A Deep Dive on How to Catch Phish

A Deep Dive on How to Catch Phish

The modern email threat. The simple plain text email appearing to come from the CEO asking the junior finance or accounts payable team member to immediately settle the overdue invoice from an irate supplier, that has just called them personally to complain. Call it Business Email Compromise (BEC) or CEO Fraud, it’s still a targeted phishing attack, and the number of incidents has been rising stead...
Facing facts: your employees are visiting sites they shouldn’t at work

Facing facts: your employees are visiting sites they shouldn’t at work

One of the most difficult jobs for a security team is to limit the harm employees can put themselves and the organization at risk of, while giving them scope to operate online. A recent survey we conducted of 1000 UK adults confirmed all of a security team’s worst fears about what employees are getting up to at work. One in ten respondents admitted to visiting adult websites on a work device or wh...
WhatsApp with people? Don’t expose your company’s confidential data, please

WhatsApp with people? Don’t expose your company’s confidential data, please

Last week we released the results of an interesting piece of research we carried out which tried to understand the kind of flawed and malicious things people do which put the data of the companies they work for at risk.  Some of the results raise eyebrows and others are downright staggering.  For example, one in ten people questioned admit to visiting adult websites whilst on a work laptop or conn...
Getting used to more clouds of pollution – the scourge of cloud-only malware

Getting used to more clouds of pollution – the scourge of cloud-only malware

Thank goodness for cloud applications. Compared to the old ways of sharing information across organisations and between virtual teams, cloud apps have undoubtedly liberated extra productivity and fostered greater innovation. To gain maximum benefit, however, keeping on top of cloud application security is a key consideration and one that demands both visibility and control of usage, right down to ...
Why cloud visibility and discovery are no longer enough

Why cloud visibility and discovery are no longer enough

According to the Ponemon Institute, cloud applications are a significant security concern for organisations, with 71% of global IT professionals believing the challenge is harder to face using existing, conventional security tools. Disregarding those who still don’t even know that they need to be aware of the risks, the majority have since cottoned-on to the necessity of having comprehensive visib...
Sharing our GDPR Journey: CFO

Sharing our GDPR Journey: CFO

A dual task but also an opportunity to better ourselves When our CEO, Ed, wrote the first blog post in this series he detailed the all consuming nature of the upcoming General Data Protection Regulation. Since then, some time has passed and the hysteria surrounding that May deadline has heightened even further. After all, we’re now well into the final full quarter of preparation time before GDPR, ...
Sharing our GDPR journey - CTO  Changing the definition of personal data

Sharing our GDPR journey - CTO Changing the definition of personal data

2018 is here and, as we leave the Christmas festivities behind us, a regulation six years in the making is about to become a reality… The year of GDPR is finally upon us. By now, we’re all well aware of its aim; to transform the way that European businesses view data in terms of both protection and privacy. And, let’s face it, given that 2017 was a year in which cybercrime thrived - with attacks s...
CensorNet named in the 2017 Gartner Magic Quadrant for Cloud Access Security Brokers

CensorNet named in the 2017 Gartner Magic Quadrant for Cloud Access Security Brokers

There’s no doubt about it, the global cloud market is increasing exponentially… and, as it does, so too do the cyber threats within the cloud landscape. Today, cloud security is more important than ever before. In a world full of IT vendors offering a stream of IT solutions, we believe that Gartner helps business leaders make informed decisions. Its Magic Quadrant is a culmination of research in a...
NIST Digital Identity Guidelines Clarify Importance of SMS in Authentication Strategies

NIST Digital Identity Guidelines Clarify Importance of SMS in Authentication Strategies

As we anticipated when we first wrote about the Digital Identity Guidelines published by the National Institute of Standards and Technology (NIST), the new recommendations have ignited a fierce debate in the cybersecurity community. What is the best authentication method to protect access to data and systems? Is two-factor enough or does multifactor provide the best defense? What delivery methods ...
Are humans still the weak link in the Cyber Security chain?

Are humans still the weak link in the Cyber Security chain?

I think the answer has got to be a resounding yes. There will always be black swans and sheep that roll across the cattle grid to freedom and suicidal kangaroos that continue to be killed on the roads in Australia. In any type of environment users will be ingenious and sidestep governance and red-tape to get the job done, and there will always be users that despite how much you tell them not to, w...
Sharing Our GDPR Journey

Sharing Our GDPR Journey

The 25th of May 2018. For many, that date will have registered little interest when the first official draft of the EU General Data Protection Regulation was published back in 2012.  The date, and what it would bring, was something to be aware of but too far away to interfere with other, more pressing concerns. Fast-forward to 2016, when the final draft was approved by the EU Parliament, and the s...
Infosec Report Card: Must concentrate better, but don't stop talking

Infosec Report Card: Must concentrate better, but don't stop talking

Infosec Europe is undoubtedly one of the biggest trade shows in the calendar, and again it demonstrated its gravitational force this week with what I’m told are record numbers getting sucked into its orbit to discover how to better protect organisations from tougher and more complex cyber threats.This morning, beyond the crusty walls of Olympia - back in the real world - a new UK government prepar...
Cyclonic information overload... Or clarity at last?

Cyclonic information overload... Or clarity at last?

After my rant about the general lack of coherence in the info security industry, I thought I’d accept my own challenge and see what I could make of the first day’s action here at Infosec 2017.  A scan through the scheduled keynotes and presentations pretty much confirmed what I predicted to be true. Reading the conference agenda is analogous to reading the menu from one of those ‘every internation...
Coherence is the order of the day...

Coherence is the order of the day...

I’ve got a challenge for anyone visiting this week’s Infosec Show: Spend two hours here, and then try and sum it up in 20 seconds. I’m offering a prize for anyone that does a good job - just drop by our stand, give me your thoughts in 20 seconds and I’ll see what we’ve got in the goody bag. At the very least, I’ll buy you a coffee - I’d be interested to hear what you’re thinking. Sounds trite, rig...
The Heads Up: Shadow IT - Light Up The Dark Side

The Heads Up: Shadow IT - Light Up The Dark Side

Digital infrastructures can be both a curse and a blessing. They allow us to progress technically and positively influence the way in which we work, but can inevitably make organizations more vulnerable to cyber attacks and also make it increasingly difficult for IT teams to control. In the ‘digital jungle’, computers, laptops and private mobile devices (BYOD – bring your own device) are used to a...
Top Tips for Users to Keep Company Networks Safe

Top Tips for Users to Keep Company Networks Safe

As I’m sure you already know, Friday, 15 May, saw the beginning of a global ransomware attack, hitting hundreds of thousands of businesses around the world. Like most companies, we have taken stock of the situation and sent some simple instructions to our staff so that we can avoid becoming infected. We would like to share these with you, but before we do that, we cannot stress highly enough the i...
The Heads Up: Solving Ransomware with AV...the definition of insanity?

The Heads Up: Solving Ransomware with AV...the definition of insanity?

In the light of the recent global ransomware cyber attack, we felt it appropriate to repost this blog for your information. The original post was dated 18 April, 2017. The speed at which ransomware is proliferating is mind blowing. In 2015, SonicWall’s Global Response Intelligence Grid recorded around 3.8 million attacks. By last year, that had grown to 638 million. Yes, you read it right – 638 mi...
Cloud Security - how is 2017 shaping up?

Cloud Security - how is 2017 shaping up?

With January rapidly becoming a distant memory, and as all those New Year good intentions get left by the wayside, I am pleased to report the race to the cloud continues apace. But as enterprises embrace the cloud to help their businesses become more agile and responsive, they invariably encounter more security threats and become more susceptible to breaches from multiple channels. Legacy security...
Cloud Security issues aren’t unknown

Cloud Security issues aren’t unknown

When Cloud was the new kid on the block, the risk of adoption was simply too variable and therefore untenable but that didn’t really matter. It was gathering such momentum the security market simply couldn’t keep up. So in line with tradition, the easiest option was to get the big red stamp out and mark it ‘unsafe’ and hope it would go away. The problem was that it didn’t, it just got bigger. The ...
“e-Safety Legal Obligations – The Fall of the Supremacy of Pedagogy”

“e-Safety Legal Obligations – The Fall of the Supremacy of Pedagogy”

I have a proposition to make. My proposition is that it is notpossible to train or educate pupils into not cyberbullying, not viewing pornography, not sexting and that the stance of many educators and education experts[1] that pedagogy is the best, the ‘supreme’ route to satisfy e-Safety legal obligations is, quite simply, wrong. I further propose that we know it’s wrong because empirical evidence...