave organizations completely overwhelmed…
https://www.youtube.com/watch?v=WB4AaDDuvcU As 2022 comes to a close, we find ourselves faced with as challenging a landscape as ever: a global cost of living crisis spiralling out of control, tensions disturbingly…
…OpenText solves digital business challenges for customers, ranging from small and mid-sized businesses to the largest and most complex organizations in the world. For more information about OpenText, visit www.opentext.com…
…2023 in May. In this quick-fire interview, Dan highlights his key takeaways from the event, explores what the future looks like for smart cities and cyber as a whole in…
We hope you enjoyed tuning in to our Summer Listening programme over the last few weeks. As we enter Season 22, we thought we would take a moment to reflect…
Cut through the noise this Cyber Awareness Month. Confronted with tightening budgets, emerging technologies, and a scarcity of cyber security expertise, security teams worldwide are faced with the daunting task…
Want to share confidential cyber insights with your peers? Exclusive to ISF Members, the ISF World Congress provides a confidential peer-group environment to discuss and find solutions to security challenges…
…will share highlights, notable themes, trends and events across the cyber threat landscape. Over 200 adversaries are attacking companies across the globe – and they’re moving faster than ever before….
This podcast begins a special four-episode series focusing on the ISF’s latest report, Threat Horizon 2023: Security at a Tipping Point. Steve Durbin sets the stage for the report as…
We all have a role to play in the advancement of women in cyber security. Here we share stories and resources to support women on their journey in Cyber….
…Giant Group fell victim to. The FCSA is a membership body that provides accreditation for umbrella companies that want to demonstrate their commitment to operating in a compliant way. Giant…
In 2023, the ISF research team will focus on: exploring the future via scenarios, leadership, securing industrial control systems, and building a tool to help Members measure key information security…
Steve Durbin, Chief Executive of the ISF and producer Tavia Gilbert discuss the ISF’s latest report, Threat Horizon 2023: Security at a Tipping Point. They focus on the report’s first…
…second threat: Identity is weaponised. Steve discusses how well-resourced and sophisticated attackers will make the existing challenges surrounding identity theft immeasurably more complex to address in 2023. We anticipate that…
…Fortune or equivalent global companies – spanning a wide range of sectors including government, finance, manufacturing, pharmaceuticals and transport – establishing a community of over 27,000 active security professionals. …
…In response, the US Securities and Exchange Commission (SEC) unveiled a new set of rules (in July 2023) that requires publicly traded companies to disclose material cybersecurity incidents under Item…
In turbulent times, organisations should focus on strengthening their ability to cope with uncertainty rather than predict the future. Today’s business climate is more unpredictable than ever. As regulatory pressure…
I predict that for cybersecurity leaders, 2023 will not be an easy year. On the one hand, organizations are facing an increased risk of cyberattacks, ransomware attacks and data breaches;…
…bodies and government departments. Our business-driven solutions provide organisations with the guidance, tools and methodologies needed to tackle the wide-ranging governance, risk and compliance challenges impacting businesses around the world…
With the cost and frequency of data breaches reaching all-time highs, security must go beyond just safeguarding the business; it’s about protecting the individual too. Download tried and tested ISF…
…external suppliers.” Organizations can’t afford to drop the ball when it comes to compliance. The Benchmark provides you with the tools you need to demonstrate your level of compliance –…
…professionals will play a pivotal but increasingly complicated role in the coming years and will need to come together to combat the many challenges ahead. By Jordon Kelly, Research Analyst…
…and response to edge computing-related threats. Implement regular and in-depth penetration testing on edge computing environments, including hardware components. This list is by no means exhaustive, but it provides a…
…patching and configuration practices, analytics, and machine learning) become more complex. Today’s security and compliance workforce, typically defined as the personnel responsible for an organization’s information security and compliance activities,…
…computing, and consider creating a hybrid security approach that incorporates both cloud and edge computing. Create and maintain a secure architectural framework for edge computing. Review physical security processes and…
In the coming years, new technologies will further invade every element of daily life with sensors, cameras and other devices embedded in homes, offices, factories and public spaces. A constant…
The cybersecurity landscape is always evolving, and in 2023 Cofense saw the volume of malicious email threats reaching end user inboxes increase by over 300% compared to 2022. With the…
…its customers. The timing was coincidental – and fortuitous. Heuckendorf’s team was onsite to discuss a separate solution they were building for the company when the client brought up anomalies…
…board. As an industry and a community, cyber professionals will play a pivotal but increasingly complicated role in the coming years and will need to come together to combat the…
…board agenda, including: supply chains, company culture, board engagement, and the relationship between AI and the internet. …the truth is that the machine is responding entirely to your habits, to…
As 2023 draws to a close and 2024 looms ahead, we find ourselves grappling with a landscape marked by economic recession, societal unrest, and intensifying geopolitical strife. In the face…
…directly impacting the physical and creating dire consequences for privacy, well-being, and personal safety. Augmented Reality (AR) provides new opportunities for attackers to compromise the privacy and safety of their…
…of existing legislation and policies, and to provide recommendations for improvement. This project is approved by the European Commission and has received funding from the European Union’s Horizon 2020 research…
…specifically in the case of renewable energies such as wind power. Edge computing allows the processing of data to take place at the source. Turbines combined with edge computing technology…
…privacy legislation. Regulations are evolving fast and depending on the number of geographies in which a business operates, tracking and implementing regulatory mandates can be a complex endeavor. Non-compliance can…
…to complain on any aspect of the processing of your personal data. You also have the right to complain to the Information Commissioner by writing to: The Information Commissioner’s…
Achieving an appropriate balance between people, processes and technology can help to detangle the complexities of the supply chain and create better security practices. Supply chains are now a fundamental…
…is “a misbelief that ships are not vulnerable to cyber incidents,” leading to a compliance-driven approach, where industry will only do the bare minimum to comply with existing regulations. There…
Hackers often attack company networks using compromised login information, a challenge for cybersecurity leaders who want to protect data and systems while allowing employees the access they need. Experts say…
…implementing a security architecture, this executive summary establishes common architectural concepts, shows you how to avoid common pitfalls, and describes the advantages to integrating architecture into the information security function….
…communication with decision-making stakeholders, keeping their requirements up-to-date and improving the organisation’s ability to measure information risk and security performance over time (see the graphic on the right). But what…
…Since data is central to decision-making and competitive advantage, its sudden disruption or unavailability can lead to severe repercussions for the business. Some of the essential questions security teams ought…
…and their employer will no doubt have an adverse effect on their attitudes toward the company and, consequently, heighten the risk of insider threats, either by accident, judgment errors or…
…detect more sophisticated flavors of malware. In a future where improved global trade possibilities allow the largest companies to grow far quicker than others, those organizations will become huge targets……
…maintenance of various software and hardware components. This introduces major risks for ICS acquirers of these products and services because malware and vulnerabilities can be leveraged to compromise the ICS…
Distinguished Analyst Paul Watts explores the shifting nature of business, the role of the security leader, and the implications of continuing to not align to each other’s goals. A (digitally…
…2022 was supposed to be a breather for CISOs as the uncertainty surrounding the pandemic largely subsided. Sadly, they found themselves coming to terms with the new “never normal” instead….
…engaged governance? That answer lies in the maturity of the information security function as well as the competence and skills of security practitioners. The Five Levels Of Security Maturity And…
…point. That’s because the cloud comes with its own set of security and governance challenges. 1. Controlling the sprawl An average employee uses about 36 cloud-based services daily, while enterprises…
Bill Gates wrote, “The development of AI is as fundamental as the creation of the microprocessor, the personal computer, the Internet and the mobile phone.” Although artificial intelligence (AI) technologies…
…have been able to tackle difficult and unprecedented challenges, all the while managing the risks that come with them. However, for many security leaders, maintaining these relationships and capturing the…
…workers from being exploited, we need training and awareness programs that address the way they do business and the channels they use to communicate. 4. Edge Computing Edge computing is…
…may not be owned by the company,” he explained. “Companies are looking for people with mobile device management, and SSO skills, because those are toolsets that are let team members…
…unfounded, excessive or repetitive. Further information on your rights can be obtained from the United Kingdom’s Information Commissioner’s Office. Complaints Please contact us if wishing to complain on any aspect…
…vast experience in evidence-based decision-making, Tim explores making complex topics digestible for the board, creating strong cultures in global organisations, and the ongoing fight for talent. …our purpose is three…
…the board informed of run-of-the-mill security concerns or providing detailed reports on how the company maintains regulatory compliance, improving board communication around security is a top concern for today’s executives….
…the company’s special filing with the U.S. Securities and Exchange Commission, notifying the SEC of the data breach. Hackers encrypted some files. Hackers exfiltrated (removed) some data. Remediation is underway….
…the Middle-East and Africa with the guidance and tools they need to navigate the complexities of such an evolving cyber landscape. We are now closer to our European Members than…
…ways in which your organisation can fight back from a technology, operational, and leadership perspective. Join us on 7th February 2023 at 14:00 GMT as the panel explore how AI/ML-based…
…compromise of privileged account credentials, possibly via phishing, spear-phishing, or brute-forcing credentials. The library admitted to having an unusually diverse and complex technology estate comprising a stack of legacy tools…
Rules implemented in 2023 by the US Securities and Exchange Commission (SEC) regarding risk management, strategy, governance, and incident disclosure have raised important considerations for security leaders of public companies…
…cloud adversaries to effectively defend against attacks. CrowdStrike’s 2023 Cloud Risk Report puts a spotlight on the adversaries targeting enterprise cloud environments. Watch to learn key trends in adversary activity,…
…sessions from the world’s foremost international security experts who discussed the key challenges and opportunities that ISF member companies and businesses will face in 2021. Key topics of discussion included…
…as smart grids emerge, new models of power distribution will begin to rise, and that’s going to create a complex supply chain of startups, high tech companies, and established utilities….
…of communication gets you a long way. And often people think complexity will make them look good. So they’ll build a complex message…Whereas actually, it’s the simplification of that message……
…personal data, determining compliance status and defining the scope of a GDPR compliance programme. Phase B | IMPLEMENT the GDPR requirements to demonstrate sufficient levels of compliance by May 2018…
…2021. Key threats for the coming year include: Cybercrime: Malware, ID Theft, Ransomware and Network Attacks Insider Threats are Real The Digital Generation Becomes the Scammer’s Dream Edge Computing Pushes…
…the sheer volume and velocity of 5G networks, combined with the complex infrastructure and heavy reliance on software, create a perfect landscape for threat actors. Steve Durbin, Chief Executive of…
…Multiple virtual networks and RAN partitions essentially create more entry points for malicious actors. An attacker can compromise a network slice to monopolise resources for compute-intensive activities such as crypto…
The number of devices and associated challenges are far too many. IIoT devices possess limited computing power and, therefore, lack the ability to run security solutions…. This is where AI…
…strategic vulnerability disclosure by rogue competitors, organized criminal groups and hacktivists. Given the global dependence on commercial software, the weaponization of vulnerabilities will have far-reaching consequences for businesses and their…
…Covid-19. Having said that, it’s alarmingly common for digital transformation projects to end up as expensive failures: A scant 5% meet or exceed expectations, according to a survey by Bain…
Unless you’ve been living on a Desert Island recently, it won’t have escaped your notice that the Securities and Exchange Commission (SEC) in the United States filed a complaint in…
…https://www.recordedfuture.com BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. www.beyondtrust.com…
…networks that powers more than 27 million Internet properties, with approximately 13% of the Fortune 1,000 companies using at least one Cloudflare product. https://www.cloudflare.com/ The Netskope security cloud provides unrivaled…
…we collect it through our website at securityforum.org (“Site”) or isflive.org or from other sources. This Policy set outs our commitments to you, in compliance with and beyond the General…
…organisation. Promote a strong culture of communication and collaboration between operational, technology and security teams, regardless of reporting lines. Initiate and support a comprehensive review of business operations across the…
…nightmares for insurance companies as they face complex class-action legal battles should incidents begin to fall into recognisable patterns. Threats will not be isolated to just cars – semi autonomous…
…version of the Cybersecurity Framework, the recover function relied significantly on the security function being a good communicator – 50% of all subcategories relate to communication activities during an incident….
…intellectual property or confidential data can make them lose their competitive advantage, reduce the company’s valuation (recall Yahoo-Verizon) or eventually become a deal breaker (trigger a MAC provision) in the…
…A meticulous CFO can save the company the embarrassment and financial impact of a major breach by taking proactive steps in anticipation of targeted attacks. Companies should take the time…
…new technologies, the geopolitical arena is likely to become complex, turbulent and fragile. More inward-facing policies will be a result of frustration with liberalism and globalism, while national and commercial…
…of five interrelated elements deemed critical to tackling cybercrime and bolstering cybersecurity defences. Funded by a €5m European Commission Horizon 2020 research program, the report is compliant with the European…
…researchers are reporting a two-fold rise in ransomware-led cybercrime. Attack techniques and common root causes While the FBI is reportedly tracking as many as 100 variants of ransomware, most ransomware…
As new technologies and infrastructure such as virtualization, cloud, and containers are introduced into enterprise networks to make them more efficient, these hybrid environments are becoming more complex—potentially adding risks…
…leniency, with legal and cyber experts predicting stricter enforcement to ensure companies comply with privacy requirements. While still relatively low in volume, the number of GDPR fines increased 39% at…
…mechanisms. “This is a stunning and completely unexpected decision. In invalidating the Privacy Shield framework, the European Court of Justice has jeopardized the ability of thousands of companies to do…
…online vulnerabilities stem from the government’s aging computer systems, current and former federal tech chiefs, lawmakers and industry analysts say. But ongoing efforts to upgrade these systems tend to get…
Tali Sharot, Director of Affective Brain Lab, discusses optimism bias and its impact on cybersecurity communication with Steve Durbin, CEO of ISF. She emphasises people’s tendency to underestimate risks and…
…resolved. Insurance regulators, insurance companies and organisations looking for cyber cover can all contribute to mitigating systemic cyber risk. What insurance regulators can do Involve insurance companies and commercial organisations…
…in combination with closed source software, creating what is termed ‘mixed source software’. Mixed source software can be derived from any number of combinations of OSS components. The possibilities include…
Quantum Computing: a positive influence or a potential tool for misuse? In conversation with Steve Durbin, Konstantinos Karagiannis, Director of Quantum Computing at Protiviti, delves into the possibilities and risks…
…including on your company’s security posture, which might need some realignment. The Enterprisers Project has debunked some common misconceptions about online security specifically for the remote workforce: False: This shift…
…2 days. Operations have now returned to normal, but the incident highlights the risks that come with combining operations in the digital space with operational technology (OT). The attack is…
CEO and Founder of Cascade Insights, Sean Campbell, offers pragmatic guidance for management to better influence remote employee productivity and satisfaction. With managers needing to communicate their mission more effectively…
The ISF has tailored resources to help you tackle global emerging threats and challenges. Following the implementation of the Data Security Law (September 2021) and the impact which the Personal…
…over the next two years. Among the threats that will likely come from increased advancements in technology, ISF predicts the internet of things (IoT) will not only continue to proliferate…
…in the organization, such as risk management, compliance and audit. This lack of alignment can lead to poor communication, stemming from failures at the governance and leadership level, adversely impacting…
Governments, NATO and military organisations now recognise cyberspace as a ‘domain of operations’ or the fifth operational battlefield, with the other four being land, sea, air, and space. As the…
…pandemic to ramp-up business email compromise scams, the FBI and security researchers warned this week. In an alert, the FBI says that fraudsters are sending BEC messages that use COVID-19…
…changed. In the past, threat actors targeted any vulnerable computer they could find. Now, they’re targeting enterprise networks with cryptojacking malware. And with 80% of enterprise workloads migrating to the…
…your company will also have to adapt to stay viable and competitive. For 2019, your top concerns regarding technology likely will include: Upgrading software Making data and systems more secure…
…society. Here are four security challenges likely to impact organizations in the coming years. 1. Rapid Tightening of Regulations Raises the Stakes for Non-Compliance As fears and pressures relating to…
…and enumerating recommended steps, is beneficial for both the company and the supplier. Develop a framework that addresses company needs for secure partnerships, and keep it up to date. Lay…
…Balancing rigour with accessibility is proving one of the most complex problems for solution providers, and something that every business will need to grapple with in the coming years. Simplifying…
…them vulnerable to hijacking. Commercial drones provide a fresh privacy concern as they begin to store sensitive information on board,” said Steve Durbin, managing director of the Information Security Forum…
…an employee of a company to introduce malware — i.e., malicious software programs designed to damage or do other unwanted actions on a computer system — into Tesla’s computer network….
Ransomware represents the most likely and damaging cyber risk for many organisations, with nearly a quarter of all malicious activity involving ransomware. Increasing by 13% in 2022 alone, such an…
…to offer insight into balancing compliance and security priorities and deconstruct her journey through the cybersecurity industry. Listen as she shares her experiences and perspective on how the industry can…
Steve Durbin, Chief Executive of the ISF, deconstructs Deborah Wheeler’s journey to the role of CISO at Delta Airlines. They discuss balancing compliance and security priorities, managing effective security across…
…– Extinction Level Attacks: A survival guide – Jason shares his insights on communications good practice, common pitfalls and the importance of preparing a communications strategy before an attack happens….
As the regulatory landscape continues to evolve, organizations are aligning with industry standards and frameworks to support their operational, compliance and audit requirements. Whilst security leaders are aware of the…
In this episode, ISF Chief Executive, Steve Durbin, sits down with Jonathan Moore, CTO of SpiderOak, a data security software design firm in Silicon Valley. Steve and Jonathan discuss digital…
<Back to Blocks and Templates…
…communicated outside of your RD process? You risk reputational damage if it transpires that they had warned you up front and perceptively you did nothing about it. A pre-emptive communication…
…Last week, Washington, D.C.-based cybersecurity venture capital firm and incubator DataTribe released a brief report on early-stage venture investment in the past decade. Using data from Pitchbook, the company analyzed…
…are deliberately conceptual and principle-based (such as GDPR). As such, they are highly compatible with a principle-led architecture. Read the full article Download our Security Architecture: Navigating complexity Executive Summary….
…of big tech companies. As these companies grow stronger through diverse revenue streams and enhanced investment power, they may create barriers to entry in the global digital marketplace that will…
…Dowden was vocal that legislative reform would be grounded in common sense, rather than box-ticking, which is so often associated with compliance requirements. A key motivation for this overhaul is…
…misconfigurations and biases help cyber criminals walk through the front door of some of the most “security-savvy” organisations. The threat landscape is also becoming riskier and more complex. Employees working…
…human-centered security program will consider roles, psychological processes, attitudes and even the method and structure of communication. However, changing behavior in the long term is a complex task. It requires…
…time people spend together. They may come to the office once a week or once a month; the important thing is to make space for people to come to feed…
…was the websites that were compromised, Absalom notes that third-party software can itself become compromised or trojanized and become “a single point of failure” for multiple companies, and thus “has…
…is distributed across an array of systems that can be compromised. Additionally, the sheer velocity of 5G networks combined with complex infrastructure, more routing points and heavy reliance on software…
…the Information Security Forum Limited, a UK Limited company registered in England under company number 04822538. Our registered address is: Information Security Forum Limited, Elder House St Georges Business Park,…
…with ISF analysts Paul Watts and Mark Ward. Together, they dive into a comprehensive discussion examining the report on the breach at the British Library in the UK. Listen as…
On Thursday 24th February at 13:00 GMT, Bruce Page and Aman Behl, ISF, discussed the key findings of a European Commission research report on cyber-related strategies, laws, initiatives, law enforcement…
…on the complexities of modern organisational leadership. Drawing from his extensive experience, Thom highlights the overwhelming nature of leadership roles in today’s fast-paced environment, suggesting future leaders embrace uncertainty and…
<Back to Blocks and Templates…
…revamp their IT infrastructures to accommodate what is rapidly turning into an almost certain permanent work-from-home environment for employees. Now that companies’ tech stacks and infrastructure have been updated, and…
<Back to Blocks and Templates…
…Computing Pushes Security to the Brink Edge computing will be an attractive architectural choice for organizations; however, it will also become a key target for attackers. It will create numerous…
Because innovation is moving so rapidly, keeping up with industry best practices can seem like a full-time job on its own. Plus, attackers are constantly evolving their campaigns, often exploiting…
…people are confused, they’re worried.” Among top-performing companies, however, a more positive vision of cybersecurity is emerging — one that goes beyond the common image of a purely defensive shield….
…investments and mergers and acquisitions. The agenda is also likely to cover corporate governance, culture and talent, legal and regulatory compliance, and shareholder expectations. While the board’s agenda focuses on…
Says who? “Regulatory frameworks will continue to drive security maturation for companies. Specifically, the European GDPR will force companies to take a complete inventory of data they control or process,…
…the legalities – not least because you don’t want the Information Commissioner, your insurers or angry shareholders and customers coming after you, and citing your analysts’ speculations on Slack or…
Paul Watts, Distinguished Analyst for the Information Security Forum (ISF), featured in Computer Weekly. The past five years have been a turbulent time for the IT sector. Just as technology…
…still in their infancy. Machine learning requires huge data sets. For many real-world systems, like driverless cars, a complex blend of physical computer vision sensors, complex programming for real-time decision…
…business so they can make decisions about how to allocate limited resources. Ensuring Compliance A risk-based approach to compliance is essential. A key question here is: What can you implement…
…minds, are committed to open communication and are willing to learn will win the day. When the storm has passed, it will surely leave a great deal of destruction in…
…workforce. This next generation coming through has been taught from an early age to share, to embrace technology and to live their lives digitally. To combat this growing threat, organizations…
…with leaders across the organization. For any CISO pursuing a successful career, I believe the following six skills are crucial: Communicate clearly. Any business leader needs the ability to communicate…
…Edge Computing And 5G Edge computing (as opposed to centralized computing) is increasingly becoming a popular and attractive architectural choice for many businesses. Cloud computing and the move to push…
Here are five questions to help determine if your company needs cyber coverage. The cyber insurance market is rapidly maturing and there are many reasons for this. Companies are increasingly…
Over the past weeks, you’ve heard encore presentations of some of our favourite episodes this year throughout our Summer Listening programme. As we look ahead to Season 14, we are…
…you prioritise when resources are under pressure? How do you determine a manageable level of information risk? How do you assure your supply chain? How do you manage compliance across…
…for, among others, Caesar’s Palace, Lego, Omega, Vera Bradley, and Yamaha. Bob shares his perspective on digital transformation in the retail market, building a solid team, and effective communication within…
Information risk introduced via the supply chain is increasing. Organisations need smart supply chain information risk management solutions that provide the right level of information protection where needed, acting as…
…the vast majority of modern computing languages and creates the operating systems that nearly all computers run off (Windows, iOS, Android, and Linux (the last two are opensource, but most…
…Podcasts user, you can now subscribe to the ISF Podcast on YouTube Music. What defines a competent leader ? Amanda Fennell, CISO & CIO at Prove, joins ISF CEO Steve…
“Ultimately we are being asked to trust our governments in their ability to handle personal information and some have better track records than others when it comes to being trusted.”…
……challenge the company, yourself, your teams, everybody, on security. Not just by saying no, but how can I help you to get better? How can I help the company to…
…across less mature network environments. AR’s visual interface will provide a new visceral mechanism for attackers to components of AR to communicate ransomware demand to targets. Augmented Reality technologies will…
…making New York the most cyber-resilient city in the world, sharing tips on how to include and communicate with all departments and employees on what to do in case of…
…the war in Ukraine shine a particular light on organisations’ areas of vulnerability. (2:42) 2. In the context of global warming, quantum computing poses major challenges. (5:50) 3. As quantity…
…must be able to demonstrate that they are ready…they need confidence in their ability to not only comply, but manage that compliance over the life of the NIS 2 Directive….
…after a cyberattack hit its networks. According to UHS, through its subsidiaries, the company operates 26 Acute Care hospitals, 328 Behavioral Health inpatient facilities, and 42 outpatient facilities and ambulatory…
…data were largely centralised. But with the advent of cloud computing, bring-your-own-device policies and remote working, organisational environments have become distributed and decentralised. This evolution of the network is one…
With the workplace undergoing significant changes over recent years, companies need to rethink how they drive the right behaviour in this new environment. Covering key topics such as avoiding burnout,…
What commonalities exist between sports, and business leadership? Steve Durbin interviews Randy Jackson, a renowned football coach known for transforming struggling teams. Randy, also a business consultant, discusses the parallels…
In part two of their conversation, Brian Lord and Steve Durbin discuss the societal dangers of AI mis-and-disinformation campaigns, highlighting its potential to manipulate public opinion during elections. They emphasise…
…haven of certain components…because the further you move away from that, the less control you’ll have, the more risk you’ll introduce… Tune in to hear : Nick Witchell ask Steve…
…AI, to explore its global ramifications on geopolitics and society. Nina underscores its transformative potential, particularly highlighting the competition for AI supremacy between the US and China. Concerns regarding data…
Steve Durbin, ISF CEO is joined by Tavia Gilbert to review how ISF’s early predictions on AI’s threat evolution, like deepfakes and industrialised cyber-attacks have materialised. Steve makes a compelling…
The complexity and unpredictability of the global threat landscape makes it a difficult space to navigate. Dr. Christopher Ankersen joins Steve Durbin to discuss why global security professionals should apply…
…face as suppliers to government bodies, especially concerning the vast quantities of data they manage. Despite free guidance from the NCSC to aid regulatory compliance, it is not enough. Brian…
Regulation is always playing catch-up. How can security professionals ensure it keeps pace in addressing the challenges posed by emerging technologies? Dr. Andrea Matwyshyn joins Steve Durbin to address the…
Preparing a successful cyber incident response requires security professionals to go beyond the corporate playbook. Daniel Norman, Regional Director EMEA at the ISF, joins Steve Durbin to discuss how to…
…will ravage infrastructure. Over the coming years, organizations will experience growing disruption as threats from the digital world have an impact on the physical. Invasive technologies will be adopted across…
…and break new records, could zero trust be the answer to ransomware woes? Before we answer this question, let’s first understand zero trust and its core components. What Is Zero…
…partnerships at the Depository Trust & Clearing Corp., the institution that settles all stock trades in the U.S. He was speaking at a meeting of the Commodity Futures Trading Commission’s…
The repercussions of data breaches impact not just technical systems but also business operations and reputation. Preparing a successful cyber incident response requires security professionals to go beyond the corporate…
…networks. Often the goal has been to steal intellectual property, company secrets, or in some cases commit sabotage. Inadvertent mistakes also pose an ongoing threat. A common activity is sending…
Professor of Digital Ethics & Defence Technologies at Oxford University, Mariarosaria Taddeo, sits down with ISF CEO Steve Durbin to discuss the intersection of artificial intelligence (AI), cyber warfare, ethics,…
The ISF Podcast returns for Season 24. In this week’s episode, we’re previewing some of the best moments from the episodes you’ll be hearing. Tune in to hear Steve Durbin,…
In today’s dynamic business landscape, survival hinges on constant adaptation. Steve Durbin sits down with neuroscientist Beau Lotto, to explore how applying the science of perception can help organisations thrive…
…the ‘accidental insider’. It is clear that technical controls and wider investment in preventative controls can only do so much when it comes to preparing individuals to manage the threats…
About us This website is operated by the Information Security Forum Limited (the ‘ISF’), a UK registered company (04822538). Our registered address is Information Security Forum Limited, Elder House St…
…learn, reason, and act independently are still in their infancy. Machine learning requires huge data sets. For many real-world systems, such as driverless cars, a complex blend of physical computer…
…and security practitioners – the speed of digital business, coupled with an uncertain world, means we can never truly be in complete control of risk. We must continue to rethink…
…what you’re aiming for, they are better equipped to help you reach it. Communicate regularly and respectfully. Issuing commands without discussion, failing to explain decisions or bouncing from pillar to…
…computing. DeRusha will need strong backing and real power to effect change. He must start by figuring out where and how to most effectively spend the money in an environment…
…to ensure secure and effective AI implementation. …It’s about being aware of how AI is used across their organisation…by competitors, and how AI may disrupt the company and Industry……
…on the future of work (1:40) 2. Sunsetting pre-pandemic business norms while imagining new ones (2:47) 3. Companies in every sector will be reinventing themselves in order to thrive in…
Artificial Intelligence has become an increasingly important part of society. If regulated correctly, it can be a powerful tool to drive innovation and economic growth. Dragos Tudorache joins Steve Durbin…
…Exposing compliance issues can prove difficult, but that does not mean they don’t exist. Cybersecurity exercises can help to uncover areas of non-compliance, giving you an opportunity to fix them…
…onto your computer: Name Purpose Cookie Type Expiry complianceCookieISF The cookie is set to record the user consent for the cookies. Necessary 1 year PHPSESSID The PHPSESSID cookie enables the…
In many organisations, the role of the CISO has become far removed from day-to-day operations, leaving a disconnect between security and the business. Daniel Norman, Regional Director, EMEA at the…
…have multiplied, and penalties can be more severe than fines. Increased public awareness and media interest have led to potential commercial and reputational consequences for non-compliance. The risk of private…
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to…
Despite their extensive experience, trained security professionals often find themselves excluded from a seat on Public Boards. Dr. Andrea Matwyshyn of Penn State University joins Steve Durbin to address the…
…level of information security controls. Nevertheless, the cloud environment is complex and diverse, which hinders a consistent approach to deploying and maintaining core security controls. It is vital that organizations…
…fostering diversity. …the next generation will not work for a company that they don’t trust…where they don’t see behaviour back in those values in their everyday lives…companies have to change……
…survey, most companies try to identify gaps to play catch up. In cybersecurity, that is too late. Companies need to stay a step ahead of malicious actors. Some companies, like…
…Feedback received from global shipping professionals indicate that a common threat to the industry, such as cyber security, is dealt with differently among industry practitioners around the globe. Data collected…
…The pivotal role of leadership in shaping company culture and its impact on business prosperity. Curbing the hidden costs of turnover rates. Cultivating an environment where employees envision long-term commitment….
As organisations bid to improve business performance by rushing to adopt the latest AI buzzword, AI expert Eric Siegel explores the considerations needed to ensure these powerful tools deliver tangible…
<Back to Blocks and Templates…
Develop a holistic backup strategy that covers all systems and core infrastructure services. Steve Durbin, Chief Executive of the ISF and Forbes Business Council Member. Even if you could completely…
As organisations continue to embrace a blend of in-office and remote working, security teams are faced with the ongoing challenge of ensuring employees maintain a secure environment. Steve Durbin, joined…
…than just a trend. Cloud computing has evolved at an incredible speed and, in many organizations, is now entwined with the complex technological landscape that supports critical daily operations. This…
In this bonus episode from Season 17 of the ISF Podcast, Mo Gawdat, author and ex-Chief Business Officer at Google X, sheds light on the ways in which we, as…
In the final instalment of our Artificial Intelligence (AI) series, Steve Durbin, Chief Executive of the ISF is interviewed by Kavitha Kadambi, Chief Information Security Officer (CISO) at Infosys. In…
…Forum Limited, a UK Limited company registered in England under company number 04822538. Some important details about us: Our registered address is: Information Security Forum Limited Elder House St. George…
…siphoned from Ukraine. By the same reasoning, we’re oblivious as to what goes into making a smartphone. Where do the different components come from? We don’t give mind as to…
…engagement across incident response to HR and elsewhere. Clear and concise communication is key to effectively manage the operational, financial and emotional impact of a cyber attack. Internal communication between…
…the private sector and collaborate across geographic boundaries, especially with large groups of people coming online for the first time in parts of Africa and Asia. The combination of increased…
…third-party cyber risk management, BlueVoyant’s Risk Operations Centre (ROC) creates a comprehensive defence for organisations within the most expansive and complex supply chains. The ROC, modelled after traditional Security Operations…
…had some fun exploring the world of the telephone networks…Well, security thinking comes after you create the ability to do things. It always comes secondarily. And we found out why….
Viviane Reding, former First Vice-President of the European Commission, sits down with ISF Chief Executive, Steve Durbin to discuss the ramifications of GDPR, cybercrime, and what kind of governance in…
…log in and complete a security assessment, a Member has designated you as one of their suppliers. The contents of this assessment have been chosen by the Member organisation from…
Supply Chain Assurance Framework: Contracting in confidence – provides a structured approach to help organisations’ information security functions to embed information security considerations into the contracting process. Updated in 2020,…
…prominent political figures, diplomats, and experts from the world’s top analytical centers. Steve outlines the implications that communication platforms have on our data and privacy both now and into the…
…personal environments. He is a frequent speaker and commentator on technology and security issues. Steve has served as a Digital 50 advisory committee member in the United States, a body…
…attacks, it can also execute them. Cyber criminals can employ AI themselves, as well as turning AI used by companies against them. AI can be switched to convince victims to…
…activity. Five Common Myths And Misconceptions About Zero Trust I’ve found there are a number of misconceptions business leaders often hold surrounding zero trust. Here are the top five: Myth…
…pushed the healthcare services to breaking point. In addition to these clear operational concerns, threats from the cyber domain remain apparent, invasive, and in some cases, deadly. Over the coming…
…to call a number in an email, look up the number yourself on the company’s website Be cautious opening attachments from people you don’t know Be suspicious if the message…
…influence into the operations of hardware developer Super Micro Computer Inc. to spy on the enterprises to which Supermicro supplies computer chips. First detailed in an early October Bloomberg Businessweek…
With coronavirus crisis creating new opportunities for cybercriminals, 70 percent of organizations are seeing the value of increasing their investments in cybersecurity solutions. According to a LearnBonds.com report, besides boosting…
…Organized criminal groups, hackers, and competitors will begin stealing and compromising these treasure troves of sensitive data. Organizations whose business model is dependent on behavioral analytics will be forced to…
…inform your workforce, customers, and stakeholders about the potential fallout from such an attack or breach? If you’re a public company, you’ll be compelled to issue a public statement post…
…other infrastructure get thrown into the mix, cyber security becomes even more complex. Organisations must therefore have a repeatable, measurable process in place that ensures they do not become complacent…
…a ransomware attack and to ensure business continuity should the worst happen. These three are crucial to emerging successfully: • Maintain a proper backup: Regular and comprehensive backups don’t have…
Good cyber hygiene and a strong risk management culture is the obvious approach to take if you want to try to avoid being one of those “company X just got…
…that needs to be mentioned: competitors. “Increased levels of espionage and sabotage from competitors will also heighten as organizations do battle for technological supremacy in this space,” warns Daniel Norman,…
As the likes of Google and Apple bolster privacy in the race to come up with contact tracing apps to get a handle on the spread of COVID-19, Americans are…
Also, beware of email “offers” from companies you don’t recognize and even those that you do know but shouldn’t be emailing you – they’ll likely contain a malicious click through…
The inaugural Security Middle East Conference was a major success for the security community. Over 200 security leaders filled the conference in Riyadh on the 9th May to discuss a…
…data breaches have something in common: All of these rely on people serving as conduits. Cyber scammers frequently employ human psychology in their attack strategies, thriving on basic human traits…
…they are vulnerable and attractive targets. Many satellites also communicate solely through radio-based wireless protocols, which makes them an attractive target for attackers. Satellite assets are unique; they are often…
…losses can occur, should those assets be compromised. The financial context An asset is something that we use, for either personal or business reasons. It can be quantified in monetary…
Technology and processes should complement behavior, not add friction and impede productivity… Steve Durbin, Managing Director of the ISF The information security industry is playing catch-up when it comes to…
Poorly secured robo-helpers will be weaponised by attackers. By Steve Durbin, Managing Director, ISF Over the coming years, organisations will experience growing disruption as threats from the digital world have…
…Their Own Voice Dealing with Regulatory Volume Handling Technology “The CISO is coming under pressure from many different directions. Whether this is external, internal or personal, these forces have combined…
…target video Fully Synthetic Material: Real material used to train machines on what people look like, resulting in a picture that is completely made up, for example, thispersondoesnotexist.com or www.generated.photos….
…as their businesses’ bottom lines become more vulnerable from the potential impact of an insider threat causing a data breach, stolen intellectual property and other risks. Read more at https://www.business2community.com/cybersecurity/verizon-report-brings-the-critical-discussion-of-insider-threats-back-to-the-boardroom-02190310…
Avord launches platform to reduce the multibillion-pound annual cyber security testing cost that most UK firms say is too high. Businesses across the UK have criticised the security testing industry…
…https://www.recordedfuture.com BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. www.beyondtrust.com…
…https://www.recordedfuture.com BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. www.beyondtrust.com…
…https://www.recordedfuture.com BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. www.beyondtrust.com…
…https://www.recordedfuture.com BeyondTrust is the worldwide leader in Privileged Access Management, offering the most seamless approach to preventing data breaches related to stolen credentials, misused privileges, and compromised remote access. www.beyondtrust.com…
This week Steve Durbin, Chief Executive of the ISF, wraps up part two with a timely conversation that considers the impact and likelihood of AI becoming sentient. As AI plays…
In the first episode of Season 13, Chief Executive of the ISF Steve Durbin, explores five business priorities CISOs must consider to ensure they remain resilient for years to come….
…she shares many practical tips and examples from case studies. ..the whole ecosystem is, of course a vulnerability to every company today…not just our suppliers but the end-level suppliers……
Welcome back to the ISF Podcast, cutting-edge conversations from the leading authority on cyber security. Kicking off Season 14, Steve Durbin, Chief Executive of the ISF, speaks with Seán Doyle,…
Business Information Security Officers (BISOs) are a newish addition to the roster of jobs available to InfoSec practitioners, but how do you become one, and how do they relate to…
As technology advances and becomes integrated into all business operations, supply chain security must keep pace. Listen as Strategic Supply Chain Expert, Omera Khan, explores the importance of improved collaboration…
Books that deal with hackers, culture, surveillance capitalism and the first principles of Infosec are debated in this special holiday season episode. Cyber specialist Alice Violet, ISF analysts Mark Chaplin,…
…choices with a variety of defences and work-arounds just to avoid a series of unforeseen attacks and threats – some of which will come at them from pretty unexpected directions….
…government and law enforcement are huge when it comes to trying to catch cybercriminals, or indeed, control the environment in which they are operating. And they can’t do that alone……
…cyberspace. Touching on AI and cloud security, he focuses the conversation on how organisations can move beyond compliance-led training activity to achieve company-wide resilience. …if you have people exercise once…
In this episode, ISF Chief Executive Steve Durbin speaks with Brett Beranek, Vice President and General Manager of security and biometrics at Nuance Communications. They explore some of the potential,…
Kicking off the ISF Podcast Summer Listening program, Steve Durbin is joined by Seán Doyle, Lead for the Centre of Cybersecurity at the World Economic Forum. They discuss the role…
Managing information risk does not lie solely with your security team; it is an intrinsic business issue that requires proactivity from the top down. Business leaders must cultivate a resilient…
How could your organisation be affected during periods of instability, and what steps could you take to understand the potential threats and be better prepared? The Information Security Forum has…
Dr. Christopher Hand, Senior Lecturer in Psychology at the University of Glasgow, returns for part two of his conversation exploring online human behaviour. Focussing on the post-pandemic consequences of digital…
Scenarios are an essential component needed to explore the many plausible futures – everything from cyber risks to long-running regional conflicts. Dr. Matt Finch, from Oxford’s Said School joins Max…
With Season 18 of the ISF Podcast centred around building resilient teams and adapting to new technologies, Steve Durbin takes a moment to reflect on the crucial takeaways for business…
…he offers insight into allowing people the freedom and safety to come up with ideas, being selective on what you protect, and how the complexity of systems we have created…
ISF analysts Benoit Heynderickx and Paul Watts are joined by Ross Johnston from Bupa to provide an ISF Member perspective on cloud services: how they are used and the risks…
…how she uses it and debates what its ultimate impact will be. It’s a tool, it doesn’t have that moral compass. It just runs on whatever data we give it….
Security practitioners and business leaders often seem like a community divided by a common language. Former historian Jemina Lakka-Kolari joins ISF analysts Paul Watts and Mark Ward to explore the…
In the coming years, internet of things (IoT) infrastructure will become unmanageable and impossible to secure effectively, with attackers discovering a growing number of abandoned, network-connected devices and subsequently compromising…
Ransomware emerged in 1989 and continues to afflict organisations today, alongside various other scams, whether cyber-related or not. It’s the same threat on a different day. Listen as InfoSec veteran…
This episode from Steve Durbin, Chief Executive of the ISF, is the first of two episodes surrounding the ethical dilemmas that are posed by AI and innovation. Tune in as…
Steve Durbin, Chief Executive of the ISF, sits down with Federico Varese, a professor of Criminology and Head of the Sociology Department at Nuffield College, Oxford University. With first-hand account…
…process. Carl also provides actionable advice for small to mid-size companies looking to grow through acquisition. …so I think for me, it’s more positioning. It’s more what they’re doing in…
Steve Durbin, ISF Chief Executive, delves into the first major theme, ‘well-intentioned regulations can have unintended consequences’, from our Threat Horizon 2024: The disintegration of trust report. Steve highlights the…
…strike a balance between ethical practices, operational agility and sustainable growth. …by 2025, an organisation’s competitive advantage will be tied to the effectiveness of its data handling and analysis capabilities……
Drawing from his experience as the former CISO of MassMutual and Aetna, Jim Routh delves into the ways that CISOs can lead their organisations towards cyber resilience. Jim offers actionable…
Steve Durbin returns to the cyber hot-seat as journalist Kirsty Lang hosts a discussion reflecting on the exponential threats facing organisations and individuals today. Steve explores the rising collaboration between…
…hunting expert from PwC, joins ISF Analysts to examine the primary risks posed by AI and how organisations can be better prepared against them. …compared with smaller sub-sets, if you…
…overconfidence during a crisis and think that’s where reassurance come from. But humility is like rocket fuel when it comes to trust, if you get it right as a leader……
Today’s episode features highlights of a recent fireside chat that global tech services and consulting firm Infosys hosted featuring our own ISF Chief Executive Steve Durbin. Discussing a range of…
There is no getting away from Artificial Intelligence (AI) at the moment – It’s in our phones, on the web and shaping our world. Whether this is a good thing…
Climate change, AI, politics – all pressing topics that have continued to garner attention both within and beyond the cybersecurity industry. Key topics that could feature in the next edition…
Steve Durbin, Chief Executive of the ISF, takes time to reflect on where CISOs are at today, and how the role is likely to evolve in the near and distant…
In today’s episode, we’re sharing a compilation of some of our listeners favourite episodes from last year. Featuring some of the world luminaries including Steve Wozniak, co-founder of Apple Inc,…
From a security perspective, what are the personal apps/app types that you think CISOs should never want to find on a company-owned device and why? What’s your advice for setting…
ISF Principals Bharat Thakrar and Mark Chaplin join Mark Ward to begin a series dedicated to shedding light on a career in information security. The conversation covers their personal paths…
Whilst AI models have circulated academic settings for years, their recent surge in popularity have ignited a crucial discussion about their future. Listen as Ellie Pavlick, professor at Brown University…
As AI systems such as ChatGPT dominate technology news headlines, many are curious about what it takes to keep pace and truly harness this potent technology. Listen as ISF analysts…
…transformations within organisations must be carefully planned, especially if the organisation is competing in the highly innovative markets. Whilst there are big opportunities with such a gamble, there are big…
Do you need to improve your team’s risk assessment skills? Gain a comprehensive view of how ISF can enhance your team’s ability to deliver actionable assessments of information risk with…
…wanting a seat at the table, wanting to exercise that chief piece in the title…which means that they are an executive director, and that comes with all of those responsibilities……
…global skills shortage, the ongoing threat of ransomware and how social engineering could facilitate cybercrime. A complex nexus of digitally connected devices and superfast networks will prove to be a…
Keeping in mind the developing global situation, many are wondering what is happening with the current expansion of 5G, and what could it mean for local and global security? As…
…in the company newsletter, infographics, and messaging on company social channels.” “The best security policies are under constant review and take into account ongoing feedback,” added Steve Durbin, managing director…
Expert in online culture and technology, Jamie Bartlett, shares insights from his journey across the far reaches of the dark web. Jamie explores how to navigate the innovative ways threat…
The second of two episodes around ISF Chief Executive Steve Durbin’s research: ‘The New World Order and the Race for Tech Dominance’. This episode covers the role technology has, and…
…actions to refine security strategies Crisis communications with key stakeholders and a communications plan – involving security/comms/PR/legal aspect/customer service Resilience and post event wash up In this panel session, Paul…
…Convention on Cybercrime that could mitigate those challenges going forwards. A company that is a victim, do they have confidence enough that if they go to law enforcement, that something…
…good candidate Extend the technical view of blockchain to all the components – including those that form the distributed ledgers, such as applications, communications, underlying cryptography and security components Incorporate…
…the coming robot takeover, the role of government in regulating AI and cyber, and more. About Josh Jackson Josh is the Global Head of Public Sector at 6clicks and a…
There’s only so much that a CISO can get from books, some of it has to be learned on the job. Hear experienced CISO Ralph Benton from media group Schibsted…
…a core consideration. …it really does reinforce the need for ongoing communication between security and the business, the CISO talking to a variety of the different business leaders that he…
Cybersecurity should not be an afterthought for small business owners, it must be baked into the everyday operations of the organisation. In today’s episode, Marc Gibson, owner and CEO of…
…a modern enterprise. …you should celebrate your successes, but if you are trying to be the hero of the company people will get tired of you…it has to be a…
Featuring a timely conversation between Steve Durbin, ISF Chief Executive, and Stephen Poloz, former Governor of the Bank of Canada, this ISF Podcast is not one to miss. Drawing on…
Kicking-off the new season of the ISF Podcast, journalist Nicholas Witchell returns to put Steve Durbin, Chief Executive of the ISF, back in the ‘cyber hot-seat’. In this ten-minute discussion,…
In this episode, ISF Chief Executive, Steve Durbin speaks with Mark Ralls, President and COO of Invicti Security – a Texas-based company that provides dynamic web application security solutions. They…
The world feels increasingly heated and volatile. Is this a temporary trend or a sign of things to come? Dire forecasts of trouble ahead and what can be done to…
Dr. Christopher Hand, Senior Lecturer in Psychology at the University of Glasgow, gives his take on how society can help individuals to thrive in the digital age. In this first…
…to is the supply chain.” A widely cited study found 16% of companies purchased counterfeit IT equipment. Since then, things have gotten worse. A recent global survey of 1,300 companies…
Gain a comprehensive view of how ISF can support you in building a strong foundation for business resilience with this seven-minute bitesize video….
…overarching strategy of the business. …governance is about building experience and understanding what makes a company tick…what does the company need? It differs greatly between different organisations…this may be well…
Following this year’s release of Threat Horizon 2024: The disintegration of trust – Report, this season of the ISF Podcast will break down the three key themes and threats that…
In many industries, the art of story-telling has the power to get across important and difficult messages. In a bid to change security culture at his organisation, Rouzbeh Barzegar explains…
…Cabinet of Commissions, sharing her insights into the Standards, Policies and laws of the European Union aimed at fostering stronger Cyber Resilience for businesses who operate globally. …we have no…
Andy Burnham, Mayor of Greater Manchester (UK), joins Steve Durbin to discuss the ongoing pursuit of synergy between social and industrial progress in the city. They analyse ways of reducing…
…is a comprehensive assessment of your organisation’s security controls, enabling analysis of your organisation’s performance versus targets as well as comparisons with industry standards and frameworks such as ISO, CIS,…
…understand and address the many security challenges presented by the complex and heterogeneous aspects of the cloud environment. “Cloud computing has evolved at an incredible speed and, in many organizations,…
…normal. You have to understand what this computer is doing on a day to day basis…if you are connecting to a website, what is normal for that computer to do?…
Are suppliers putting your organisation’s security at risk? Gain a comprehensive view of how ISF can support you in assessing your most critical suppliers to reduce your exposure to cyber…
Cloud computing has evolved at an incredible speed and, in many organisations, has become entwined with the complex technological landscape that supports critical daily operations. Business and security leaders already…
…threat intelligence remained an unfulfilled promise. However, threat intelligence has since come of age as a technical capability, and has started to catch up with expectations. Tune in to this…
…Ward. Listen as she shares her perspectives on how AI can be used as a complementary tool to enhance creative processes. There is always a human at the beginning…
Founder and CEO of Nametag, Aaron Painter, joins Steve Durbin, Chief Executive of the ISF, to reflect on the current challenges of workplace culture in the remote world. He offers…
…common language with various key stakeholders. The methodology is set out in six phases; each detailing the steps and key activities required to achieve the phase objectives, as well as…
In this episode, ISF Chief Executive Steve Durbin is in conversation with Adam Rumanek, the founder and CEO of AUX Mode, a company specialising in digital rights management, content strategy…
Valuable information is used to compete and succeed in a global market; information assets can represent more than 80% of an organisation’s total value. Mission-critical information assets – an organisation’s…
Iwona Muchin from ISF Member Ageas joins the analysts behind the recent ISF Measuring Security and Nurturing Security Governance reports, to provide her unique perspective into what it takes to…
…could be a solution to the global cyber skills shortage. …we don’t necessarily want experience. If you come out of university you have so many new perspectives that we need…
…studying computer science. Providing his first-hand perspective is Benoît de Lavignère, one of the program’s first successful recruits. The conversation culminates with insightful questions from Richard Absalom and Mark Ward…
With the ISF Cyber Awareness Month programme now underway, Steve Durbin, Chief Executive of the ISF, uses this podcast to shed light on how organisations can make themselves a less…
In the first part of his discussion, author and former Chief Business Officer for Google X Mo Gawdat raises awareness on how we as humans can begin navigating a world…
…wanting a seat at the table, wanting to exercise that chief piece in the title…which means that they are an executive director, and that comes with all of those responsibilities……
Vulnerability management is all about making good choices. A task that is considerably difficult when security teams are faced with tens of thousands of vulnerability gaps in need of being…
The convergence of politics, technology and international relations is bringing about a slew of cyber risks and uncertainties that have serious implications for organisations. Steve Durbin returns to explore the…
…but if you don’t make it easy for people to implement these policies, and if you don’t measure the compliance, it gives a false sense of security within the company……
To better prepare ISF Members for the highly uncertain business environment of today, our flagship Threat Horizon report has evolved to take a scenario-based approach to thinking about the future….
As more and more companies connect together, it has never been more critical to understand the risk posed by third-party vendors. If their security posture isn’t up to your standards,…
Do your security controls measure up? Gain a comprehensive view of how ISF can support you in reviewing performance against your industry peers and industry frameworks with this four minute…
Erik Avakian, a former US State CISO, joins ISF CEO Steve Durbin to discuss the ever-evolving role of CISOs, emphasising their need to be business partners rather than just gatekeepers….
Looking ahead to 2024, the ISF research team sit down to reveal what themes they will be looking into over the next 12 months. Listen as Mark Ward, Richard Absalom,…
…from the fact that insiders don’t always threaten the company’s data security intentionally. In fact, many data breaches resulting from insider threats are completely unintentional. To combat these risks, as…
In last week’s episode of the ISF Podcast, we featured a presentation ISF Chief Executive Steve Durbin made on the 8th December 2021, on the Emerging Threats we expect to…
Penetration and security testers – what do they do all day? Listen as experienced security tester Glenn Wilkinson and relative newcomers Alex Miller and Barney Muller talk about what the…
Steve Durbin, Chief Executive of the ISF, speaks with Jonathan Brill, futurist and author of the book, Rogue Waves: Future-Proof Your Business to Survive and Profit from Radical Change. Together…
…people have become increasingly mobile and hyper-connected. Almost every worker has multiple devices that can compromise information instantly and at scale: impact is no longer limited by the amount of…
…via those networks and how the platforms might evolve in the near future and beyond. You reply to a story, comment on a post, that is way less investment, but…
This episode features a discerning conversation between Göran Walles, CTO at NetNordic Sweden, and Steve Durbin, Chief Executive of the ISF, around the double-edged sword of artificial intelligence (AI) and…
…in North America was $90,000 per year, according to the ISC(2). But the ESG/ISSA survey found that compensation is just one piece of the puzzle. “Aside from compensation, cybersecurity job…
Steve Durbin is joined by Tavia Gilbert to share his updated views on the ever-increasing intensity of the threat landscape, the role of the business leader, and the impact of…
…helping to understand the differences in knowledge, skills and responsibilities between the information security and ICS teams. Has your organisation considered the complexity of environments within its ICS security controls?…
In a world filled with unpredictability and chaos, relying on conventional methods will not prepare organisations for an uncertain future. Against this backdrop, Threat Horizon is changing. Listen as ISF…
Recruiting individuals to fill roles in Infosec is tough, compounded by the increasing complexity of managing, mentoring, and training once they’re on board. Keith Price, a seasoned CISO at National…
…Durbin to provide actionable advice on how security and business leaders should collaborate to ensure best practice security is cascaded through the business. …there isn’t a common language, it’s your…
For those recently appointed as security leaders or CISOs, the initial period can be challenging, as the consequences of missteps carry tangible risks. In this podcast, esteemed security lead Lisa…
…data’. Steve covers illicit data manipulation by threat actors, attackers using misinformation to divert security teams’ resources, and the balance between commercial advantage and security challenges posed by digital twins….
…devices and subsequently compromising them. Over the coming years, organizations will find themselves unable to patch, update and operate a range of IoT devices that will be phased out of…
…practice with their business processes, information security programme, risk management, and compliance arrangements. Designed for risk management specialists, information security managers and security practitioners, SOGP helps organisations to: be agile…
…extreme weather events over the coming years. Moreover, the US Federal Emergency Management Agency released new proposed flood maps along the west coast of Florida, showing that many companies that…
The insider threat comes in many forms, with employees acting maliciously, negligently and even accidentally to compromise information assets. Managing the insider threat is arguably the biggest challenge in information…
…business amidst growing legal and regulatory complexities. …quantum is going to render so many existing encryption systems ineffective. And that could have such a big effect on some of the…
…of Startup CEO and the new release, Startup CXO: A Field Guide to Scaling Up Your Company’s Critical Functions and Teams. Steve and Matt discuss the ups and downs of…
Is your organisation ready to respond to the NIST Cybersecurity Framework 2.0 update? To assist both organisations and individuals in understanding the changes within the NIST Cybersecurity framework (NIST…
In this episode, ISF Chief Executive Steve Durbin and podcast host Tavia Gilbert dive deeper into this season’s theme of Digital Transformation. We’ve had a handful of guests, including Jonathan…
…to work across projects in a consistent, systematic and structured way. It becomes easier to align business goals, communicate clearly about risks and requirements and support fast-paced change and innovation…
…get that and get it right are flourishing in a manner that is appropriately protecting their intellectual property, their core components, their core business, because that’s how they view it….
Scammers, cyber-thieves and computer criminals are not far behind pornographers when it comes to exploiting technology innovations for their own purposes. Every time technology takes a leap forward, enterprising hackers…
Steve Durbin, Chief Executive at the ISF is speaking with Harvard Business School Professor Thomas Eisnemann about his new book, Why Startups Fail: A New Roadmap for Entrepreneurial Success. Steve…
We are now operating in a new world and one unrecognisable from 2019. Society, commerce and our lives have been disrupted on a level not experienced by many generations. As…
…Kent. Andy and Jason share insights on communications good practice, common pitfalls and the importance of preparing a communications strategy before an attack happens. Listen to the conversation here >>…
…and continue to provide poorly designed security awareness, training and education activities. Archaic, compliance-led, ‘tick-box’ phishing simulations are slowly being replaced by progressive human-centred initiatives: Organisations are seeing real business…
90% of the code in Apps today comes from Open Source Software. Whether through infiltrating the software delivery pipeline, deliberately uploading malicious components to popular repositories, or taking advantage of…
…to which Steve is a regular contributor. Last week, we talked about how most governments seem to be struggling with how to rein in big tech companies in order to…
…home you are probably safe to write them down but keep the list away from other family members. 4. Keep work and home separate Especially when it comes to communications…
…common cause of compromise. Any link in this chain could cause security incidents that: lead to supply chain failure or otherwise disrupt operations leak sensitive information compromise the integrity or…
…building your team’s communication skills, and more. …we have a ton of different issues with transitioning to the cloud and depending on remote access to organizational assets. And I think…
…4.0, machine automation, embedded computing, embedded systems, transportation and more. A statement provided to Bleeping Computer on behalf of Advantech acknowledged the attack and said “the stolen data was confidential…
Steve Durbin, Chief Executive of the ISF and Captain Shults discuss leadership during a time of crisis, the importance of building trust with your team, how her parents’ example led…
Steve Durbin, Chief Executive of the ISF, speaks with actress, voice coach, leadership consultant, and expert in core energetics, or body-led psychotherapy, Kate Montague. Kate discusses the effectiveness in taking…
…claims human experience is free raw material for commercial practices, the expanding attack surface for digital information warfare, and more. Shoshana Zuboff Shoshana has devoted her career to the study…
Steve Durbin speaks with Dr. Kate Stone, a “creative scientist” whose company, Novalia, blends art and science to create fusions of new and old technology. Dr. Stone talks to Steve…
Sharing information with suppliers is essential for the supply chain to function. However information compromised in the supply chain can be just as damaging as that compromised from within the…
ISF Chief Executive, Steve Durbin, speaks with Matthew Doan, Senior Manager at BCG Platinion and Cybersecurity Policy Fellow at New America. Steve and Matthew talk about growing your skills, finding…
…and communicate associated risk. The ISF’s Tools and Research, complemented by our award-winning consultancy services, are one such holistic approach. For further guidance on how to improve your business’…
…how to resolve the skills shortage, the purpose of vendor-neutral training, the coming disruption of digital transformation, and more. Digital transformation is extremely disruptive… it takes digital media and digital…
…quantum computing and augmented reality will create significant opportunities but pose real threats to business. Social With the political and economic environments in turmoil, it is then no surprise that…
…effectively manage these different generations when it comes to information security? Banding individuals into ‘generations’ helps society categorise people born and raised around the same time. There are caveats though…
In this ISF Podcast, we’re bringing you a conversation between ISF Chief Executive, Steve Durbin, and ISF Senior Solutions Analyst, Dan Norman, from the 2020 ISF Congress. Steve and Dan…
…reflect the diversity of the ISF Membership by developing products and services that meet the needs of our distinct and global Member community. We are committed to maintaining a diverse…
…consolidation of not only the critical components of the internet itself, but the technology companies that leverage it to serve the global market. We have been putting more and more…
By Daniel Norman, Senior Solutions Analyst at the ISF A large portion of IoT-related breaches have stemmed from the attacker discovering the default password and compromising devices at scale. The…
…“The [work from home] trend due to the COVID-19 pandemic has significantly increased insider threats from employees taking risks with company assets, such as stealing sensitive data for personal use…
Whilst the APAC region experiences rapid growth, varying levels of cyber security maturity make it a hot target for cybercrime compared to other parts of the world. Whether it is…
…and trusted community ambience – these are not large exhibitions or trade-shows Compare and share how fellow CISOs are leading teams and driving their business forward Network at dedicated evening…
Communicating and collecting information from third-party partners and vendors is an everyday burden for third-party risk teams, but often there are internal communication gaps that can persist and hinder program…
There just aren’t enough certified cybersecurity pros to go around — and there likely never will be enough. So how do you fill out your cybersecurity team? Executives and hiring…
https://www.youtube.com/watch?v=rB2NNfTHNSo This session focussed on delivering deep insights into the current state of third party cyber risk across a multitude of industries, from media to auto and critical infrastructure….
…overarching frameworks that have mapped the controls of each into one tool, such as the Cloud Security Alliance’s Cloud Control Matrix, or the HITRUST Common Security Framework, which harmonizes multiple…
Annual report identifies emerging security themes organizations will face over the next two years as a result of technology change. The Information Security Forum (ISF), the trusted resource for executives…
Have you filled in your brackets? March Madness kicks off this week. The annual NCAA men’s basketball tournament is a sports spectacle that seems to rival even the Super Bowl…
https://www.youtube.com/watch?v=CNHQqgtnYaw Organisations around the world rely on Industrial Control Systems (ICS) assets and environments to support their business operations and processes every day. Through innovations in ICS technology and…
In the 20th century, a wave of technological advancement changed the global economy. The rise of the digital revolution pushed industrialism aside while the world became connected. Humankind shifted to…
…of communications skills, understanding of how businesses operate and even emotional intelligence. His views were echoed by Erhan Temurkan, director of security and technology at Fleet Mortgages. “We are finding…
Supply chains are a vital component of every organization’s business operations and the backbone of today’s global economy. However, security chiefs everywhere are concerned about how open they are to…
…it comes to ransomware in particular, one question that I’m asked frequently is: ‘Should I pay?’ Ultimately, this is up to the discretion of the individual or the organization,” Durbin…
…remove the JndiLookup class from the classpath. The NCSC advisory can be found at https://www.ncsc.gov.uk/news/apache-log4j-vulnerability and some indicators of compromise (IoC) can be found at https://github.com/curated-intel/Log4Shell-IOCs (disclaimer: these links are…
…represents a common language used across and within organisations, as well as with external parties such as regulators and insurers. Executive management speaks finance and fears loss. Loss can be…
…the BCS security community of expertise. The General Data Protection Regulation (GDPR) has driven many chief information security officers (CISOs) to reassess their security posture. The new data regulation, which…
https://www.youtube.com/watch?v=4SNo0T8uvK0 Once viewed as an expensive luxury, developments in threat intelligence have enabled the capability to move into the realm of quicker, real-time updates of an organisation’s threat landscape…
…the implications of digital connectivity, the increase in the digital cold war and businesses’ dependence on digital competitors. The report breaks the threat horizon into a number of themes and…
WASHINGTON — September 2017 was the beginning of the end. That’s when Equifax disclosed publicly, for the first time, that nearly 150 million people had their personal information — including…
…cyber security plan. Large companies have more complex needs requiring a more sophisticated strategy and beyond the context of this article, contact me with you need assistance with your needs….
With all the hype in marketing, some topics get way too much attention, while other — in some cases, more important — topics languish because they’re not as sexy or…
…to be able to respond for an incident that meets all of the needs for compliance, business operations, and threat mitigation. Every business operations related to your business is the…
https://www.youtube.com/watch?v=YjtQxg7h0WA Supply chain attacks are high on the agenda of the board, but there are no easy fixes to a growing challenge. How do you secure your organisation against…
…it could be troublesome for small firms to make sure their data is exceptionally secured and is proposed for particular uses in compliance with GDPR. Businesses are moving a more…
How can organisations best use unified threat management tools to help stem the tide of data breaches? Navigating the plethora of security products on the market to select the right…
https://www.youtube.com/watch?v=S4KNgdrwyU0 As connectivity, devices and applications have advanced over the decades, the volume of information has grown with it. Security measures, however, have not been considered and implemented at…
Until recently, Chief Executive Officers (CEOs) received information and reports encouraging them to consider information and cyber security risk. However, not all of them understood how to respond to those…
https://www.youtube.com/watch?v=cPiFDe53BaA How to Reinforce Your IT Risk Program in a “Not If, But When” Incident Environment The post-digital transformation reality has exposed businesses differently across newly adopted IoT eco-systems and…
…and Arbitration Service (ACAS), 70% of surveyed managers were concerned about Gen Z’s introduction to the workplace, with the need for instant gratification, resistance to authority and poor face-to-face communication…
Enterprises will face nine major threats, including vulnerabilities in software and other applications, state-backed espionage with emerging technology and malware feats and manipulated machine learning, says Threat Horizon 2021 from…
The Information Security Forum (ISF), the trusted source that senior security professionals and board members turn to for strategic and practical guidance on information security and risk management, today announced…
https://www.youtube.com/watch?v=fjAWc-V8m7M Information risk assessments enable organisations to select controls or other treatment options that are commensurate with risk in order to reduce the frequency and impact of information security…
…and competitive advantage. On the other hand, the buyer could blindly inherit cyber risk from the acquired company with little or no understanding of the security controls in place. The…
…based on security incidents to build resilience. Ensure that communication channels and responsibilities companywide are clear and that the board is kept informed about potential incidents as they develop. It…
The U.S. Department of Homeland Security is requiring that federal agencies speed up patching and remediating “critical” and “high” software vulnerabilities. Under a new directive, Binding Operational Directive (BOD) 19-02,…
The pandemic has caused a tectonic shift in how we live and work. Many companies are slowly returning to offices while an estimated 40% of the U.S. workforce continues to…
By 2021, the world will be significantly digitized and connected. The race to develop the next generation of super-intelligent machines will be in full swing and technology will be intertwined…
…a conglomerate holding company and a pharmaceutical firm based in South Korea. Kaspersky previously reported that PC maker Asus and the third-party supplier of the company’s Live Update Utility software…
…about how companies are handling the data. As such, the role of the Chief Data Officer is finding its place in more organizations. A study by NewVantage Partners cited in…
Information security threats are intensifying every day. Organizations risk becoming disoriented and losing their way in a maze of uncertainty, as they grapple with complex technology, data proliferation, increased regulation,…
…first case of artificial intelligence (AI)-assisted vishing — social engineering using an automated voice — to perform a high-profile scam. Attackers replicated the voice of an energy company CEO, able…
…bodies, including the Federation of Small Businesses, the CBI and various insurers. CWT chief information security officer Harshal Mehta said: “Compliance with this scheme highlights our strong commitment to cybersecurity….
…experts in the industry: In 2019, defenders will increasingly think and operate like an attacker by understanding the attack paths and methods that will be used to exploit them. Companies…
The EU is looking to head off the next major cyberattack against Europe by creating rules for how member states should react and respond. The new EU protocol is meant…
…are intensifying every day. Organizations risk becoming disoriented and losing their way in a maze of uncertainty as they grapple with complex technology, data proliferation, increased regulation and a debilitating…
…threats while aligning security strategy with business strategy. 2. Assess information risk and deliver comprehensive, consistent protection. Information risk assessments should be performed for target environments (e.g., critical business environments,…
…of legal manoeuvrings by Microsoft and other companies are becoming much more common in the ongoing tussle between nation-states, tech firms and victims, Steve Durbin, the managing director of the…
…best to work with intelligent systems. Given time to develop and learn together, the combination of human and artificial intelligence should become a valuable component of an organisation’s cyber defences….
…aren’t demonstrating enough business value? Now with a possible recession looming and companies cutting costs, proving cybersecurity programs are good for the business has become vital to protecting budgets and…
…will become increasingly volatile. Vast webs of intelligent devices, combined with increased speeds, automation and digitization will create possibilities for businesses and consumers that were previously out of reach. The…
https://www.youtube.com/watch?v=Us0exCM1jg0 Following a turbulent two years, former-CISO and Distinguished Analyst at the ISF, Paul Watts, and Mark Ward, Senior Research Analyst at the ISF, are considering key recommendations for…
…support to address them. Risk. According to Merriam-Webster, the word has several meanings. First is “possibility of loss or injury: PERIL.” A little down the list comes, “the chance of…
IoT and digital transformation efforts will leave more businesses vulnerable to cyberattack, according to Information Security Forum. To stay secure in the modern connected world, businesses must keep track of…
https://www.youtube.com/watch?v=ulFBd-vXTjQ Phishing continues to be the preferred method that cybercriminals use to gain access to a business-critical information. While many organisations have turned to technology to combat the threat,…
By Steve Durbin, Managing Director, ISF In the coming years, advanced deepfakes of high-profile individuals or executives will threaten to undermine digital communications, spreading highly credible fake news and misinformation….
Criminal organizations will continue their ongoing development and become increasingly more sophisticated. In the year ahead, businesses of all sizes must prepare for the unknown so they have the flexibility…
Today, there is no longer a hard network perimeter. Businesses need to forge close links with partners, employees increasingly use their own devices for work and software platforms interconnect business…
Steve Durbin- Managing Director of the Information Security Forum (ISF), Named European Business Magazine’s MD of the Year in Information Technology for 2018/19 European Business Magazine today announced that Steve…
…or the compromise of networks, communications or other information technology resource. Insider threats are on the rise, according to a study from The Ponemon Institute, sponsored by ObserveIT and IBM….
…ahead of looming data protection deadlines, then 2020 was the year organizations were expected to prove themselves ready. In retrospect, companies probably shouldn’t have gotten too comfortable with Privacy Shield…
…touch almost every aspect of our lives, the initiatives and changes introduced by the UK’s latest strategy reflects this transformation. The 2022 update has some notable differences compared to its…
People’s Republic of China In 2016, the National Cyber Space Security Strategy was released. As part of this strategy, cyber security was declared as the nation’s ‘new territory for national…
Shreya’s work in Information Security is backed by her extensive thesis in Cloud and Network Security. She has worked on various technology -driven engagements with ISF Members and non-members. Before…
…stay on top of a range of cyber threats. The Covid-19 era has compounded this stress tenfold – individuals are expected to perform their role remotely with less time and…
…Forbes 2000 global companies. As information security activities contribute to the organization’s goals and support compliance with regulation, The Standard, as well as other ISF tools and services, should be…
…public at large. The Federal Trade Commission says that since January 2020 until mid-April, they received 18,235 reports related to COVID-19, and people reported losing $13.44 million dollars to fraud….
Organisations have long implemented security awareness training programs in an effort to protect against data breaches. These programs are often designed with a one-size-fits-all approach, focused on compliance, and rarely…
…overall process. Human-centered security would account for this with a program of initiatives and reminders that intervene at the points at which people commonly make poor security decisions, and enable…
…content can be manipulated by AI and undermine digital communications,” Durbin explains. The threats in ISF’s report shouldn’t be viewed in isolation; they can be combined to create much deeper…
A major feature of the current COVID-19 crisis has been the sudden growth of state control and influence on everyday lives. Whilst most would agree measures such as nationwide lockdowns…
…toward illicit data manipulation to compromise the accuracy and credibility of information, thus puncturing the integrity of the data organizations use to drive their businesses forward. 2. Misleading signals will…
…vital to doing business, even brief periods of downtime will have severe consequences. It is not just the availability of information and services that will be compromised – opportunistic attackers…
As the world becomes increasingly technology-dependent and data-oriented, cyber risks are only going to rise. There are several disruptive forces at play: an increasingly complex, remote and perimeter-less workplace environment,…
Identifying normal behavior baselines is essential to behavior-based authentication. However, with COVID-19 upending all aspects of life, is it possible to build baselines and measure normal patterns when nothing at…
…as potentially being the weakest link in the security chain. “Phase three will come about through increased stress and cyber-anxiety which will result in a lowering of vigilance and frankly,…
…” States continued to identify increases related to the services industries broadly, again led by accommodation and food services. However, state comments indicated a wider impact across industries. Many states…
…the global consulting team at Huawei, advising telecom operators across the continents. Previous positions held include the lead at the UK arm of IDATE-Digiworld Institute, a TMT European think tank;…
“Remote working and remote business interactions will identify new opportunities, new ways of working that we would not otherwise have spotted, and I think will also give rise to a…
…permanent job vacancies in the sector increased by 32.56%, and contract tech roles increased by 48.27% in comparison to the same period last year. Ahsan Iqbal, director of technology at…
Prior to joining the ISF, Francesca graduated from Queen Mary University of London with a degree in Politics and International Relations and worked with charities and local government on a…
Since joining the ISF in August 2022, Lee has co-authored Threat Horizon 2025 and authored the Vulnerability Management: Beyond patching and Demystifying Encryption Key Management briefing papers. He is currently…
As a starting point, an individual will always choose to be productive in their current role over behaving securely… Daniel Norman, Senior Solutions Analyst at the ISF Cybersecurity training needs…
…landscape across both the corporate and personal environments. He is a frequent speaker and commentator on technology and security issues. Steve has served as a Digital 50 advisory committee member…
…governance and the rest of the company doesn’t acknowledge its presence. Others might be at the higher end, where governance helps shape the entire organization, its culture, its decisions and…
https://www.youtube.com/watch?v=1vm-bG6LSQI On the 28th April at 13:00 BST Paul Holland, Principal Research Analyst, and Daniel Norman, Senior Solutions Analyst, explored a vendor-agnostic approach to implementing a Zero Trust Security…
https://www.youtube.com/watch?v=17oPGU3BLGM The digital transformation has affected all sectors: automotive, industry, banking, health, and since the pandemic the education sector has been transformed, not to mention remote working. From the…
…crypto is still quite new and complex, companies need to identify or perhaps recruit subject matter experts in cryptocurrencies and assess the organisation’s readiness for their secure adoption. Organisations must…
This landmark study provides private- and public-sector leaders with evidence-based insights into the cybersecurity practices and investments that are most effective for mitigating risks. ThoughtLab, a leading global research firm,…
…of those organisations in their own homes. Not only did this reveal vulnerabilities common across internet-enabled printers, but also how much corporate data lived in people’s homes. Since that time,…
Rising inflation, surging commodity prices, an uncertain economic recovery and an ongoing Russia-Ukraine crisis — the global economy has had a pretty rough start to 2022. Against such a volatile…
When it comes to building an InfoSec team, security executives face a number of challenges, from offering enough pay to keep talent to finding enough people with the technical skills…
…compromised vendor credentials to access the retailer’s internal networks and supply chain. Information shared in the supply chain can include intellectual property, customer-to-employee data, commercial plans or negotiations and logistics….
How can organisations combine software-defined networking, containerisation and encryption to prevent rogue code from running freely across a corporate network? The concept of a clearly defined network perimeter, with controls…
The Information Security Forum recommends that businesses focus on the following cyber security topics in 2019: Right up to the end of 2018, massive cyber-attacks made immense waves. In the…
…information and intelligence is key: Data: Discrete facts and statistics gathered as the basis for further analysis. Information: Comprised of multiple data points that are combined to answer specific questions….
Artificial intelligence (AI) has become an everyday reality and business tool spurred by computer advancement, data science and the availability of huge data sets. Big tech companies – Google, Amazon…
2018 was yet another fascinating year when it came to cloud computing, along with the emerging technologies which complement and rely on the cloud. As the ecosystem has matured and…
…to cut security budgets and put business protection initiatives on hold. Steve Durbin, CEO of the ISF Release from COVID-19 lockdowns across the globe will be complex and drawn-out with…
In the year ahead, organizations of all sizes must prepare for the unknown, so they have the flexibility to withstand unexpected, high-impact cybersecurity events. To take advantage of emerging trends…
…billion was lost to phishing attacks… 2.3 billion account credentials were compromised… A ransomware attack on the Sacramento Bee exposed the records of 19.5 million California voters. The threat of…
…designed to facilitate communication are actively used to massively and uncontrollably collect personal information from the population. As a result of the colossal concentration of personal data in the hands…
The first nation state to develop technologies such as AI, 5G, robotics and quantum computing will gain unparalleled economic, social and military advantage over rivals. It almost goes without saying…
…emotional reward for the action. Security teams and employees, too, are prone to becoming complacent. For example, if an employee shreds sensitive documents and feels they have done a good…
…and beyond are full of opportunity and less historical challenges to overcome. The opportunity to develop a rich and meaningful set of progressive governance, risk and compliance solutions to secure…
…by exploiting technical vulnerabilities, rather than assessing the organization’s ability to defend itself. 5. Phishing exercises: Phishing exercises test employees’ ability to detect fraudulent communications (email, text, phone, web), social…
…the bare minimum of staff. Last year saw a permanent change to security strategies, compelling a change in focus to tools based on access controls, such as VPN and multifactor…