it security Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

it security

Say goodbye to traditional security training: How to keep your staff engaged!

960 640 Guest Post

As the saying goes, what got you here, won’t get you there. While the traditional method of once-a-year security awareness training for your staff may have been an acceptable method in the early 2000’s, times change, and so do the needs of staff. Simply providing information to employees is not enough. For best results, information delivered needs to be relevant, timely, and appropriate.

Take the example of teaching a child to cross the road. The best time to teach them is when you’re at a road. This makes the lesson timely and relevant. It also needs to be explained to them in terms they will understand and connect to, this makes it appropriate.

With KnowBe4, you can deliver training to employees which is relevant, timely, and appropriate. It contains a huge library of content covering training modules, video modules, mobile optimised content, assessments, games, newsletters, posters, and much more. Plus, the content is localised in many languages and with many different tones and formats available, there is certainly something for every organisation.

Smart groups can also be used to deliver specific training to selected users. For example, there is no point in making everyone go through security awareness tips when travelling, if most people never travel to a remote location. Putting your road warrior employees in one group and only sending them the training makes it far more relevant.

Perhaps the hardest part of training is delivering it at the right time. There is never an ideal time for employees to take time out of their day to complete their training. Which is why it’s important to not just provide the option of short and quick modules which can be completed during a tea break. But have a method to intervene with training when it is needed the most. With SecurityCoach users can be coached in real-time based on their real-world behaviours.

Whichever tool you use, make sure the training provided is relevant, timely, and appropriate to make it stick.

Find out what percentage of your employees are Phish-prone™ with our free test.

INDUSTRY SPOTLIGHT: Protect your top attack vectors, across all channels by Perception Point

960 640 Guest Post

Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection, investigation, and remediation of all threats across an organisation’s main attack vectors – email, web browsers, and cloud collaboration apps.

Perception Point streamlines the security environment for unmatched protection against spam, phishing, BEC, ATO, ransomware, malware, Zero-days, and N-days well before they reach end-users.

The use of multiple layers of next-gen static and dynamic engines along with patented technology protects organizations against malicious files, URLs, and social engineering-based techniques. All content is scanned in near real-time, ensuring no delays in receipt, regardless of scale and traffic volume. Cloud-based architecture shortens development and deployment cycles as new cyber attacks emerge, keeping you steps ahead of attackers.

The solution’s natively integrated, free of charge, and fully managed incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights. By eliminating false negatives and reducing false positives to bare minimum, the solution provides proven best protection for all organizations.

Perception Point empowers security professionals to control their full security stack with one solution, viewed from an intuitive, unified dashboard. Users can add any channel, including cloud storage, CRM, instant messaging, and web apps, in just one-click to provide threat detection coverage across the entire organization.

Deployed in minutes, with no change to the enterprise’s infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems.

Fortune 500 enterprises and organizations across the globe are preventing attacks across their email, web browsers and cloud collaboration channels with Perception Point.

Contact us to learn more about how Perception Point can secure your business. 

Connect with us on LinkedIn, Twitter, and Facebook.

Rackspace: IT departments plugging talent gaps with technology

960 640 Stuart O'Brien

77% of UK organisations, including IT operations, say they are finding ways for technology to do jobs formerly performed by people in the face of hiring and skills issues.

That’s according to new research from Rackspace Technology, which shows two thirds (64%) of UK companies are downsizing their staff, facilitated by technology, out of a necessity, with roles in customer service the most likely to be automated, as identified by 70% of business decision makers – followed by IT operations (62%), sales and marketing (57%), business operations (56%), and HR and admin (56%).

Half of UK companies (47%) have increased their IT investment due to the current economic climate, recognising the crucial role technology will play in improving performance and plugging skills gaps.

Almost two thirds (63%) are looking for technology to drive greater efficiencies, such as through moving infrastructure to the cloud, but the motivation for increased investment also extends to talent issues, with UK companies now investing 1.5 times more money in roles performed by technology than those performed by people.

This reflects the challenging labour market, with two thirds (65%) of companies finding it difficult to fill technical vacancies and a similar proportion (62%) struggling to retain IT staff.

This commitment to technology to combat talent shortages, and the consequent trend for an increase in IT investment, is also being driven by growing confidence in return on investment among senior leaders. Three in five (58%) organisations acknowledge established ROI on technology is encouraging further financial commitments.

It is also shifting the requirements for all staff, not solely those working in IT. The vast majority (85%) of UK companies now prefer non-technical staff to have a degree of technical proficiency, regardless of whether it’s a core element of the role. 

Mahesh Desai, Chief Relationship Officer, EMEA, at Rackspace Technology, comments: “In times of economic uncertainty, committing increased spend to technology is a risk a majority of companies simply must take in the face of technical skills shortages across the board.

“Not only can technology offset the reduced workforce available but it is a well-established way of driving business efficiencies as well – though only if used effectively.

“Three quarters (73%) of UK organisations also said cloud operations would be a key investment area over the next 12-18 months and while they have correctly identified an important tool in improving their operations, they will need to optimise these investments and strategies to feel the true benefit.

“It should also be noted that technology itself is very different to technical-proficient staff. A tough labour market and therefore necessity might be driving the growing role tech is playing within companies but finding and retaining capable staff will remain crucial for businesses to thrive.”

To download the full report, click here.

Take your IT security career to the next level with these excellent online courses

960 640 Stuart O'Brien
Our selection of online courses tailored specifically for the IT Security sector will enable you to both learn new skills and improve existing ones in 2023 and beyond – sign up today! These are specially-curated online courses designed to help you and your team, improve expertise and learn new things. The IT and Personal Development online learning bundle provides you with over 50 courses, which cover all areas of both professional and personal development:
  • CSS Certification Level 1
  • HTML 5 Certification Level 2
  • Introduction to Cloud Computing Certification
  • IT Security Certification
  • Website Development Foundations Certification
  • WordPress Certification
  • How to Handle Criticism at Work Certification
  • How to Improve Your Mental Health Certification
  • Building Your Confidence and Self-Esteem Certification
  • Managing Teams Certification
  • Master Planning Certification
And many more! Find out more and purchase your online bundle here For just £99 +vat (usually £149), you can share the courses with your colleagues over a 12-month period. Additionally, there are a variety of bundles available on all spectrums;
  • Personal & Professional Development
  • Healthcare
  • Sports & Personal Development
  • Human Resources
  • Customer Services
  • Health & Safety
  • Education & Social Care Skills
  • Sales & Marketing
  • IT & Personal Development
Book your courses today and come out of this stronger and more skilled!

CIOs ‘need to accelerate time to value’ from digital investments

960 640 Stuart O'Brien

CIOs and IT leaders must take action to accelerate time to value and drive top- and bottom-line enterprise growth from digital investments.

That’s according to Gartner’s annual global survey of CIOs and technology executives, which gathered data from 2,203 CIO respondents in 81 countries and all major industries, representing approximately $15 trillion in revenue/public-sector budgets and $322 billion in IT spending.

“The pressure on CIOs to deliver digital dividends is higher than ever,” said Daniel Sanchez Reina, VP Analyst at Gartner. “CEOs and boards anticipated that investments in digital assets, channels and digital business capabilities would accelerate growth beyond what was previously possible. Now, business leadership expects to see these digital-driven improvements reflected in enterprise financials.

“CIOs expect IT budgets to increase 5.1% on average in 2023 – lower than the projected 6.5% global inflation rate. A triple squeeze of economic pressure, scarce and expensive talent and ongoing supply challenges is heightening the desire and urgency to realize time to value.”

The survey analysis revealed four ways in which CIOs can deliver digital dividends and demonstrate the financial impact of technology investments:

Prioritize the Right Digital Initiatives

Survey respondents ranked their executives’ objectives for digital technology investment over the last two years. The top two objectives were to improve operational excellence (53%) and improve customer or citizen experience (45%). In comparison, only 27% cited growing revenue as a primary objective and 22% cited improving cost efficiency.

“CIOs must prioritize digital initiatives with market-facing, growth impact,” said Janelle Hill, Distinguished VP Analyst, Gartner. “For some CIOs, this means stepping out of their comfort zone of internal back-office automation to instead focus on customer or constituent-facing initiatives.”

The survey revealed that CIOs’ future technology plans remain focused on optimization rather than growth. CIOs’ top areas of increased investment for 2023 include cyber and information security (66%), business intelligence/data analytics (55%) and cloud platforms (50%). However, just 32% are increasing investment in artificial intelligence (AI) and 24% in hyperautomation.

“Leading CIOs are more likely to leverage data, analytics and AI to detect emerging consumer behavior or sentiment that might represent a growth opportunity,” added Hill.

Create a Metrics Hierarchy

The survey found that 95% of organizations struggle with developing a vision for digital change, often due to competing expectations from different stakeholders. To drive financial outcomes, CIOs must reconcile siloed initiatives by using a visual metrics hierarchy to communicate and demonstrate interdependencies across related digital initiatives.

“A key ingredient needed to accelerate delivery of digital benefits is accountability,” said Hill. “For example, if the enterprise undertakes a digital initiative to improve customer experience, with the financial goal of improving profit margins, then the CIO’s accountable partner is likely the CMO.”

CIOs should connect with functional leaders for each digital initiative to understand what ‘improvement’ means and how it can be measured. Creating a picture that reflects the hierarchy of technical and business outcome metrics for each initiative will help identify the chain of accountability that will collectively deliver the dividend in focus.

Contribute IT Talent to a Business-Led Fusion Team

While strategic engagement with business unit leaders is necessary to accelerate digital initiatives, the survey exposed an IT mindset of “go it alone” regarding solution delivery. For example, 77% of CIOs said that IT employees are primarily providing innovation and collaboration tools, compared with 18% who said non-IT personnel are providing these tools.

“Over-dependence on IT staff for digital delivery reflects a traditional mindset, which can impede agility,” said Sanchez Reina. “CIOs must embrace democratized digital delivery by design to accelerate time to value. Equipping and empowering those outside of IT – especially business technologists – to build digitalized capabilities, assets and channels can help achieve business goals faster.”

Loaning IT staff to fusion teams that combine business experts, business technologists and IT staff will catalyze a team that is focused on achieving digital business outcomes, while also opening the way for reciprocity, such as integrating subject-matter experts from the business into an IT-led fusion team.

Reduce the Talent Gap with Unconventional Resources

Many CIOs continue to struggle to hire and retain IT talent to accelerate digital initiatives. However, the survey identified numerous sources of technology talent that are untapped. For example, only 12% of enterprises use students (through internships and relationships with schools) to help develop technological capabilities and only 23% use gig workers.

“Talent shortages are among the greatest hindrances to digital,” said Sanchez Reina. “CIOs are often limited by policies related to preferred providers or employment contracts. They must stress to business and HR leadership that engaging unconventional talent sources can help accelerate the realization of digital dividends.”

49% of UK organisations experience high-business-impact outages at least weekly

960 640 Stuart O'Brien

With cloud adoption, cloud-native application architectures, and cybersecurity threats on the rise, the biggest driver for observability in the UK was an increased focus on security, governance, risk and compliance.

That’s according to New Relic’s second annual study on the state of observability, which surveyed 1,600+ practitioners and IT decision-makers across 14 regions.

Nearly three-quarters of respondents said C-suite executives in their organisation are advocates of observability, and more than three-quarters of respondents (78%) saw observability as a key enabler for achieving core business goals, which implies that observability has become a board-level imperative.

he report also reveals the technologies they believe will drive further need for observability and the benefits of adopting an observability practice. For example, of those who had mature observability practices, 100% indicated that observability improves revenue retention by deepening their understanding of customer behaviors compared to the 34% whose practices were less mature.

According to the research, organizations today monitor their technology stacks with a patchwork of tools. At the same time, respondents indicated they longed for simplicity, integration, seamlessness, and more efficient ways to complete high-value projects. Moreover, as organizations race to embrace technologies like blockchain, edge computing, and 5G to deliver optimal customer experiences, observability supports more manageable deployment to help drive innovation, uptime, and reliability. The 2022 Observability Forecast found:

  • Only 27% had achieved full-stack observability by the report’s definition – the ability to see everything in the tech stack that could affect the customer experience. Just 5% had a mature observability practice by the report’s definition.
  • A third (33%) of respondents said they still primarily detect outages manually or from complaints, and most (82%) used four or more tools to monitor the health of their systems.
  • More than half (52%) of respondents said they experience high-business-impact outages once per week or more, and 29% said they take more than an hour to resolve those outages.
  • Just 7% said their telemetry data is entirely unified (in one place), and only 13% said the visualization or dashboarding of that data is entirely unified.
  • Almost half (47%) said they prefer a single, consolidated observability platform.
  • Respondents predicted their organizations will most need observability for artificial intelligence (AI), the Internet of Things (IoT), and business applications in the next three years.

“Today, many organizations make do with a patchwork of tools that require extensive manual effort to provide fragmented views of their technology stacks,” said Peter Pezaris, SVP, Strategy and User Experience at New Relic. “Now that full-stack observability has become mission critical to modern businesses, the Observability Forecast shows that teams are striving to achieve such a view so that they can build, deploy, and run great software that powers optimal digital experiences.”

COVID IT: 27,887 cyber attacks took place throughout the pandemic 

960 640 Stuart O'Brien

COVID-19 had a big impact on the number of susceptibilities being exposed by cyber actors, to the tune of nearly 28,000 attacks across the duration of the pandemic.

Cyphere has analysed the statistics, comparing the figures to pre-pandemic years to highlight the effect COVID has had on cybersecurity.

A rise in digital transformation as a result of the pandemic led to companies purchasing new tech assets to support their staff working remotely.

These new technologies led to cybersecurity oversights that could have resulted in an increase in security exposures such as a lack of security validations before introducing the product to employees.

They analysed the number of vulnerabilities by year, to visualise the rise in exposures before and throughout the pandemic.

  • 2018 – 16,509 vulnerabilities

  • 2019 – 17,307 vulnerabilities

  • 2020 – 18,351 vulnerabilities

  • 2021 – 20,157 vulnerabilities

As seen above, the number of security exposures has steadily increased over the past four years. Until 2017, the figure had never reached 10,000 but less than five years later had doubled to over 20,000 security bypasses.

It signifies a huge shift in cyber protection, with the rise in cyber risks putting users and businesses at risk of data hacks.

They also examined the severity of the susceptibilities, they did this by using the CVSS (Common Vulnerability Scoring System) to determine whether the exposures were low, medium or high risks.

2021 saw the highest total number of exposures, with 20,157 across those twelve months. The severity of these exposures can be seen below:

  • High risk: 4071 vulnerabilities

  • Medium risk: 12,903 vulnerabilities

  • Low risk: 3183 vulnerabilities

In comparison to 2021’s susceptibilities, 2020 registered a larger number of high-risk exposures with 4,379, 308 more despite having fewer total susceptibilities.

Cyphere says analysing the most common types of susceptibilities can be extremely useful in forming a response to the wave of cyber attacks, it can allow cybersecurity professionals to build a defence to counteract the breach.

Each security exposure is defined using the CWE (Common Weakness Enumeration), which is used to categorise the weakness, it serves as a baseline for exposure identification.

Frustratingly, throughout the pandemic, the highest number of vulnerability types were ‘NVD-CWE-noinfo’ meaning the security bypass was undefined.

The problem with undefined exposures is that the lack of information makes it difficult to put actions in place to avoid this reoccurring. There were over 3,000 undefined susceptibilities in 2020 alone.

The number of exposures that were undefined grew between 2019 and 2020, it accounted for 13.49% of susceptibilities in 2019 and 19.35% in 2020.

When analysing the statistics from the pandemic, examining month-specific data can allow for more context in understanding the effect of Covid on cybersecurity.

The month-specific data revealed April 2020 was the worst month in terms of the number of cyber attacks. Across April, there were a total of 2209 attacks with 939 high-risk attacks and 302 critical risks. The lowest amount was the following month, May 2020 recorded 1058 attacks.

In 2021, April and June saw the highest number of vulnerabilities, April saw 1927 exposures whilst June recorded 1965 attacks. Between March 2020 and July 2021 there were a total of 27,887 vulnerabilities

Lastly, they analysed the products being targeted by cyber actors, worryingly they found that a number of Microsoft products were the primary target. Products such as Microsoft Exchange Servers and Microsoft MSHTML were being bypassed to gain access to personal details.

Harman Singh from Cyphere said: “This analysis of the NIST NVD entries during the pandemic presents a number of useful indicators for security and infrastructure teams. Digital and advanced transformations before and during the pandemic forces businesses to adopt digital solutions, at times bypassing standard approvals and change procedures. This is one of the added factors to the rise in cyber attacks.

“Although there has been increase in total vulnerabilities year on year basis, there are two ways to look at it – good news and bad news. There has been a decrease in critical risk vulnerabilities in 2021 compared to peak Covid months in 2020. Bad news is it’s not just the numbers we need to look at, but looking at the impacted services is a worrying factor. It includes email, internal and external services of a corporate network including remote connectivity solutions such as VPN, security gateways.

“This is why organisations should look into vulnerabilities more than just a CVE. These factors include exploitation in the wild, data sensitvity levels related to the affected service and potential impact. Keeping the practical context into mind helps security teams analyse large amount of vulnerabilities in an efficient manner. This reduces the noise that sometimes consists of just CVE scores but are practically complex attacks or have complex dependencies before an exploit takes place.

“It underscores the importance of regular assessments such as penetration testing, vulnerability scanning and management and incident response preparation. Organisations should adhere to strong basics with proactive approach towards security, utilising the industry expertise to stay on top of ever changing threat landscape.”

The four biggest mistakes in IT security governance

960 640 Guest Post

By Atech

Intelligent IT security and endpoint protection tools are critical components of security governance, and the stakes within today’s threat landscape have never been higher.

A lapse in identity protection or zero trust networks could spell financial disaster for a company. We know that attacks are increasing in sophistication and frequency, and in cost with research showing the average cost of a data breach at an eye-watering $4.24 million.

But what about the other end of the spectrum? How can companies identify and rectify issues in their security governance before they become a problem?

#1 Not realising you are a target with less-than-perfect cloud IT security

Many business leaders using cloud data storage mistakenly believe they are not vulnerable to security breaches from outside attackers. However, this is not the case.

The barriers to entry in becoming a cybercriminal are incredibly low, yet the cost to a brand’s reputation is staggeringly high. Furthermore, fines issued to businesses for not adequately managing customer data are also extremely costly.

Therefore, IT leaders need reliable security governance systems and full visibility over user data, secure identity and access management protocols, encryption, and more.

Businesses can update their IT security playbook by partnering with managed security service providers. By understanding the distinct accreditations that service providers display, solution specialisms can be distinguished from operating procedures, to build a real picture of how the service aligns with your business’ needs. You need to receive timely guidance on the latest cloud security threats and how to mitigate them and how to remediate fast. This can only come with in-near-real-time insights of behaviours and attacks and with the expert support of a security operations centre, carrying an industry recognised accreditation such as CREST.

We outline the biggest mistakes in IT security governance and provide a comprehensive view of today’s cloud security challenges and how best to tackle them as an organisation. Read on to identify the other critical mistakes you could be making.

OPINION: Local authorities shouldn’t be daunted when moving to the cloud

960 640 Stuart O'Brien

Local Authorities are under intense pressure to escalate Digital Transformation strategies while also dramatically reducing IT costs, achieving public sector sustainability goals and extending citizen self-service access to key services. With stretched in-house resources and a widely acknowledged skills shortage, the existing IT team is dedicated to keeping the lights on for as long as possible.

With many councils asking where they can find the time, resources or confidence to advance a cloud-first strategy, Don Valentine, Commercial Director, Absoft outlines five reasons for why embracing ERP in the cloud right now will actually solve many of the crisis facing public sector IT…

Unprecedented Challenge

Local Authority IT teams are facing incompatible goals. Is it possible to cut the IT budget by £millions per year over the next five years while also replacing an incredibly extensive legacy infrastructure with an up to the minute cloud based alternative? Or improve operational processes and ramp up citizen self-service while also ensuring stretched staff across departments have constant, uninterrupted access to the information and systems they need to be effective and productive?

With so many stakeholders to satisfy, the future looks daunting. But there are many reasons why Local Authorities should be confident to embrace a cloud-first strategy and the latest ERP solutions.

To read for article, hop on over to our sister site FM Briefing here.

IT security solutions – 2022 buying trends revealed

960 640 Stuart O'Brien

Authentication, Compliance and Cloud Web Security top the list of services the UK’s leading IT security professionals are sourcing in 2022.

The findings have been revealed ahead of July’s Security IT Summit and are based on delegate requirements at the upcoming event.

Delegates registering to attend were asked which areas they needed to invest in during 2022 and beyond.

Authentication was most in-demand, followed by Compliance and Cloud Web Security.

Just behind were Multi-Factor Authentication, Employee Security Awareness and Identity Access Management.

% of delegates at the Security IT Summit sourcing certain products & solutions (Top 10):

  • Authentication
  • Compliance
  • Cloud Web Security
  • Multi-Factor Authentication
  • Employee Security Awareness
  • Identity Access Management
  • Penetration Testing
  • Phishing Detection
  • Risk Management
  • UK Cyber Strategy

To find out more about the Security IT Summit, visit

  • 1
  • 2