Now in its second year, the 2014 Microsoft Vulnerabilities Study, compiled by security software company Avecto, analyses the data from Patch Tuesday Security Bulletins issued by Microsoft throughout 2014. Typically issued on the second Tuesday of each month, Patch Tuesday bulletins contain fixes for vulnerabilities affecting Microsoft products. Network administrators, Security Managers and IT Pro...
For too long we’ve seen organizations unable to successfully operationalize their security investments because they are difficult to implement or their security products work in isolation. Organizations need to connect the dots for greater contextual insight into the threats they face in order to build a defense strategy based on meaningful, real-time intelligence.
I know from my experience of deploying privilege management in global organizations that people think it’s going to be hard. Every organization is facing an endpoint security balancing act. On one hand employees, and their endpoints, need to be secure. But on the other hand, many employees require a free and flexible operating environment.
A few weeks ago, I was having a conversation about how teams successfully scale. One of the approaches I’m a strong proponent of is principles. Principles are a guiding light that describe what’s important to you and crucially, help you make decisions.
There is no exact method laid out before you, you have a ton of work ahead to make this work and even when you do figure it all out; you then need to get people to listen to you; to buy in to your vision and to invest in it to bring it to fruition and make it a true success.
The National Cyber Security Centre (NCSC) this week marked its first year of operation by revealing a snapshot of its findings from the past 12 months.
The U.S. Securities and Exchange Commission (SEC) has revealed that it’s fallen victim to a hack. In its recent “Statement on Cybersecurity, published by its Chairman, Jay Clayton, it was revealed that its controversial Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system had been compromised last year and "may have provided the basis for illicit gain through trading".
One of England’s biggest police forces has revealed that more than one in five of its computers runs on Windows XP.
The popular PC cleanup tool, CCleaner has been hijacked by hackers in the latest widespread malware attack. The hack, identified by security researchers at Cisco Talos, found that anyone who downloaded or updated the CCleaner app between mid-August to mid-September also potentially downloaded malware without realising.
The credit monitoring company Equifax has revealed a breach exposed the personal details of up to 143 million Americans.
CeX, the second-hand electronics, and video games retailer has reportedly had the details of two million customers compromised by hackers. The information stolen included names, addresses, email addresses and some phone numbers, as well as a small number of encrypted credit card details.
So many times, I have seen security become an afterthought, rather than being an integral part of a design from the outset. Good security design is not always visible and therefore often not very well understood by the c-suite, who pile on the pressure to release systems or improve user freedom.
Last November I attended Pulse Europe: The EMEA Customer Success Conference. I was actually a speaker at the event, but I’ll save a wrap up of my topic “Code Red why your at risk meetings aren’t resulting in an epic save” for another blog.
As an industry, people who develop software and online services have taken great leaps over recent years in developing attractive, usable products. But there can still be a reluctance to test things early and often with users – especially if you’re developing for internal or enterprise users.
Last week marked the 50th anniversary of the ATM, a device that changed the face of personal monetary transactions forever. According to the ATM Industry Association (ATMIA) there are now close to three million of them worldwide, with over 70,000 in the UK alone where it all began. On 27th June 1967, the world's first "hole in the wall" was revealed at Barclays Bank in Enfield, London. Celebratio...
On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection and propagation method is new, leading to it being referred to as NotPetya. Due to the sudden and significant impact of the attack, it was immed...
Firms across the globe have been hit by a variant of the Petya or Petwrap strain of ransomware impacting Windows servers, PCs, and laptops. Initial reports suggest this latest attack struck The Ukraine initially but it has quickly spread to many other countries including Russia, Spain, France, the UK, The Netherlands, and the US. Currently the attackers are asking for $300 worth of Bitcoins to ret...
Many, if not all organizations that I work with have been on a PAM journey of some description – some successful, some not so much, but all have had considerable investment along the way. In this blog, I want to explore the value-add of PAM, its principles, and ultimately the security posture delivered by the approach.
In part 1, I discussed the importance of understanding your company’s culture when embarking on a security project as this can be the key to success or failure. In this blog, I’ll take a closer look at the five key areas you should pay particular attention to.
In this blog post, I want to share some of my experiences on how company culture can kill a security project, especially when removing admin rights.