Unfortunately, many organisations see Software Asset Management (SAM) as a compliance reporting tool and little else. This is in some ways understandable, taking into account the astronomical regulatory fines that the large software vendors charge each year. However, SAM can do far more than protect companies from regulatory fines. It can reduce software expenditure by 30%, according to Gartner, and, it’s a little known fact that it can also help minimise security risks. As cybersecurity remains high on the agenda of CIOs, IDC expects global spending on security technology to reach $81.7bn in 2017. Despite this significant investment, companies often fail to complete…
ISBuzz Team
News broke today of a Black Hat research report which details major concerns among the Infosec community including critical infrastructure security, nation state attacks, enterprise security risks, and the implications of the NIS Directive and GDPR requirements. Almost half of the respondents cite a foreign power (terrorist organization, rogue nation or large nation-state) as the primary threat to Europe’s critical infrastructure, whilst nearly 40 percent believe that a lack of required skills is the primary reason why security strategies fail, and the shortage is only being exacerbated by GDPR requirements at many organizations. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director…
The number of High Court cases involving employees stealing confidential data has increased by 25 per cent in a year, according to new figures. David Emm, Principal Security Researcher at Kaspersky Lab commented below. David Emm, Principal Security Researcher at Kaspersky Lab: The insider threat represents one of the greatest challenges to businesses trying to stave off a constant barrage of cyberattacks. Research by Kaspersky Lab and B2B International reveals that 28 per cent of all cyberattacks and 38 per cent of targeted attacks now involve malicious activity by insiders. Employees rank at the very top of the list of threats to data and systems. Their motivations…
In light of today’s news on the Jewson cyberattack, Niall MacLeod, Enterprise Solutions Architect EMEA at Anomali commented below. Niall MacLeod, Enterprise Solutions Architect EMEA at Anomali: “What’s interesting in the Jewson case is the timeframes of the events. The breach looks likely to have occurred in late August, with the breach detected on 3rd November, a week before the ICO were informed. The longer the lag time cyber criminals have to lurk in an organisation’s internal environment, the more chance they have of accessing valuable information that can hit a business hard, in terms of finances and reputation. But critically as organisations prepare for…
The US Pentagon is set to make a major investment in open source software, if section 886 of the National Defense Authorization Act for Fiscal Year 2018 is passed. The section acknowledges the use of open source software, therelease of source code into public repositories, and a competition to inspire work with open source that supports the mission of the Department of Defense. IT security experts commented below. Cesare Garlati, Chief Security Strategist at the prpl Foundation: “More and more organisations choose open source software not because of cost considerations but to maintain control of the overall technology strategy, so it’s encouraging that the Pentagon is realising the benefits. Compare thecode creation and maintenance processes of these commercial entities to more eyeballs on a typical piece of open source…
Check Point adds new capabilities to SandBlast Mobile Solution in response to increased mobile cyber threats: survey of over 850 firms globally shows average of 54 mobile malware attacks per business Check Point has announced results from the first ever study on the impact of mobile attacks in enterprise environments. Findings from the research are based on data collected from more than 850 organizations spread across four continents. The results are stark: enterprise mobility is susceptible to attack on both major mobile platforms, Android and iOS. Threats to mobile users are capable of compromising any device and accessing sensitive data at any…
In light of the news that a £20m initiative to get school children interested in cyber-security has been launched by the UK government named the ‘Cyber Discovery’ programme, Anthony Chadd, Head of EMEA Security Solutions at Neustar, a trusted, neutral provider of real-time information services commented below. Anthony Chadd, Head of EMEA Security Solutions at Neustar: “We support any initiative from the government to drive up awareness, interest and participation in cyber-security initiatives from young people. Today, there are three times as many IT jobs out there as there are available candidates, and this is an issue we need to address quickly if we are to prevent…
It has been reported that fashion retailer, Forever 21, has announced that there had been unauthorised access to data from payment cards used at some of its stores. The California based company said the breach was focused on transactions made at its stores between March and October this year. Forever 21 said only certain point of sale devices in certain stores were affected when the encryption on those devices was not operating. IT security experts are commented below. Robert Capps, Authentication Strategist and Vice President at NuData Security: “In an effort to make transactions for consumers as simple as possible, retailers like Forever 21 often subcontract third-party…
Cisco Systems has discovered a critical vulnerability is its Cisco Voice Operating System software that allows an unauthenticated, remote hacker to gain elevated access to 12 types of Cisco Voice-OS products. Michael Patterson, CEO at Plixer commented below. Michael Patterson, CEO at Plixer: “Given the recent vulnerability in Cisco’s Voice Operating System, it is important for network and security professionals to be aware of rogue SSH communications on the network. If you see an SSH connection to a device on the network from a client that normally doesn’t have SSH traffic, it may be a good idea to investigate to…
Chancellor has indicated that it is the Government’s objective to have “fully driverless cars” without a safety attendant on board in use by 2021, Raj Samani, Chief Scientist and Fellow at McAfee commented below. Raj Samani, Chief Scientist and Fellow at McAfee: “With its strong manufacturing heritage, it’s unsurprising that the government has high hopes for the UK to be a global leader in driverless car technology and to “lead the next industrial revolution”. The anticipated regulation changes on Wednesday, that will allow developers to test driverless cars on the road, will be a key step forward in accelerating towards this goal. However,…
