How organizations can navigate geopolitical and cyber risks in an interconnected world
Globalization and hyperconnectivity has made the world more interconnected and interdependent than ever before. The…
Navigating Supplier Risk Challenges to Shore Up Cyber Defences
Steve Durbin delves into the key challenges organisations should address in building resilience against supply chain risks.
Top Risks and Best Practices for Securely Offboarding Employees
Outgoing employees pose significant security risks to organizations. Here are some of the major issues…
Invest in Developing a Human-Centred Security Program
Steve Durbin explores steps to developing a human-centred security program that engages your workforce to better protect your organisation.
Navigating the Politics of Measuring Security
Richard Absalom explores the soft skills needed to navigate boardroom politics, ensuring measurements support decisions and drive action.
Build Cyber Resiliency With These Security Threat-Mitigation Considerations
Steve Durbin offers insight into how organisations can get on the path to developing a coherent security strategy.
Four Cyber Risk Trends to Watch in 2023 and How Businesses Can Mitigate Them
With cyber security becoming riskier, costlier and more complicated, Steve Durbin explores four key challenges to look out for in 2023.
Six Steps to Better Counter Supply Chain Risks
As vendor risk emerges as a top security priority, Steve Durbin provides tips you can adopt today to better manage your supply chains.
Five Top Qualities You Need to Become a Next-Gen CISO
Steve offers actionable guidelines to building and maintaining the skills and relationships that can take security leaders to the next level.
Threat Intelligence: Establishing a stream of trustworthy data
Dan Norman explores how you can create a steady stream of meaningful data that is actually relevant to your organisation.
Security Think Tank: To stop ransomware, preparation is the best medicine
Paul Watts details what you should be focussing on when thinking about business resiliency in the context of ransomware.
Solve ICS Security Issues with ICS and IT Team Convergence
Threat actors are predicted to weaponise industrial control systems in order to harm or kill humans by 2025 - how should you prepare?
The Threat of Deepfakes and Their Security Implications
Steve Durbin discusses the cyber best practices and security controls you should be implementing now to mitigate the threat of deepfakes.
How the Responsible Use of AI Can Create Safer Online Spaces
Steve Durbin offers recommendations for organisations to mitigate the potential risks and manage the ethical adoption of AI.
Five Trends Making Cyber Security Threats Riskier and More Expensive
As risks increase with the world becoming more digital, regulated, and interconnected, Steve Durbin offers steps to reduce their impact.
Cyber Insurance: An effective use of your scant security budget?
Paul Watts questions whether cyber insurance is a must-have item, an expensive luxury, or the emperor’s new clothes.
Three Cyber Threats Resulting from Today's Technology Choices to Hit Businesses by 2024
Steve Durbin features in Dark Reading to discuss three major cyber threats that could result from today's hasty technology decisions.
Security Think Tank:
Balanced approach can detangle supply chain complexity
Francesca Williamson shares insight on how you can detangle the complexities of the supply chain and create better security practices.
Ignoring Cyber Security Can Sour M&A Deals
Steve Durbin featured in Forbes to highlight key cyber security dimensions to consider when entering the merger and acquisition process.
Six Steps to Validate Cyber Incident Response Plans in Times of Conflict
Steve Durbin features in the World Economic Forum, offering considerations to consider when evaluating cyber incident response capabilities.
Five Ways to Secure the Supply Chain in Times of Conflict
Steve explains the five steps organisations can take to help mitigate potential threats against the supply chain and be better armed.
Three Unintended Consequences of Well-Intentioned Cyber Regulations
Steve explains how you can prepare against unintended consequences of cyber regulations, no matter how well-intentioned they might be.
7 Steps to Combat Cybersecurity Threats in Times of Instability
Steve Durbin outlines steps organisations and security teams can use to understand and prepare for potential threats in times of instability.
How Cybersecurity Leaders Can Add Value to M&A Deals
Steve Durbin offers advice on the M&A process: how you can mitigate risk and highlight to leadership the value of information security.
World's Largest Cybersecurity Benchmarking Study Finds that Top Executives Believe their Organizations are Not Prepared for New Era of Risk
ThoughtLab's press release for their study, providing evidence-based insights into the most effective cybersecurity practices and investments.
Cyber Risks for the Emerging 5G Era
Steve Durbin expands upon the risks, not only to individuals and businesses, but also to nations as 5G technologies transform communications.
Five Proactive Steps CISOs Can Take During Times of Instability
Steve Durbin outlines how CISOs can shift from being reactive to proactive, improving the overall resilience of their organisation.
5 Levers Lawmakers Can Use to Tackle Cybercrime
Steve Durbin breaks down each element of the cybersecurity framework presented in the recently released report led by the ISF with CC-Driver.
The Importance of Effective Cyber Risk Management
Dan Norman looks at what needs to be considered when evaluating the risks involved in an organisation’s security strategy.
Four Major Cyber Risks in an Era of Tech Dominance
Read as Steve explores the technological risks that may lead to crises in the next decade in his latest article for Forbes.
Positively Influencing Security Behaviour
Daniel Norman, ISF Senior Solutions Analyst, takes a closer look at 'Human-Centred Security' and how to achieve it.
Confronting Pervasive Cyber Threats for 2022 and Beyond
Discussing key pervasive cyber threats for 2022, Steve Durbin's recent Forbes article presents a strong foundation for security teams.
The Six Best Practices to Prevent Ransomware Infection
Read Steve Durbin's latest article addressing the most common ransomware attack techniques whilst offering guidance on their prevention.
10 Cognitive Biases that can Derail Cybersecurity Programs
Read Steve Durbin's latest article highlighting the impact of the unconscious mind upon cybersecurity vulnerabilities.
"log4j 2" - a perfect way to ruin a security professional's weekend
By now Members will be very familiar with the concern around the 'log4j 2' remote code execution vulnerability; Apache's java-based logger library also known as 'Log4Shell'. This vulnerability is filed as CVE-2021-44228 in the NIST National Vulnerability Database.
Zero Trust: Five Misconceptions Every Business Should Avoid
Cybercrime is a major threat to every industry and organization in the world. No wonder global entities are desperately seeking a silver bullet that can somehow neutralize cybersecurity threats.
Maritime Cyber Security: A Global Challenge Tackled through Distinct Regional Approaches
Maritime cyber security is an emerging issue that requires immediate attention, according to the International Maritime Organization (IMO). Feedback received from global shipping professionals indicate that a common threat to the industry, such as cyber security, is dealt with differently among industry practitioners around the globe.
Zero Trust: An Answer to the Ransomware Menace?
By Steve Durbin, Chief Executive of the ISF. Zero trust isn't a silver bullet, but…
Federal Cybersecurity Directive Spotlights Aging Computer Systems
Chronis Kapalidis, Principal at the ISF featured in WSJ. Many of the cybersecurity gaps outlined…
Is cyber insurance a worthwhile investment?
Here are five questions to help determine if your company needs cyber coverage. The cyber…
Embracing vulnerability management for the greater good
It is important to recognise that although setting out a policy and process for RD…
The next wave of cyberattacks will have 5G to thank
Given the high stakes, security should be at the forefront of 5G rollout plans At…
How criminals use artificial intelligence to fuel cyber-attacks
AI systems and can be entrenched by programmers or specific data sets. Unfortunately, if this…
What are the risks associated with personal, unsanctioned apps on corporate devices and why?
From a security perspective, what are the personal apps/app types that you think CISOs should…
Commercial Shipping Is the Next Cybersecurity Challenge
there is a misbelief that ships are not vulnerable to cyber incidents, leading to an…
Are 5G Networks Setting The Stage For A New Wave Of Cyberattacks?
...the sheer volume and velocity of 5G networks, combined with the complex infrastructure and heavy…
The transport threat
Ransomware will proliferate over the coming years, with attackers locking individuals into, or out of,…
A return to the office is not a return to normal
Perhaps the biggest change that CISOs need to accept is that hybrid working is how…
The Trouble With Automated Cybersecurity Defenses
Speed and accuracy in identifying and responding to threats are the alluring promises of automated…
Questions To Ask To Help You Prepare For A Cyberattack
Develop a holistic backup strategy that covers all systems and core infrastructure services. Steve Durbin,…
Top 5 cybersecurity challenges in the hybrid office
The pandemic has caused a tectonic shift in how we live and work. Many companies…
Time to accept printers will leak data
Though rarely discussed in a cyber context, the prevalence of connected printers and MFPs poses…
Ransomware Is Everywhere — Here’s What You Need To Consider
Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the…
What the FLoC? Everything you need to know about Google’s new ad tech that aims to replace third-party cookies
First party cookies are really useful. For instance, they mean you don’t have to log…
6 Tips for Managing Operational Risk in a Downturn
By Steve Durbin, Chief Executive of the ISF Coping with heightened operational risk during a…
How Retailers Can Tackle Supply Chain Data Risk
By Steve Durbin, Chief Executive of the ISF Make security a core consideration in procurement…
Qbot Banking Trojan Now Deploying Egregor Ransomware
Organizations should have an incident response or crisis management plan for ransomware events, knowing who…
Why ransomware has become such a huge problem for businesses
Anyone with access to the Dark Web can buy readily available ransomware kits for less than $100.…
Insider vs. Outsider Data Security Threats: What’s the Greater Risk?
As data breaches increase, many will be the result of Insider threats. In fact, the…
Quantifying Cyber Risk: Why You Must & Where to Start
"The challenge for security is to be able to translate security metrics into a form…
Remote work: 6 common misunderstandings about online security threats
VPN, cloud, and phishing misunderstandings show up in myths about security and remote work. Security…
Information Security Forum Releases Updated Guide to Security Best Practices
The Information Security Forum (ISF) has published a major update to its Standard of Good Practice (The…
Understanding the CFO’s Cybersecurity Role in the Age of COVID-19
Senior executives understand that today’s global economy is still not adequately protected against cyberattacks, despite…
Risk Management, Insider Threats and Security Leaders in the Age of COVID-19
An insider threat is a security risk that originates from within an organization. According to…
FBI: COVID-19-Themed Business Email Compromise Scams Surge
"Criminals have become more sophisticated by considering the psychological aspects of an attack," says Mark…
The Long-Term Impact of #COVID19 on the Cybersecurity Industry
“Remote working and remote business interactions will identify new opportunities, new ways of working that…
Security Think Tank: To tackle Covid-19, be prepared, flexible and resilient
In our globalised world, high-profile events such as Covid-19 have huge business impacts, some of…
European Electricity Association Confirms Hackers Breached its Office Network
ENTSO-E, the European Network of Transmission System Operators, has announced that it found evidence of…
Insider Threats: How Co-Workers Became a Bigger Security Headache
One of the biggest security threats to your team might be the person working right…
US Sen. Gillibrand Announces Legislation to Create a Data Protection Agency
"As pressure from regulatory compliance increases, businesses must take an increasingly integrated and well-rounded approach…
Security Think-Tank: Tackle insider threats to achieve data-centric security
The belief that effective perimeter security is the best way to protect data is a…
World Economic Forum Global Risks Report Highlights Dangers of Digital innovation
"In a hyperconnected world, attack surfaces and interdependencies will grow astonishingly quickly," warns Steve Durbin,…