3rd row Archives - Cyber Secure Forum | Forum Events Ltd

3rd row

CALL FOR SPEAKERS! We are searching for dynamic thought leaders to deliver insight at the Cyber Secure Forum

 960 640 Stuart O'Brien
By:
0
0

If you’re a cybersecurity professional and would like to share your knowledge, case studies and best practice with peers, then please get in touch – we have speaking opportunities upcoming at the Cyber Secure Forum.

This long-running and unique, invite-only event is attended by senior IT security professionals and leading suppliers, offering a great environment for networking and knowledge sharing within specialist seminar sessions.

The Cyber Secure Forum takes place on June 25th at the Hilton London Canary Wharf.

So, if you would like to deliver a talk sharing your experiences and knowledge with delegates, please contact Natasha Cobbold at n.cobbold@forumevents.co.uk or visit https://forumevents.co.uk/speaker-opportunities.

Questions raised as to whether US government agencies can implement zero trust policies in short-term

 960 640 Stuart O'Brien
By:
0
0

75% of U.S. federal agencies will fail to implement zero trust security policies by 2026 due to funding and expertise shortfalls.

That’s according to Gartner, which defines zero trust as a security paradigm that starts from the baseline of trusting no end user, and explicitly identifies users and grants them the precise level of access necessary to accomplish their task.

Zero trust is not a specific technology, product or service. Instead, it is a set of security design principles that contrasts with the traditional perimeter-based security approach.

“With the September 2024 deadline for specific zero trust requirements for U.S. federal agenciesbeing established, requirements are broad for all agencies,” said Mike Brown, Vice President Analyst at Gartner. “However, consistent with other compliance deadlines, agencies will struggle to meet these goals. Given the typical delays for Congressional passage of the federal budget, funds will likely not be available for the zero trust initiative until the second quarter of fiscal 2024, allowing only a partial year to achieve goals.”

Although zero trust achievements, or lack thereof, may be captured in audits, public reporting on specific details of zero trust progress may be limited or obfuscated. This is to avoid identifying weaker aspects of government cybersecurity for the benefit of malicious actors.

“One of the main impediments for government agencies in their zero trust journey is a cybersecurity skills shortage,” said Brown.” Government agencies are challenged to compete with the private sector for staff with necessary skills. To address these talent shortages, agencies should be working simultaneously with service contracts, to reskill existing staff and to recruit new staff.”

Failure to meet policy deadlines will continue to leave federal agencies exposed to risks that could be mitigated.

“This could lead to the interruption of vital government services or the compromise of sensitive information, both of which would have a significant fiscal impact on resolving what could be prevented,” said Brown. “Security breaches will occur as even the best cybersecurityimplementations are not immune. Still, those agencies and their CIOs who fail to fully and promptly adopt zero trust measures will be subject to the most negative scrutiny. A breach often catalyzes the focus and investment in mitigation, which is a predictable need.”

Learn how to implement zero trust security in the public sector in the complimentary Gartner Zero Trust Toolkit.

Photo by Jonathan Simcoe on Unsplash

PHISHING DETECTION MONTH: Casting a wider net in the fight against cybercrime

 960 640 Stuart O'Brien
By:
0
0

Phishing attacks remain a major cyber threat for organisations in the UK’s public and private sectors. These often sophisticated scams can cause significant financial losses, data breaches, and reputational harm. Fortunately, advancements in phishing detection solutions are empowering CIOs to stay ahead of cybercriminals. Let’s explore the key recent and future trends in this critical area, based on input from attendees at the Cyber Secure Forum…

Recent Trends:

  • Machine Learning (ML) and AI-powered Threat Detection: Advanced analytics powered by ML and AI are revolutionizing phishing detection. These systems can analyze emails in real-time, identifying suspicious language patterns, URL anomalies, and impersonation attempts that traditional filters might miss.
  • Email Spoofing Detection: Phishing emails often spoof legitimate sender addresses. Advanced detection solutions can analyse email headers, sender domain names, and other technical indicators to identify spoofing attempts.
  • Integration with Security Awareness Training: Phishing detection works best when complemented by effective security awareness training for staff. Modern solutions can integrate training modules to educate employees on recognizing phishing tactics and reporting suspicious emails.
  • Focus on User Behaviour Analysis: Emerging solutions can analyze user behaviour patterns. Deviations from normal behaviour, such as clicking unusual links or opening suspicious attachments, can indicate a potential phishing attempt.

Future Trends:

  • Simulating Phishing Attacks (Phishing Simulations): Simulations allow organizations to proactively test their employees’ ability to identify phishing emails. These simulations create a realistic learning environment and reinforce best practices.
  • AI-powered Content Analysis: AI can go beyond analysing text and can now analyze images and attachments within emails. This allows for detection of sophisticated phishing attempts that use malicious code or embedded threats.
  • Focus on Dark Web Monitoring: Cybercriminals often sell stolen credentials or information on the dark web. Phishing detection solutions can monitor the dark web for mentions of the organization or its employees, enabling proactive mitigation strategies.
  • Decentralized Email Security: As email security protocols evolve, phishing attempts might shift to decentralized communication platforms. Phishing detection solutions will need to adapt to address threats across a wider range of communication channels.
  • Behavioural Biometrics for Email Verification: Emerging technologies might analyze a user’s typing style, mouse movement patterns, or other behavioural factors during the login process. Deviations from normal behaviour could indicate a compromised account potentially being used for phishing attacks.

Benefits for Organisations:

Implementing these trends offers several benefits for UK organisations:

  • Reduced Phishing Attacks: Effective phishing detection solutions can significantly reduce the number of successful phishing attempts, protecting sensitive data and financial resources.
  • Enhanced Security Posture: A robust phishing detection system contributes to a stronger overall security posture, reducing the risk of cyberattacks.
  • Improved Staff Awareness: Integration with security awareness training empowers employees to identify and report phishing attempts, creating a more vigilant workforce.
  • Reduced Downtime and Recovery Costs: By preventing successful phishing attacks, organizations can minimize security incidents, downtime, and associated recovery costs.
  • Improved Compliance: Strong phishing detection demonstrates a commitment to cybersecurity, which can be beneficial for compliance with industry regulations or data protection laws.

Phishing attacks are constantly evolving, but CIOs have an array of powerful tools at their disposal. By embracing these trends in phishing detection solutions, organizations can create a more secure digital environment for employees, data, and critical infrastructure. This translates to a more resilient and cyber-aware workforce, better equipped to defend against sophisticated phishing threats.

Are you looking for Phishing Detection solutions for your organisation? The Cyber Secure Forum can help!