“Organizations are adopting smart devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers.” Steve Durbin, Managing Director of the Information Security Forum A state-backed Russian hacking group, dubbed STRONTIUM, has been attacking corporate IoT devices, according to a blog post recounting the findings of researchers […]
Last week the port of Nagoya became the victim of a ransomware attack: the busiest port in Japan was unable to either load or unload shipping containers for more than 2 days. Operations have now returned to normal, but the incident highlights the risks that come with combining operations in the digital space with operational […]
The rising value of information, the increased connectivity of systems, and the rapid uptake of cloud computing technology are significantly expanding the threat from cybercriminals and hostile groups, both in magnitude and severity. To mitigate this risk and build effective defences, organisations must have a better understanding of their adversary: their objectives, their capabilities, their […]
Companies need to consider the cost of to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low – and no – code tools. Nearly 59% of businesses have accelerated their journey to digitalisation while public cloud spending is seeing record growth and adoption in organisations […]
The recently released European Commission report, led by the Information Security Forum with contribution from CC-Driver, a consortium of 13 partner organizations from nine European countries, issued a cybersecurity framework of five interrelated elements deemed critical to tackling cybercrime and bolstering cybersecurity defences. Funded by a €5m European Commission Horizon 2020 research program, the report is compliant […]
Daniel Norman is a Senior Solutions Analyst at the Information Security Forum (ISF). The Middle Eastern region has seen significant public and private investment, especially across urban areas since the mid 1980’s. One just has to compare the skylines of Dubai or Abu Dhabi in the 1980’s to see the differences between the small fishing […]
Paul Watts, Distinguished Analyst for the Information Security Forum (ISF), featured in Computer Weekly. The past five years have been a turbulent time for the IT sector. Just as technology has become more advanced and ubiquitous, so too have the threats facing the industry escalated. Rising to counter these threats are a multitude of security services […]
It is important to recognise that although setting out a policy and process for RD is a practical step to take, the circumstances of any disclosure can vary greatly When it comes to vulnerability management, CISOs should define a responsible disclosure policy so that they can receive and manage identified vulnerabilities transparently, practically and collaboratively, […]
From a security perspective, what are the personal apps/app types that you think CISOs should never want to find on a company-owned device and why? What’s your advice for setting policies that discourage and/or stop employees from using unauthorized apps? Loading new applications onto any device poses some level of risk, if these applications are […]
Satellites support so much of our business infrastructure, but being in space doesn’t make them immune from hackers. Daniel Norman, senior solutions analyst at the Information Security Forum explains why they are vulnerable and attractive targets. Many satellites also communicate solely through radio-based wireless protocols, which makes them an attractive target for attackers. Satellite assets […]
By Daniel Norman, Senior Solutions Analyst at the ISF A large portion of IoT-related breaches have stemmed from the attacker discovering the default password and compromising devices at scale. The consumer Internet of Things (IoT) has exploded into the connected world, making domestic life richer, easier and more entertaining. Consumer IoT comprises a set of […]
Organizations should have an incident response or crisis management plan for ransomware events, knowing who to contact and what to do… Dan Norman, Senior Solutions Analyst at the ISF. Qbot, also known as Qakbot, first surfaced in 2008. The malware has been primarily deployed to steal banking data and credentials. Over the years, however, its […]
The attacking state will build user profiles, understand patterns of behavior and then they will target the most influential individuals or ones most likely to slip up. Daniel Norman, Senior Solutions Analyst at the ISF Norway this week accused Russia of hacking the email system of the country’s parliament, known as the Storting, in September. In […]
Non-security incidents can have a substantial knock-on effect within the information security spectrum Steve Durbin, Managing Director of the ISF Cyber threats didn’t suddenly become a thing when COVID-19 pushed the enterprise into a remote workforce. Careless, security noncompliant employees have negligently allowed hackers access into company computers and software while solidly ensconced within a brick-and-mortar office. A […]
Covid-19 has forced many companies to work remote which has increased their risk surface. On Thursday 3rd September at 14:00 BST, the ISF will be joined by SecurityScorecard and Seth Wahle, Cyber Security Principle at NASA, for a live webinar exploring how COVID-19 is changing the cybersecurity landscape In this webinar we will discuss: Risks […]
By Steve Durbin, Managing Director, ISF In the coming years, advanced deepfakes of high-profile individuals or executives will threaten to undermine digital communications, spreading highly credible fake news and misinformation. Deepfakes will appear with alarming frequency and realism, accelerating and turbocharging social engineering attacks. The underlying Artificial Intelligence (AI) technology will be used to manipulate […]
The traditional picture of a hacker is of a script kiddie in a hoodie hunched over a computer keyboard, but this stereotype is stale and outdated. Is it time to move away from a fear-based approach to security? When people think about hackers, the default perception is of a teenage script kiddie, slaving away in his […]
How do you know that the critical parts inside your servers and devices are not poor quality, ready to fail at a crucial moment? Or, worse, hide malware with nefarious intentions like key-stroke logging, data theft, or sabotage? Outside of leading-edge advances like Intel® Transparent Supply Chain protecting globally linked sellers, buyers, and partners from these […]
Ransomware is a major concern, but it isn’t the only cyber risk your organisation will face this year. There is an expanding array of threats and vulnerabilities that has kept the cyber security industry on high alert this year. Attacks involving phishing, malware, mobile apps and smart devices are growing in sophistication, putting the intellectual property and personal data held by corporations, governments and individuals under constant risk. Despite valiant attempts by security vendors to develop better defences, cyber criminals are an inventive […]
Hackers often attack company networks using compromised login information, a challenge for cybersecurity leaders who want to protect data and systems while allowing employees the access they need. Experts say the solution is secure yet flexible identity-management tools and practices—but figuring out what is best isn’t easy. Recommendations include regular and thorough review of individual […]
