Cyber security has long been a priority for CIOs, CTOs, and others in working in technology. But following a number of high profile attacks, and as IT becomes increasingly integral to everyday life, cyber is becoming a mainstream issue of concern, not just across the across the whole of the c-suite, but also among policy makers and wider society. New research released by the UK government last week found that 87% of small firms and 93% of large enterprises had experienced security breaches last year, with some attacks causing more than £1    million of damage.

Like many other countries, the UK has responded to the increasing cyber threat by developing a comprehensive national cyber security policy programme. The £650million, 4-year agenda includes actions to strengthen Britain’s cyber intelligence, defensive, and offensive capabilities; boost skills; and increase resilience in the private sector.  Continue Reading

Last week Mandiant produced their report entitled ‘Mandiant APT1 report’ you can download a copy here.  The report was covered by media globally and essentially exposes a ring in China responsible for APT attacks.  This in itself should be startling news and there have been many stories pointing the finger at China.

However, on reading the report an interesting statistic about how long APT1 were in organizations stands out. We know from the Verizon Data Breach Report 2012 that breaches lead to compromise Continue Reading

Last week Mandiant produced their report entitled ‘Mandiant APT1 report’ you can download a copy here.  The report was covered by media globally and essentially exposes a ring in China responsible for APT attacks.  This in itself should be startling news and there have been many stories pointing the finger at China.

However, on reading the report an interesting statistic about how long APT1 were in organizations stands out. We know from the Verizon Data Breach Report 2012 Continue Reading

Most of us have grown up with a form of authentication – one factor or two factor and it’s become part of our everyday lives from accessing corporate resources to our personal bank accounts.  However, two factor is no longer enough and the cybercriminals are always ahead of the game.

As today’s IT infrastructures become more fragmented across cloud-based applications and mobile devices, enterprise network boundaries are all but disappearing.  At the same time, Continue Reading

Must have competencies for the Cloud in 2013

Following on from my last blog ‘Re-enforcing our doors in 2013’  solving all of the issues of disruptive innovations isn’t going to be possible in a year but we must take some strides towards making some of the changes.  The four members of the disruptive family are Cloud computing, social media, big data and Mobile.

Let’s take Cloud Computing this week and examine some competencies Continue Reading

In my last blog I talked about the key technologies breaking done our doors in 2013.  The four key areas were Cloud Computing, Social Media, Big Data and Mobile Devices.  None of these should have come as a surprise to anyone in the industry today. These are all topics that are discussed and debated around tables of Security teams in most enterprises.  So, what can we do today to ensure we are prepared for these challenges and how do we start re-enforcing our doors so that we allow these new technologies but have greater control and visibility and provide transparency for the user.

Continue Reading

RSA recently launched its latest SBIC report entitled ‘Information Security Shake-up – Disruptive Innovations to test Security’s Mettle in 2013’.  It introduces some interesting food for thought on what organizations should have on their ‘to do ‘list for 2013.  Four key innovations are highlighted which shouldn’t come as a big surprise to anyone, I think we have all been addressing some of these in the last year but it’s time to hunker down and really start focusing on these four key innovations which will test the true grit of our security Continue Reading

One of the great things about traveling is the interesting folks you meet. That’s true not only in meetings and conferences and such, but also on the plane. I’ve had fascinating conversations many times with the people sitting next to me — sometimes about computer security, as when the director of consulting at Verisign and I spent hours talking during a long transatlantic flight. But often the conversations are on wide-ranging topics far removed from IT security.

In all those conversations that I can recall, there was always a balance between candor and a certain tacit agreement about the level of confidentiality each of us would bring to the discussion. We might talk about work, but not about products under development. We might talk about family, but only rarely exchange contact information. We might talk about hobbies and avocations, but not Continue Reading

In his keynote at EMCworld 2012  in Las Vegas, Pat Gelsinger proposed a tongue-in-cheek equation for the “physics of information technology”.  He also used analogies drawn from the world of physics to talk about the transformations that are occurring in information technology — describing the transition from applications to data as a shift in the center of gravity, as well as discussing data in terms of concepts like structure, mass, velocity and half-life.

Pat’s analogy set me Continue Reading

Probably obvious I know but one of the most important aspects of the Olympics has been money. Or more specifically, the ability of consumers, retailers, banks, restaurants, hotels and transport companies to handle transactions without interruption.  Although there have been some signs that systems have been put under strain, key systems have proved to be robust.

London banks had already tested their systems against cyber attack towards the end of last year and the aim was to see how quickly the financial sector could restore services to ‘business as usual’ after major disruption.

The ‘proof of the pudding’ as they say, will be in the delivery of a successful ‘economic games’ and we will be able to claim that all the planning and investment Continue Reading