Security newsround: March 2018

We round up reporting and research from across the web about the latest security news. This month: cryptomining attacks increase, data breaches rise in Ireland, the business cost of ransomware revealed, UK local authorities come under attack from cybercriminals, NotPetya blame laid at Russia’s door, and automated security makes inroads. Tales from the crypto A […]

Business benefits for ISO 27001 certification, and five steps to making it work

ISO 27001 Information Security Standard

Whether you want to reassure a board – or yourself – that your security programme is operating optimally, the ISO 27001 Information Security Standard gives you that confidence. Here are some business-focused benefits to becoming certified, and some tips for making that process run smoothly and successfully. Choosing to get certified First, let’s address a […]

AWS Cloud: Proactive Security and Forensic Readiness – part 2

Part 2: Infrastructure-level protection in AWS  This is the second in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting your virtual infrastructure within AWS. Protecting any computing infrastructure requires a layered or defence-in-depth approach. The layers are typically divided […]

Security newsround: February 2018

We round up reporting and research from across the web about the latest security news. This month: coinjacking for cryptocurrency, CEO fraud takings, Google gets into security, a hefty fine for data breach, and social engineering the CIA. They got the jack Irish Government websites were among 4,200 portals around the world infected with ‘coinjacking’ […]

Prepare for breach: 10 steps to better incident response planning

Developing an incident response plan – and testing various scenarios against it – is now a must. Let’s all remember the Central Bank of Ireland’s stark warning back in 2016. “Firms should assume they will be subject to a successful cyber-attack or business interruption.” Having a structured and formalised response plan ensures organisations can deal […]

Time to see security training as an investment, not a cost

Having finished 2017 with a blog about allocating security spending, we’re starting the new year on a similar note. Specifically, it’s about investing in security awareness training. Harvard Business Review argued that better training is the best security investment a business can make. Its choice of word was deliberate: businesses need to see security training […]

Data Protection Implications of Brexit

Well I guess this comes as no big surprise. In its “Notice to stakeholders: withdrawal of the United Kingdom and EU rules in the field of data protection”, the EU today declared that the United Kingdom post Brexit will not meet the adequacy requirements with regards to the transfer of personal data from the EU […]

Here’s FUD in your eye: how to tell GDPR fact from fiction

Like it or not, fear, uncertainty and doubt [FUD] are time-honoured tactics for some vendors to scare up easy sales. The General Data Protection Regulation (GDPR) is seeing its fair share of FUD, and Brian Honan has called out the ‘fake news’ surrounding the regulation. GDPR = Y2K? In an audio interview with Information Security […]

No, Minister: politicians’ unsafe email access practices renew password debate

Passwords are back in the news thanks to a politician’s unwitting post on Twitter. British MP Nadine Dorries admitted that her staff and interns all have access to her email through a shared password. As inevitable as a politician’s promise at election time, there was a stampede of commentators decrying such an obvious security fail. […]

GDPR: readiness still far away for many, with less than six months to go

GDPR enforcement begins in under six months, but new surveys suggest many organisations will struggle to be ready in time. One survey found that fewer than one in five businesses are “well prepared” for the regulation. In separate research, 95 per cent of businesses said being compliant will be a “massive challenge”. The first finding […]