Chief executive officers in the UK are still far from being considered responsible for keeping their organizations safe from cyberattacks, according to a new report by NCC Group. The report, which the risk mitigation and cybersecurity company just released, is based on a poll of 200 UK board of directors, where they were questioned on cybersecurity. Just 13 percent say the managing director was responsible for cyber risks in their company.

Also, just nine percent named the financial director. The biggest burden is still on the shoulders of CTOs and CIOs -- 52 percent. "Boards continue to pass the cyber buck by delegating accountability to technical leads likes CIOs and CTOs. Cyber security is the responsibility of the CEO and the main board as it is the most significant issue facing businesses today", comments Rob Cotton, CEO at NCC Group.

Continue reading →

In an increasingly interconnected world, all organizations are at risk from cyber attacks and manufacturing businesses are no exception.

A new study conducted by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) reveals that 40 percent of manufacturing companies were affected by cyber incidents in the past 12 months, and 38 percent of those impacted suffered damages in excess of $1 million.

Continue reading →

O&O Software has released the latest version of its commercial secure-deleting privacy protector, SafeErase Professional 11.

The interface has been revamped for ease of use, while the core engine is even faster at wiping every trace of your confidential files.

Continue reading →

As we conduct more and more of our work and personal lives using information technology, we have to sign in to lots of different systems. That can mean many different sets of credentials which can be hard to manage.

Federated identity is a way of streamlining this by linking an electronic identity and attributes across several identity management systems. This is related to single sign-on (SSO), which involves sharing authentication between systems -- such as signing onto other websites using your social network ID -- but federated identity goes much deeper.

Continue reading →

Digital certificates are an essential part of online security and as the number of Internet of things devices continues to grow they'll become more important still. But as we rely more on certificates so managing them becomes more complex.

Cyber security solutions company Comodo, the world's leading certificate authority, is launching the latest release of its Comodo Certificate Manager (CCM), a full-lifecycle digital certificate management platform which makes it easier for enterprises to manage their certificates.

Continue reading →

More and more companies are moving their office applications to the cloud and Microsoft Office 365 is one of the most popular options with around 85 million subscribers.

One of the major concerns with this trend is keeping information secure, to address this IT management solutions provider Kaseya is launching its latest AuthAnvil. An identity and access management solution, this provides single sign on (SSO), multifactor authentication (MFA) and automated user provisioning for Office 365.

Continue reading →

A security vulnerability discovered in numerous Linux distros potentially puts millions of users at risk. CVE-2016-4484 (Cryptsetup Initrd root Shell) affects the Cryptsetup script that is used to unlock partitions encrypted with LUKS (Linux Unified Key Setup).

The flaw means that it is possible for a hacker to access, change or delete data on the hard drive, and it is not even necessary to have physical access to exploit the vulnerability in every circumstance. But the worrying thing is just how easy the problem is to exploit.

Continue reading →

DDoS attacks have been at the forefront of the media for weeks. The unprecedented scale of the attacks on Brian Krebs website lit the powder keg, and it hasn’t stopped, with the most recent example being the attack on Dyn’s servers that led to a major outage on the east coast of the US.

As The Register reported, the Krebs attack was the largest known single DDoS attack ever, with more than 152K devices involved, generating more than 620Gbps in the attack. The Dyn attack received even more coverage, as it affected many popular consumer sites, including media-friendly Twitter.

Continue reading →

In a white paper and blog post, Microsoft makes the claim that changes introduced in Windows 10 Anniversary Update make it the most secure version of Windows ever. The company is particularly proud of its ability to fight ransomware, but also points to security features such as Credential Guard and Windows Hello.

Microsoft says that Windows Defender -- recently complained about by Eugene Kapsersky -- is to thank for this. Cloud-based protection and faster updates mean protection is more effective than ever.

Continue reading →

Data breaches can be hard to detect and are often missed by traditional cyber security approaches, allowing attackers to spend a long time inside a network.

One way of combating this is to catch attackers out by deploying decoys that mimic desktops, servers, printers and other technology present in a network. But until recently this approach was only available to large organizations.

Continue reading →

Philips Hue light bulbs could be vulnerable to a cyber attack, according to researchers who have developed a proof-of-concept worm capable of spreading from bulb to bulb with the power to turn the lights on and off.

The researchers efforts at gaining access to the connected light bulbs was detailed in their paper titled IoT Goes Nuclear a ZigBee Chain Reaction. The worm they created was able to gain access to the Philips Hue devices by exploiting hard-coded symmetric encryption keys that are used to control devices over Zigbee wireless networks.

Continue reading →

Claims of anti-competitive behavior are incredibly common in the world of tech; Google finds itself on the defensive on just about a weekly basis. Microsoft is certainly no stranger to accusations of anti-competitiveness, most notably for bundling Internet Explorer in older versions of Windows. But now it's Microsoft's approach to security that's in the firing line.

Eugene Kaspersky (yes, that one: the Russian security expert and CEO of Kaspersky Lab) has fired a vitriolic tirade at Microsoft in which he complains about how Windows Defender works in Windows 10. Windows 10 has been lambasted for many reasons since it launched, and things are not really improving as we near the launch of Windows 10 Creators Update. Kaspersky is so furious about the way in which Defender operates that he has written a lengthy and bitter blog post entitled: "That's It. I've Had Enough!"

Continue reading →

Google has decided to rework the way it classifies dangerous and harmful sites in an effort to better protect users from being infected by malware.

The search engine has tried to protect its users for a number of years by displaying a warning when a link appears that could lead them to an unsafe site trying to infect their systems with malware or trying to obtain their personal information through phishing.

Continue reading →

Organizations waste millions of dollars trying to keep hackers away from sensitive information using outdated perimeter-based security technologies. The result is obvious: it isn’t working.

Percipient Networks’ CTO Todd O’Boyle has counterintuitive advice for businesses when discussing what to do about hackers: let them in your corporate network. I spoke to Todd, and he explained why that advice is more sound that you might think.

Continue reading →

Today, the majority of enterprises rely on employee authorization by means of keycards or passcodes. While this form of security is convenient, these methods don’t truly authenticate nor verify the identity of the person at the time and place of an access request. We’ve all seen how usernames and passwords can be easily stolen. When this inevitably occurs within an organization, that factor becomes useless and will allow an attacker to gain access to everything the employee was authorized for.

Employee authorization based on a single paradigm is highly flawed because it could easily be lost, stolen or duplicated. If you are relying on only one vector for authentication, then there will only need to be one point of failure. Outside of the increased risk of becoming victimized by a data breach, enterprises that rely on these single paradigm authorizations are opening themselves up to the potential of fraud, lawsuits and damaged reputation and relationships with both internal and external stakeholders.

Continue reading →