Latest cyber security publications
Kevin is Innovation Lead / SBRI Lead Customer in the Clean Growth and Infrastructure Directorate at Innovate UK and is responsible for managing internal and external relationships, technology strategy and delivery with partners across central and local government, with the aim of boosting procurement-led innovation and growth in Cities
Q&A with Salwa Rafee, healthcare, IT and cyber security expert and Vice President at H-ISAC.
George Tunnicliffe has worked in IT across different sectors such as defence, charities, healthcare and in scenarios of rapid growth and transformation. The Cloud & Cyber Security Expo speaker walks us through his definition of positive security culture, and the myth that users are the weakest link the IT security chain
If the past decade in enterprise IT was owned by cloud, then the next ten years will arguably be defined by our attempt to secure it.
The degree to which cloud has absorbed applications and data is well-documented. While companies are consolidating with hybrid deployments, according to some estimates, 91 percent of organisations have moved some portion of their workloads to the cloud.
As this new territory grows, so too does its attack surface. Organisations need to be armed and ready, yet many are getting into sloppy habits, particularly when it comes to basic data storage practices. Between June 2018 and May 2019 over 2.3 billion files were found on misconfigured or non-secured cloud storage technologies. As cyber security company Forcepoint has framed it, as more companies become “cloud smart,” a large number appear to remain “cloud dumb,” at least when it comes to security.
The oversight is partly because we naturally focus on the ways a new tool can make our lives easier without first considering its side-effects. True, it’s not only a matter of failing to get the basics right. Like with any new technology, it has taken time for us to grasp the multitude of ways that the cloud can leave companies exposed. Compounding this problem is the pace at which cyber hackers conjure up new means of attack.
he question of trust in technology is more pressing than ever. However, software, websites and apps are still being produced which fail to provide comprehensive security. Why is this still happening?
“I believe that part of what my job is, is social responsibility” says Simon Legg, who last September took on the role of CISO at car insurer Hastings Direct. For Legg, it’s about educating people to make better security decisions. And he believes there’s one key reason that businesses and security teams are still making mistakes when it comes to security.
“I’m trying to drive us away from this culture of thinking about security in non-functional requirement terms, and always, always, always thinking about it in functional requirement terms.” For Legg, a recurring problem that businesses experience is that when building services, they divide software design into two buckets: functional and non-functional requirements.