Guest Post, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Guest Post

VIRTUAL EVENT: Step into the Future of Cybersecurity at Tessian’s Human Layer Security Summit

960 640 Guest Post

The threats of the future are here, AI is now being used to construct more convincing phishing attacks than ever before. Singapore GovTech will explain exactly what this means for the future of phishing in one of Tessian’s game changing sessions at the action packed Human Layer Security Summit.

Join other security leaders as Tessian’s expertly curated panel discusses the challenges our threat landscape faces both now and in the near future and how to counter them.

Some other sessions already on Tessian’s exhilarating agenda are:

  • Fighting Phishing: Everything We Learned From Analyzing 2 Million Malicious Emails
  • DLP Has Failed The Enterprise. What Now?
  • How to Build A High-Impact Security Culture For ‘Oh Sh*t’ Moments

Save your spot today if you’re worried about surging spear phishing attacks, out-dated DLP solutions or archaic security defences.

Cutting through the noise

960 640 Guest Post

By Rapid7

Imagine this, your connected devices at home and office go rogue. The car drives you somewhere else instead of home, the office devices leak intellectual property and employee data, the home appliances reveal information about those at home. The thought of this happening would probably send shivers down your spine. Though it’s only an imaginary scenario, the probability of it happening is not impossible as threat actors become increasingly sophisticated.

In other words, with digital transformation, the attack surface has increased exponentially. Take the past year for instance. According to a report by Check Point Research, cyberattacks on the education sector have increased by more than 30% globally, with Australia being one of the top five countries to face the attacks. What led to this spike? Remote learning and virtual classes.

With today’s threat landscape, it’s imperative for security teams to have early, contextualised threat detection across their internal and external environment. Contextualised threat is the investigation and analysis of security alerts as they are generated.

Collecting vast amounts of remote data and making sense of it to identify true threats to your businesses is complex and time-consuming. You need more context about threats—across your internal or external attack surface—and the ability to drive proactive and automated threat mitigation.

Our IntSights solution combines external threat intelligence with community-infused threat intelligence to improve the signal-to-noise ratio and free up time to focus for security teams already stretched too thinly. With more intelligence on the internal and external threat landscape, we can offer more context and treat more threats with Emergent Threat Response. We can add and enhance capabilities across your portfolio to help you solve the security concerns challenging your organisation, as well as take a proactive approach to defend against the security concerns of tomorrow.

Find out more about how our Rapid7 Insight Platform can bring the internal and external threat landscape under your control.

WEBINAR: Top 5 reasons why you need an access management solution

960 640 Guest Post

By Tenfold Security

Do you know WHO in your organization has access to WHAT systems and data? If you don’t know the answer, chances are you haven’t yet employed an IAM solution. And that means your company is at high risk for data theft.

You might be struggling to invest the administrative efforts required to manage access rights, both in terms of time and resources. And perhaps you’re finding it difficult to adhere to compliance regulations.

What you need in order to solve these problems is an “Identity & Access Management Solution”. IAM software enables you to manage IT users and access rights for different systems from within one central platform.

In this webinar, we will cover the Top 5 Reasons why you should get an IAM solution. We will outline how IAM can protect your business against data abuse and theft and how it can help you stay on top of compliance provisions.

Click Here To Register

The future of cybersecurity is autonomous

960 640 Guest Post

Censornet’s Autonomous Integrated Cloud Security gives mid-market organisations the confidence and control of Enterprise-Grade cyber protection. Our platform integrates attack intelligence across email, web, and cloud to ensure our clients’ cyber defences react at lightning speed, day and night.

The Censornet platform is simple and effective, not costly and complex. For our millions of users globally, it’s smarter, faster, and safer than is humanly possible.  All our services are supported by an award-winning team of customer support specialists. We continuously verify and assess the risk of every person and every device. No exceptions.

Censornet was among the first British companies to offer email security, web security, cloud application security and multi-factor authentication solutions in one integrated cloud-based service. Individually, they are all best-in-class. Integrated into one platform, they act immediately to best protect your organisation from cyber-attacks.

The Censornet autonomous, integrated security platform represents a transformational advance in cyber protection. It provides 24/7 cyber security, with individual engines that automatically react and interact at machine speed to stop attacks before they enter the kill chain.

Censornet’s platform was born in the cloud. It’s built to tackle the threats of today and tomorrow, assessing the risk of every person and device continuously. Just set your rules (or plug and play) and Censornet will do the rest, automatically responding to spam, phishing, malware and ransomware attacks.

Our cloud security platform works around the clock, 365 days a year, offering businesses they confidence and control they need to thrive in a forbidding threat landscape. More than 1,500 organisations and millions of users trust our cloud security platform to automatically protect them from cyber-attack.

Censornet won Cloud Security Product of the Year (SME) at the Computing Cloud Excellence Awards 2021. We were also finalist in the ‘Best SME Security Solution’ category at the 2021 SC Awards Europe.

Visit the Censornet website to find out more about our game-changing Autonomous Integrated Cloud Security platform.

How to mitigate non-malicious insider risk (and why employee awareness is key)

960 640 Guest Post

‘Your people are your most important asset’ is a well-worn phrase. However, in the wrong environment, employees can also present a substantial cyber-threat to organizations, and evidence suggests this problem keeps on growing: there’s been a 47% rise in the frequency of incidents involving insider threats between 2018 and 2020, with over half (62%) of these incidents being non-malicious.

In this articleInfosecurity Magazine looks at what organizations can do to mitigate the rise of insider threat incidents, and the central role employee security awareness campaigns plays in guarding against this issue.

Read More…

Cloud Access Security Broker (CASB) was once thought of as a ‘nice to have’. Today, it is essential

960 640 Guest Post

A CASB is a Cloud Application Security solution which protects a modern mobile workforce by analysing, managing and protecting user interactions with cloud apps. It offers organisations the ability to control how their data is shared to the cloud and prevent the use of unauthorised or potentially dangerous applications.

Censornet Cloud Application Security (or CASB) is part of our autonomous integrated security platform which sits in the cloud and also includes Email and Web security as well as adaptive Multi-Factor Authentication (MFA).

Cloud Application Security offers visibility of all sanctioned and unsanctioned cloud app use across a business. It enables IT teams to go beyond an “allow” or “block” position with cloud services. The solution also ensures compliance by providing a comprehensive audit trail of user activity for internal and external auditors.

The Censornet Platform

The Censornet Cloud Application Security solution lets you set rules which will protect the entire organisation around the clock. It allows visibility of the applications that are being used, blocking access to actions or features within these apps.

Businesses that use Cloud Application Security on our platform, gain the ability to discover, analyse, secure and manage cloud activity across multiple networks and devices, whether users are on the corporate network or working remotely.

Censornet Cloud Application Security offers flexible deployment via agents, gateways, or both, with centralised policy management to protect office and mobile users. It benefits from access to automated updates which draw on a catalogue of hundreds of business applications and thousands of actions. And if you’ve already got Web Security, CASB can be enabled with one click.

Explore Censornet’s Autonomous Integrated Cloud Security Platform.

UK CISOs driving blindfolded | 75% say they’re at greater risk of cybersecurity attacks | 77% admit they’ve experienced an incident in the last 12 months

960 640 Guest Post

BlueFort Security’s independent research of 600 CISOs & 2k office workers will be discussed at a FREE event for UK Cybersecurity Experts

Join us at BlueFort.Live – an event for and about UK CISOs

3:30pm BST | 15th October 2021

Book Your Place

The research will be discussed in our hybrid event – a 1-hour Fireside Chat for and about UK CISOs.

Watch Dean Armstrong, QC, a leading authority on cybercrime, address the attack on data, strategies to fight ransomware and a guide to win the respect of the board.

Come join us at our FREE online event, hosted by award-winning security expert, Graham Cluley, to hear a select panel of CISOs sharing their experiences in the cybersecurity trenches.

Hard-hitting topics will be debated, based on the independent research, including:

  • Cybersecurity is the frontline defence in the world war attack on data
  • Don’t be the scapegoat – a guide for CISO / CIO / I&Os to win the respect of The Board
  • Ransomware will be a $20bn ‘industry’ by the end of 2021 – strategies to fight back and keep winning

Book your free place today and be part of the conversation.

https://www.bluefort.live/

How can businesses maintain IT security in a hybrid working model?

960 640 Guest Post

By Claire Price of QMS International, one of the UK’s leading ISO certification bodies

Businesses now have the green light to go back to work, but your organisation may not be returning to its old working practices. So, if a hybrid model is being adopted, what can you do to ensure that information stays secure?

The introduction of more widespread homeworking has certainly piled on the pressure for businesses’ IT security.

At the beginning of 2021, QMS International carried out a survey of businesses about their cyber security and 75.7% of the respondents reported that they now felt more open to attack. Another 10% reported that they had no confidence in fending one off.

And businesses have a right to be worried. According to analysis of reports made to the UK’s Information Commissioners Office (ICO) by CybSafe, the number of ransomware incidents in the first half of 2021 doubled compared to the number reported in the first half of 2020.

Malicious emails have also been redirected to attack those working from home. Data supplied by Darktrace to The Guardian revealed that the proportion of attacks targeting home workers rose from 12% of malicious email traffic before the first lockdown in March 2020 to more than 60% six weeks later. With homeworking becoming more of a permanent fixture in business models, this trend is likely to continue.

While hybrid working offers your team the best of both worlds when it comes to office and home working, it also leaves your business open to the unique risks associated with both, with the added bonus of those linked to transport and travel.

But this doesn’t mean you have to abandon this new way of working. With the right processes in place, you can ensure your information stays secure, no matter where your staff are based.

Carry out a risk assessment

First things first – you must carry out a risk assessment.

Knowing the precise risks your business faces is key to developing methods of removing or mitigating them, but assessments like this are often overlooked. In fact, QMS’ cyber report found that 30% of respondents admitted that no new information security risk assessments had been carried out, despite changes to working practices.

Discover the risks, analyse their likelihood, and then decide if and how they can be controlled. This will give you the grounding you need to build your wider hybrid IT strategy.

Train and test your team

With cyber-attacks on the rise and remote workers being more vulnerable, it’s crucial that your hybrid team know what to look for and, just as crucially, how to report anything suspicious. The best way to do this is through training, which can now be carried out very effectively via e-learning.

This training should cover common cyber-attacks – such as phishing emails – how to spot them, the fundamentals of social engineering, and how to report suspicious activity. Ideally, this training should be refreshed regularly as new cyber threats emerge. You may also like to include training on the safe use of video calls and how to ensure video cameras are switched off when not in use.

To ensure your team have absorbed what they’ve learnt, carry out penetration testing. This involves crafting fake phishing emails and sending them out to your employees. What they do will give you an idea of whether your training has been effective.

Address access

When your hybrid team aren’t in the workplace, they will need to access servers and files remotely. This will often be via a VPN (Virtual Private Network), so you need to ensure that this is as secure as possible.

Remote workers will also be relying on their home Wi-Fi, but this may not be as secure as the Wi-Fi in your office. Your team should therefore be encouraged to create strong passwords – not the default ones on the base of the router.

Workers need to be cautioned against the use of free Wi-Fi hotspots too. It’s possible that your workers may want to use it to work on the train, for example, or in a coffee shop. However, public Wi-Fi is notoriously unsecure, and your workers should be cautioned against using it.

Think about physical protection

If your workers are going to be travelling between locations, then they are going to have to carry equipment such as laptops, phones and removable media with them. If something is lost or stolen, your business information could be compromised. Indeed, IBM’s Cost of a Data Breach report revealed that around 10% of malicious breaches are due to a physical security compromise.

A solid back-up protocol is key to ensuring that any lost information can be recovered. A robust password and access process are also musts – you may want to think about two-factor authentication to make logging in more secure. Make sure you also have a protocol in place so that if your team do report something as lost or stolen, you can act quickly.

When working remotely, you need to ensure that your staff keep their physical devices safe too. Equipment should be kept out of sight when not in use and papers stored away. If your workers are printing content, you may also need a safe disposal or destruction policy in place.

To prevent prying eyes seeing something they shouldn’t, workers should lock their screens when away from their workspace, whether they’re in the office or at home. And if any of your team do want to work while in public, they should be cautioned about the kind of work they perform – who knows who’s sitting next to you?

Create a culture of security

If you really want to take information security to the next level, you may want to consider a more wide-reaching measure such as ISO 27001.

ISO 27001 is the international Standard for information security management, and it is designed to help organisations integrate information security into every aspect of business.

Its 114 controls tackle every angle of security, including physical, legal, digital and human, bringing them together to enable you to maintain compliance and showcase to employees, customers and stakeholders that you have the processes in place to protect information from theft and corruption.

Going forward, it could give you the framework you need to adapt your practices to suit your new hybrid working model and any changes in the future.

How much does penetration testing cost?

960 640 Guest Post

By Redscan

Making sense of pen test pricing

Commissioning a penetration test is an important step in helping to enhance your organisation’s cyber security resilience. Pen testing costs vary from a few thousand to several thousand more, so it’s essential to ensure that the pen testing you select enables you to achieve the best security outcomes from your budget.

Every organisation has its own testing requirements and penetration testing pricing varies according to the type of test performed as well as its overall objectives and duration. Penetration testing costs ultimately depend on the issues and requirements identified during the initial scoping phase.

The importance of pen test scoping

Most penetration testing companies charge for pen testing on the basis of a day rate. As a result, it’s important that scoping stage of an assessment is conducted effectively to ensure that a quotation is as accurate as possible and that you don’t end up paying extra for unwanted elements.

At Redscan, we focus on ensuring that our clients gain the maximum value from their investment in a pen test. The scoping process allows us to identify the type of assessment best suited to your needs. It is the point when we work with you to define the full remit and goals of the pen test, including itemising the systems, assets and applications to be assessed.

Factors that affect pen testing costs

The number of days required to perform a pen test depends on factors including:

  • Type of test
  • Automated vs manual testing
  • Testing methodology
  • Remote or on-site testing
  • Experience of tester
  • When the test is conducted
  • Level of reporting
  • If retesting is included

Maximising the value of pen testing

Pen test pricing can vary significantly, but identifying the right provider to help accurately scope requirements makes assessing pen test quotations much more straightforward. As a CREST-certified company, Redscan performs testing to the highest technical, legal and ethical standards.

To learn more about how to achieve the best outcomes from penetration testing read the full article here.

Varonis Systems

WEBINAR: Keeping critical national infrastructure secure

960 640 Guest Post

Cyber-attacks are now arguably the biggest threat to the UK’s national infrastructure. In recent months we have seen ransomware on food production and fuel transportation wreak havoc in the United States. So how are we keeping the UK safe?

Join Varonis Field CTO, Brian Vecci, as we host a panel session with senior experts from Sellafield Ltd, Royal BAM, The National Cyber Security Centre and more on Friday 10th September at 2pm.

We will discuss the threat landscape, responding to breaches and how to implement controls and provide visibility across expansive and complex IT estates.

Our panelists and IT experts will also dive into;

  • Real life war stories of APT attacks and more
  • The actual cost of a breach and how to recover
  • Understanding and implementing NIS directives
  • Common entry points for attackers
  • Supply chain attacks

Register here for your exclusive Zoom invite link to the session.