All Archives - Security IT Summit | Forum Events Ltd


Do you specialise in Network Security Management? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in December we’re focussing on Network Security Management solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Network Security Management solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on

Here’s our full features list:

Dec – Network Security Management
Jan 2024 – Anti Virus
Feb 2024 – Access Control
Mar 2024 – Intrusion Detection & Prevention
Apr 2024 – Phishing Detection
May 2024 – Advanced Threat Dashboard
Jun 2024 – Browser/Web Security
July 2024 – Authentication
Aug 2024 – Penetration Testing
Sep 2024 – Vulnerability Management
Oct 2024 – Employee Security Awareness
Nov 2024 – Malware

Nearly half of EMEA CIOs are shifting to co-owning digital leadership with their CxO peers

960 640 Stuart O'Brien
Forty-six per cent of CIOs in Europe, the Middle East and Africa (EMEA) are partnering with their CxO peers to bring IT and business area staff together to co-own digital delivery on an enterprise-wide scale.

That’s according to Gartner’s annual global survey of CIOs and technology executives, which has found that CIO’s relationship with their CxO peers is ‘reaching a different level’.

Daniel Sanchez-Reina, VP Analyst at Gartner, said: “CIOs who co-own efforts with their CxO peers to place the design, management and delivery of digital capabilities with teams closest to the point where value is created, are most effective at maximising digital investments.”

In this CIO-CxO co-ownership, also called democratization of digital delivery, the CIO acts as a franchiser of technology within their organization.

Gartner analysts presented the survey findings during Gartner IT Symposium/Xpo, taking place here through Thursday. The 2024 Gartner CIO and Technology Executive Survey gathered data from 2,457 CIO respondents in 84 countries and all major industries, representing approximately $12.5 trillion in revenue/public-sector budgets and $163 billion in IT spending. In EMEA, 917 CIOs participated in the survey, representing nearly $3.9 trillion in revenue and $66 billion in IT spending.

“Consciously or unconsciously, CIOs have already been laying the foundation for democratized digital delivery with technologies such as low-code platforms,” said Sanchez-Reina. In EMEA, 66% of CIOs said they have deployed or plan to deploy low-code platforms in the next 24 months. Artificial intelligence (AI), which 72% of EMEA CIOs say will be a game-changing technology in the next three years (29% for generative AI), will also rapidly advance the democratization of digital delivery beyond the IT function.

The survey revealed that CIOs’ top areas for investment in 2024 include cybersecurity, data analytics and AI (see Figure 1).

Figure 1. EMEA CIOs’ Expected Change in Technology Investments in 2024

Source: Gartner (November 2023)

CIOs who franchise IT ‘by design’, which is through co-leading, co-delivering and co-governing digital initiatives with their CxO peers, perform significantly better at general IT management activities, such as executive leadership development and digital business strategy.

“Franchiser CIOs are breaking down the barriers of IT, allowing other business units to produce IT beyond using it,” said Sanchez-Reina. “Those business units participate in the IT delivery responsibility and are accountable for the success of their own IT applications and systems they produce. Such participation in technology production goes from managing to implementing and building technology initiatives.

“This shows that the distinction between what is “IT” and what is “business” is becoming virtually impossible.”

There is no one pattern for franchised digital delivery. Several factors such as the enterprise culture and CEO sponsorship will influence the design and inner workings of the franchise model and the ways in which CIOs and their CxO peers engage. Above all, the CIO must coach their business partners on the journey, offering advice and frameworks, and brokering the internal and external connections they need to successfully co-own digital delivery.

“The payoff of modeling CxO-CIO partnerships for digital delivery on a franchise model is substantial,” said Sanchez-Reina. “CxOs who embrace this franchise model are twice as likely to meet or exceed expectations from digital investments, compared with those who don’t embrace it.”

Photo by ThisisEngineering RAEng on Unsplash

MALWARE MONTH: Emerging malware trends and how the UK’s CISOs are having to adapt

960 640 Stuart O'Brien

The cybersecurity landscape is being shaped by sophisticated and evolving malware threats on a weekly and even daily basis. Chief Information Security Officers (CISOs) are on the front lines, adapting to these emerging challenges with innovative approaches to protect corporate assets.

One of the most concerning trends is the rise of ransomware-as-a-service (RaaS), allowing even low-skilled cybercriminals to launch devastating attacks. For instance, the 2021 attack on the NHS systems highlighted vulnerabilities in public sector security and showcased the crippling effect of ransomware. CISOs must now consider the possibility of insider threats or inadvertent aid from employees to such external attackers.

The emergence of polymorphic and metamorphic malware, which can alter its code to evade detection, has demanded more dynamic and proactive detection mechanisms. Traditional signature-based defenses are no longer sufficient. CISOs are pivoting towards deploying advanced heuristics, behavior analytics, and machine learning algorithms that can anticipate and neutralize threats before they crystallize into attacks.

Additionally, the proliferation of IoT devices has expanded the attack surface dramatically. The 2020 breach of a UK-based energy provider through an IoT device served as a wake-up call. It has prompted CISOs to enforce stringent security protocols and integrate IoT device management into their overall security framework.

The trend of remote work, accelerated by the COVID-19 pandemic, has also introduced novel vulnerabilities. Cybersecurity hygiene for remote employees has become a top concern, with CISOs having to extend corporate security measures to home networks and personal devices through virtual private networks (VPNs), endpoint protection, and zero-trust models.

State-sponsored malware, targeting critical national infrastructure, has added a geopolitical dimension to the CISO’s role. The UK’s National Cyber Security Centre (NCSC) has flagged several such threats, necessitating public-private partnerships for shared intelligence and coordinated responses to these sophisticated threats.

In response to these challenges, CISOs are focusing on creating a robust cybersecurity culture within their organisations. This involves regular training and drills, phishing simulations, and promoting awareness about the latest malware trends among all employees. Emphasising the human factor is crucial, as a single lapse can lead to significant breaches.

CISOs are also adopting integrated security platforms that offer a unified view of the organisation’s security posture. By leveraging Security Information and Event Management (SIEM) systems, they can correlate data from various sources to identify potential threats quickly. Furthermore, advanced threat hunting teams are being employed to proactively scour networks for signs of compromise.

As malware continues to evolve, so must the strategies of CISOs. The modern CISO must not only be a technical expert but also a savvy business leader who can articulate the risks and required investments to stakeholders. They must ensure that cybersecurity is not seen as just an IT issue but as a pivotal part of the organisation’s overall risk management strategy. Through collaboration, innovation, and a relentless focus on education and culture, UK CISOs are reshaping their organisations to withstand the threats of tomorrow.

Are you searching for Anti-Malware solutions for your company or organisation? The Security IT Summit can help!

Photo by Ed Hardie on Unsplash

SAVE THE DATE: Security IT Summit – June 2024

960 640 Stuart O'Brien
Couldn’t join us at this week’s Security IT Summit? The next event will take place in London next June – both live and virtual attendance options will be available!

25th June 2023 – Hilton London Canary Wharf – Booking form (flexible attendance options)

Benefits of attending include: 
  • Receive a bespoke itinerary of relaxed, 1-2-1 meetings with innovative and budget savings suppliers who you would like to meet and those who match your requirements.
  • Access to a series of live seminar sessions led by industry thought-leaders
  • Lunch & refreshments throughout
  • Unparalleled networking with like-minded peers, who share your challenges
Register today!

210 million industrial endpoints will be secured by 2028

960 640 Stuart O'Brien

A new study by Juniper Research has found that there will be growth of 107% over the next five years in the number of industrial endpoints featuring cybersecurity protection.

The research identified the rise of interconnected processes within the Industry 4.0 revolution as increasingly exposing critical industrial infrastructure to external threats; requiring wholesale changes in how industrial stakeholders secure their operations.

The research found that industrial endpoint cybersecurity spend will reach $7.8 billion by 2028; rising from $3.8 billion in 2023. This rapid growth of 105% demonstrates how quickly the market is evolving, and how industrial endpoint cybersecurity is rapidly becoming a priority for cybersecurity vendors.

Research co-author Nick Maynard commented: “As more processes become connectivity enabled, the threat environment within industrial settings is exponentially increasing. Cybersecurity vendors must partner with key industrial IoT vendors to better secure this problematic area.”

With the research forecasting 21% of industrial endpoints to be protected by endpoint cybersecurity services by 2028, this is ultimately a very low proportion of total industrial endpoints. As such, industrial stakeholders must move much faster to secure their critical operations, or they will face spiralling threats from nefarious actors.

Boosting visibility in the industrial supply chain and optimising cloud security for critical operations will be vital to ensuring greater protection levels.

Photo by Sigmund on Unsplash

The Evolution of Employee Cybersecurity Awareness: A tale of of adaptation and education

960 640 Stuart O'Brien

In the past decade, the digital landscape has grown exponentially, bringing with it a complex web of cybersecurity threats. Amidst this ever-changing terrain, businesses have had to rapidly adapt, realising that technical safeguards alone aren’t sufficient. An informed and vigilant workforce has emerged as the first line of defence against cyber threats. Here we explore how approaches to employee cybersecurity awareness have evolved over the last ten years, reflecting the pressing need for proactive education and behavioural change, informed by input from delegates and suppliers at the Security IT Summit…

  1. From IT Responsibility to Collective Accountability: Earlier, cybersecurity was largely seen as the domain of IT departments. Fast forward to today, and it’s understood as a collective responsibility. Recognising that human error is a leading cause of breaches, companies have transitioned from sporadic IT-led training to comprehensive, organisation-wide awareness programs.
  2. Interactive Training Platforms: The didactic, one-way training modules of the past have given way to interactive platforms. Gamified learning experiences, real-time hacking simulations, and scenario-based challenges are now commonplace. These hands-on training methods ensure that employees don’t just understand threats intellectually but can also recognise and respond to them in real-time.
  3. Focus on Social Engineering: While earlier training might have concentrated on passwords and malware, today’s training recognises the sophistication of social engineering attacks. Employees are now taught about phishing, pretexting, tailgating, and baiting, ensuring they’re prepared for the diverse tactics employed by modern cybercriminals.
  4. Continuous Learning and Micro-Training: Given the rapid evolution of threats, one-off training sessions are no longer deemed adequate. Periodic refreshers, bite-sized learning modules delivered through apps, and regular email updates keep cybersecurity top-of-mind for employees year-round.
  5. Cultural Shift Towards Open Reporting: Historically, employees might have hesitated to report their mistakes for fear of repercussions. Modern cybersecurity awareness strategies emphasise a no-blame culture. Employees are encouraged to come forward with potential threats or errors, ensuring timely mitigation without penalisation.
  6. Integration of AI and Data Analytics: Advanced analytics now help tailor training to an individual’s needs. By monitoring employee behaviour, AI-driven platforms can identify weak spots and deliver customised training content, ensuring that learning is relevant and targeted.
  7. Metrics and Accountability: As cybersecurity awareness has become central to business strategy, measuring its effectiveness has grown in importance. Regular assessments, feedback loops, and key performance indicators ensure that training remains effective and evolves with the threat landscape.
  8. Emphasis on Personal Cyber Hygiene: With the blurring lines between professional and personal digital spaces, especially with remote work, there’s an increased emphasis on personal cyber hygiene. Employees are educated not just about safeguarding company data but also about protecting their personal information, understanding that a breach in one area can impact the other.

The last decade has seen a fundamental shift in how businesses approach employee cybersecurity awareness. Moving from reactive measures to a proactive, inclusive, and continuous learning approach, companies now recognise that in the digital age, an informed employee is the best defence against the ever-present cyber threats.

Are you looking to boost IT security awareness in your business? The Security IT Summit can help!

Photo by Israel Andrade on Unsplash

Do you specialise in Malware prevention solutions? We want to hear from you!

960 640 Stuart O'Brien

Each month on IT Security Briefing we’re shining the spotlight on a different part of the cyber security market – and in November we’re focussing on anti-Malware solutions.

It’s all part of our ‘Recommended’ editorial feature, designed to help IT security buyers find the best products and services available today.

So, if you’re a Malware solutions specialist and would like to be included as part of this exciting new shop window, we’d love to hear from you – for more info, contact Jenny Lane on

Here’s our full features list:

Nov – Malware
Dec – Network Security Management
Jan 2024 – Anti Virus
Feb 2024 – Access Control
Mar 2024 – Intrusion Detection & Prevention
Apr 2024 – Phishing Detection
May 2024 – Advanced Threat Dashboard
Jun 2024 – Browser/Web Security
July 2024 – Authentication
Aug 2024 – Penetration Testing
Sep 2024 – Vulnerability Management
Oct 2024 – Employee Security Awareness

How to boost employee cybersecurity awareness

960 640 Stuart O'Brien

In today’s digital-first landscape, the human element remains one of the most significant vulnerabilities in any organisation’s cybersecurity posture. For IT and cybersecurity professionals in the UK, fostering a culture of cybersecurity awareness among employees is crucial. However, finding the right partners and solutions to facilitate this is equally paramount. Here are the key considerations, based on input from Security IT Summit delegates and suppliers, for ensuring effective employee cybersecurity training and awareness…

  1. Comprehensive Content:
    • Relevance: Training content should be relevant to the organisation’s specific threats and industry sector.
    • Up-to-date Material: The cyber landscape evolves rapidly; training materials should reflect the most recent threat intelligence.
  2. Engaging Delivery Methods:
    • Interactive Modules: Interactive e-learning platforms can boost engagement and retention.
    • Real-life Scenarios: Simulated phishing campaigns or breach scenarios allow employees to practice their response in a controlled environment.
  3. Continuous Learning:
    • Regular Updates: Cyber threats change continuously; regular training refreshers are vital.
    • Newsletters and Bulletins: Monthly or weekly cyber updates can keep security top-of-mind for employees.
  4. Assessment and Feedback:
    • Knowledge Checks: Quizzes or tests can gauge employee understanding and highlight areas that need further training.
    • Feedback Mechanisms: Ensure employees have a platform to provide feedback or ask questions about the training.
  5. Scalability and Customisation:
    • Adaptable Solutions: The chosen training solution should be scalable to accommodate organisation growth.
    • Tailored Training: Content should be customisable to address the unique risks and policies of the organisation.
  6. Certifications and Compliance:
    • Industry Standards: Training programs should align with recognised industry standards and best practices.
    • Record Keeping: For compliance purposes, ensure the solution provides detailed records of employee training and completion.
  7. Engagement and Culture:
    • Gamification: Incorporating game elements can make training more engaging and competitive.
    • Leadership Buy-in: Executive endorsement can drive a culture where cybersecurity is everyone’s responsibility.
  8. Partner Reputation and Expertise:
    • Track Record: Consider partners with a proven track record in delivering effective cybersecurity awareness training.
    • Continuous Development: Partners should invest in updating and improving their training solutions regularly.
  9. Integration Capabilities:
    • Learning Management System (LMS) Integration: Ensure the training platform can integrate with existing LMS or HR systems for streamlined management.
    • Multi-device Accessibility: Training should be accessible across various devices, including mobiles and tablets, catering to a modern workforce.
  10. Budget and Return on Investment (ROI):
  • Cost Analysis: While budget is a factor, it’s vital to weigh the costs against the potential losses from a cyber breach.
  • Measurable Outcomes: Choose solutions that offer measurable outcomes to gauge ROI effectively.

As cyber threats continue to evolve, so too must our defence strategies. Ensuring employees are knowledgeable and vigilant against cyber risks is a foundational step. By selecting the right partners and solutions, organisations can significantly bolster their cybersecurity resilience, turning their human element from a potential vulnerability into a formidable line of defence.

Are you looking to boost IT security awareness in your business? The Security IT Summit can help!

Image by kirill_makes_pics from Pixabay

For data privacy, access is as vital as security 

960 640 Guest Post

By Jaeger Glucina, MD and Chief of Staff, Luminance 

If you’re in the UK, you could hardly have missed the story this summer about Nigel Farage’s public showdown with the specialist bank Coutts. What started as an apparent complaint about a lack of service being provided to Farage quickly became a significant political talking point and, ultimately, resulted in the CEO of the NatWest-owned bank resigning his position.

However, if your work sees you taking responsibility for security, compliance, and business continuity, you may need to take stock of how this story highlights an approaching risk factor that all companies need to be aware of. While the details of Coutt’s decision to drop Farage as a customer were being launched onto the newspapers’ front pages, the actual way in which Farage obtained that information remained very much a secondary story.

Those details were obtained when Farage lodged a data subject access request, or ‘DSAR’, with Coutts. This legal mechanism, introduced as part of the EU’s General Data Protection Regulation, compels organisations to identify, compile, and share every piece of information that they hold relating to an individual. This could range from basic data like names and addresses in a customer database to internal email or text conversations pertaining to them.

The purpose, as with analogous legislation like the California Consumer Privacy Act, is to tip the scales of power around matters of data and privacy back in favour of the consumer. To achieve that, there is real regulatory muscle to ensure that DSARs are acted on. Upon receipt, organisations must respond within thirty days, and non-compliance can carry a fine of up to 4% of the business’s annual global turnover.

The reputational damage that a DSAR could trigger for some businesses should, by now, be readily apparent. Even benign requests can pose a serious challenge to an organisation’s legal resource.

While the potentially punitive results of non-compliance makes DSARs a priority issue, mounting a response is not easy as you might think. The breadth of the request demands an exhaustive and wide-ranging search through information systems, including records of Slack messages and video calls as well as emails, documents, spreadsheets, and databases. At the same time, of course, our usage of such systems is ever-expanding. Every new productivity tool in an organisation’s arsenal will represent a potential landing point for sensitive data which needs to be collated, analysed and appropriately redacted in a DSAR process.

You can imagine that for legal teams this is an onerous workload which saps capacity from higher-value areas of work that drive business growth. Worse, it is a highly labour-intensive, repetitive process which few legal professionals would ideally choose to engage in. Many external firms won’t take DSAR cases on, and if one can be found the fees will likely run to tens of thousands of pounds.

All of that adds up to a growing need for a new kind of data discoverability: not just a way for businesses to oversee data siloes, but to analyse and draw from them in a highly specific way which meets strict legal criteria.

Clearly, the repetitive and precise nature of the task makes it a perfect candidate for automation. With AI, teams can rapidly cull datasets down to just those items which are likely to be relevant before identifying any personal data which needs to be excluded or redacted. In one recent rollout of the technology, this resulted in UK-based technology scale-up, proSapient, halving the time taken to respond to a DSAR and avoiding £20k in costs while maintaining the robust level of detail which GDPR compliance demands.

Any data professional out there knows that a proliferation of personal data residing in systems is an almost inevitable consequence of our modern working practices: digital tools underpin our productivity, and information about people, whether they are customers, clients, or employees, is relevant to almost any process.

Anecdotally, we know that whenever a story involving DSARs hits the headlines, businesses experience a spike of requests. The GDPR may now be half a decade old, but awareness of how it can be leveraged will only continue to grow – far past the capacity of existing tools and team structures to cope.

That means that empowering legal teams with the tools they need manage this new data reality is of paramount importance, both to safeguard the organisation’s future resilience and continuity, and to enable them to focus on delivering the levels of productivity expected from them.

Cybersecurity Awareness Month: We asked the experts about this year’s priorities

960 640 Stuart O'Brien
What are the key considerations, threats and opportunities for IT security professionals in 2023? To mark Cybersecurity Awareness Month 20233 we polled some leading experts for their thoughts…
Milind Mohile, Vice President, Product Management, Citrix
“Hybrid work is still on the rise in 2023, a trend which is only increasing complexity for security teams, with geographically separate workforces, using a variety of managed and unmanaged devices, over the internet, accessing a combination of enterprise-hosted and SaaS apps. Traditional security measures are no longer enough to safeguard a business’s sensitive applications and data, therefore businesses must truly understand how to implement a comprehensive Zero Trust Application Access (ZTAA) framework.
ZTAA goes beyond Zero Trust Network Access (ZTNA) to encompass not just networking, but also application usage and activities even after access has been granted. Unlike traditional security models that rely on perimeter defences with “point-in-time” security controls, and policy engines that follow binary “grant/deny” rules, a ZTAA model combines the principles of “never trust, always verify” with granular access and action controls that can be dialled up and down based on circumstances, telemetry or behaviours. This constant vigilance and fine-grained control is where ZTAA truly shines.
ZTAA will evolve rapidly as solutions incorporate AI to aid in continuous monitoring user behaviours and determining the right responses to suspicious activity. As such, ZTAA enables unrivalled protection against unauthorised access and security breaches, as well as unintentional risky behaviour, making it essential for businesses with hybrid workforces, where users expect to be able to log in from anywhere in the world.”
Matt Tuson, General Manager, EMEA, LogicMonitor
“Over the last two decades, the field of cybersecurity defence has flourished into an advanced, diverse field. However, I think that we will soon see a real evolutionary step take place, which takes us beyond just manning the barricades against digital foes. Businesses are learning that, regardless of whether downtime comes from adversarial attacks or internal technological failures, the bottom-line impact is much the same, and what really matters is getting back to a state of health as quickly and smoothly as possible.
A digital immune system (DIS) approach, built around a mindset which is more agnostic as to the source of problems and more unified in its focus on recovery, will come into focus as a better way of organising teams and technology to create valuable outcomes. The good news for those who have spent years building cybersecurity expertise is that this change will put them closer to the heart of business value. Everything we have learned about resilient systems, designed redundancy, and human psychology will become relevant to business thinking more broadly. Together with more unified data practices and AI tools to action that data, the digital immune system is going to shift the goalposts from the well-defended enterprise to the self-healing enterprise.”
Duncan Bradley, Duncan Bradley, Director of Customer Engagement UKI Cyber Resiliency Practice, Kyndryl 
“The last two decades have witnessed consistent evolution in both how we do cybersecurity and the kinds of risk that cybersecurity seeks to mitigate. The most important lesson emerging in this space right now, though, is really a perspective shift around what cybersecurity is for.
For most of IT history we have spoken of defence, prevention, and avoidance, building a suite of tools and tactics to stop bad outcomes. We have been successful and made it very difficult to break into organisations, so bad actors are now compromising organisations’ user accounts with increasingly sophisticated targeted social engineering attacks, and the growing use of AI techniques, only serves to increase the challenge of detection. Going forward, that conversation is going to be re-oriented around minimising damage and recovering quickly and seamlessly from it. Whether through criminal activity, human error, or natural disaster, breaches and outages happen. The most successful businesses in such moments will be those that have invested in resilience strategies which are agnostic about the source of damage and laser-focused on returning to operational status. That demands a holistic approach where recovering data and reinstating services is baked in at every level, just as something like authorising access is today.
The cybersecurity community has developed very mature methodologies for integrating the human and technological aspects of protecting against attack. In twenty years’ time, resilience will be just as embedded in what we do”
“Cybersecurity Awareness Month serves as yet another reminder of the importance of protecting data in our increasingly digitalised world. AI will be on the agenda, as the recent explosion of generalist technologies and data-scraping tools make data more accessible than ever.
For many businesses, data privacy and security represent a minefield. Whether it’s mitigating the risk of employees exposing sensitive data to GPT-based tools or providing rapid responses to personal information requests, the data privacy challenges for business leaders today are wide-ranging. However, the reality is that compliance isn’t optional, and many are finding themselves on the wrong side of the data privacy coin.
And when it comes to compliance, it’s always going to be more difficult for smaller businesses and start-ups. They cannot afford to take the “get fined, pay up” approach of industry giants. This is why we need to be aware of the benefits of AI as much as its potential risks. AI-driven automation can play a key role in helping SMEs or overburdened legal departments understand, centralise, and analyse their enterprise data, ensuring they keep up with what is an increasingly complex and volatile regulatory landscape. The future of data security depends on our collective ability to adapt – and you can be sure that AI will be at the forefront of enabling businesses to achieve data-driven insights into compliance data, automate compliance tasks and mitigate risk.”
Karl Schorn, Vice President of Professional Services at Systal
“Cybercriminals are using AI and machine learning to develop more effective attacks, such as automated phishing campaigns and AI-driven malware. As technology evolves, so do the attack vectors. Emerging technologies like quantum computing and 5G networks bring new security concerns. This combined with a shortage of skilled personnel and the need to maintain legacy systems and infrastructure is stretching resources as more data and services are moving to the cloud – further pressing the need to protect a wider attack surface, with fewer resources, and skills against determined and developing adversaries.
Addressing these challenges requires a multi-faceted approach that includes technological solutions, strong policies and regulations, employee education, and collaboration among governments, industries, and security experts. Cybersecurity is an ongoing process, and organizations must remain adaptive and proactive in the face of evolving threats.”
John Linford, Forum Director, The Open Group Security & Open Trusted Technology (OTTF)
“It now seems fair to describe the continuing rise of cyber risk as inexorable. Not a week goes by without an analyst or research report announcing a new statistic about the increasing rate of attacks, the diversification of methods, or the growing financial losses being caused.
This means that it’s no longer feasible for organizations to consider any elements of the service topology as ‘trusted’. Rather than assuming any device on a network must have passed a security checkpoint and therefore can be trusted, organizations should be looking to models which secure the data and assets those networks are there to carry, requiring continuous verification of trustworthiness in order to ensure computer security. And Zero Trust ensures computer security for users, data/information, applications, APIs, devices, networks, cloud, etc., wherever they are – instead of forcing a “secure” network within a company.
By assuming every action is potentially malicious and performing security checks on an ongoing, case-by-case basis, Zero Trust reduces successful attacks and protects organizations in the event of a breach as other data and assets remain secure, rather than being accessible by an attacker. In order to successfully implement and ensure proactive mitigation of cyber threats is commonplace, the industry must establish standards and best practices for Zero Trust, which will also be a critical component of cybersecurity awareness.”
Charles Southwood, Regional Vice President and General Manager in UK, Denodo
“The digital landscape is in a constant state of evolution, and along with it, the sophistication of cyber threats continues to grow. These threats take on various forms, ranging from phishing attacks and malware infections to data breaches that can compromise sensitive information. For businesses, safeguarding data and systems must be a number one priority.
While data holds the promise of transforming operations and propelling businesses ahead of the competition, when not adequately protected, it can become a double-edged sword, especially in our current AI-powered landscape. Attacks that utilise this technology can automate and enhance the sophistication of threats, making it more vital than ever to stay ahead of the curve.
Implementing strong authentication methods, encrypting sensitive data, and keeping software and systems up to date are fundamental steps in safeguarding your digital assets. Additionally, having a well-defined incident response plan and regularly assessing the cybersecurity practises of third-party vendors and partners can strengthen the overall security posture.
Cybersecurity isn’t a one-time effort; it’s an ongoing commitment. By investing in robust cybersecurity measures, you not only protect your business but also enhance the trust of your clients and partners. Stay vigilant, stay secure.”
Image by joffi from Pixabay