Network security in the age of the internet of things

Wireless devices and smart technologies are increasingly being brought into the workplace, and pose a growing risk to company data

The internet of things (IoT) is a comparatively recent invention. Ten years ago, we only worried about protecting our computers, and it was only five years ago when we needed to protect our smartphones. Now we need to consider protecting our fridges, heating systems and industrial machines in order to safeguard company networks.

The IoT is growing quickly. Researchers estimate that by 2020 the number of active wireless-connected devices will exceed 40 billion. These devices are becoming an increasingly attractive target for criminals, as more connected devices mean more attack vectors and possible vulnerabilities.The IoT is growing quickly. Researchers estimate that by 2020 the number of active wireless-connected devices will exceed 40 billion. These devices are becoming an increasingly attractive target for criminals, as more connected devices mean more attack vectors and possible vulnerabilities.

Read more

Will we be haunted by Spectre and Meltdown for decades to come?

Fundamental vulnerabilities in modern devices: Will we be haunted by Spectre and Meltdown for decades to come?

2018 began with the alarming news that nearly every computer chip manufactured in the last 20 years contains basic security flaws. These flaws have been collectively named Spectre and Meltdown, and were discovered by security analysts at Google.

In contrast to malware and viruses, which affect software, these vulnerabilities are inbuilt into the hardware. The scale of the risk is unprecedented, as the flaws are not unique to one type of chipmaker or device. Instead, billions of devices, from desktop PCs to tablets and smartphones, are vulnerable. Read more

Sharing a Data Protection Officer

The General Data Protection Regulations, which comes into force shortly, requires the need for a Data Protection Officer…

As we all know by now, the General Data Protection Regulations, the process by which the European Parliament intends to strengthen and unify data protection for all individuals within the European Union (EU), as well as addressing the export of personal data outside of the EU, comes into force on May 25th of this year.

One of the many requirements of the legislation is the need for a Data Protection Officer (DPO). This person assumes the role of data protection expert and deals with any data protection queries. It is a high-level position requiring grounding in both national and European data protection law and practice, as well as a thorough understanding of GDPR. Read more

The Threat of Fileless Trojans

The growth in the use of fileless or zero-footprint attacks is alarming. And while they seem to have been targeted at corporate networks so far, they will spread wider.

Fileless attacks do not rely on installing new software but use legitimate applications in the OS. An advanced volatile threat (AVT) does not write itself onto the hard drive but stays in the memory and is deleted once the system is reset. And it can be paired with other malware types to deliver multiple payloads.

All this means that regular anti-virus tools are less likely to become more successful. So what can be done to mitigate the likelihood of becoming a victim to a fileless attack? Read more

UK Councils Must Get Their Cyber Security ‘Act Together’

UK councils must get their cyber security ‘act together’ according to Colin Tankard, Managing Director of data security company, Digital Pathways

Human beings are always the weakest link in the cyber security arena and the only way to stop this is by providing excellent training and awareness programmes, according to Tankard.

He says, “My experience of working with these organisations is that, more often than not, the data owners or managers of departments do not consider who has access to their data and they leave the decisions to the IT Department expecting them to know who can access the data and what they can do with it. Then, when things so wrong, it is the IT staff that get the blame. This is wholly inadequate and short-sited.”

Read more