Latest ciso publications
As many of us stay home, we are relying more than ever on apps and online services to stay connected. But recent headlines have highlighted that the vulnerabilities within apps downloaded to our devices can leave them open to exploitation.
To add fuel to the fire, even the very connected devices we use are susceptible to attack. High profile breaches have come to light over the past year, notably a hacker being able to talk to a young girl via a home security camera in her room.
For organisations, this presents significant challenges when dealing with internal security. With the traditional security perimeter already weakened as a result of mass working from home, it’s crucial steps are taken to ensure the devices and online platforms we use to work remotely are robust and secure.
While governments and public healthcare specialists are looking into the timing and manner of reopening the economy, it is clear that at some point in the hopefully not-too-distant future restrictions will be eased and businesses will return to normal operations.
Returning to recently-vacated offices will certainly signify a return to normality, and for most, that will be a welcome relief after working from home for an extended period. However, just as the shift to working from home required organisations to adapt and act differently, so will the return to the office. In this post, we discuss the preparation CISOs should consider making to offset a number of security implications that arise from returning your workforce from home and back to the office.
he question of trust in technology is more pressing than ever. However, software, websites and apps are still being produced which fail to provide comprehensive security. Why is this still happening?
“I believe that part of what my job is, is social responsibility” says Simon Legg, who last September took on the role of CISO at car insurer Hastings Direct. For Legg, it’s about educating people to make better security decisions. And he believes there’s one key reason that businesses and security teams are still making mistakes when it comes to security.
“I’m trying to drive us away from this culture of thinking about security in non-functional requirement terms, and always, always, always thinking about it in functional requirement terms.” For Legg, a recurring problem that businesses experience is that when building services, they divide software design into two buckets: functional and non-functional requirements.
The topic of breach normalisation has been examined heavily before, but most of the discussion has centred around its obvious, negative effect – the desensitisation and numbing of society to each passing incident.
Tangible effects are rarely immediately apparent in the aftermath of a breach. News reports consequently lack visceral impact. It’s not immediately clear where data ends up — users are inclined to think there is a high chance that their data, representing one line in a tomb of a database, might never be deployed against them.
“I’ve actually had journalists tell me this in the past. They would actually say it’s difficult for us to talk about because we don’t have a picture or video or something we can frame it against to capture people’s attention.”
But Pinkard also says there are also positive effects to the phenomenon.