June 11th, 2014
Last week the UK Government launched the Cyber Essentials Scheme (CES) allowing businesses to demonstrate best practice in defending against common cyber threats.
The scheme, launched 5th June 2014, is a key objective in the government’s £860 million National Cyber Security Programme. The main objective is to ensure the UK is a safer place to conduct business online. Until now, there hasn’t been a single recognizable award in cybersecurity assurance suitable for all businesses. Developed in close consultation with industry and insurers, many incentives are being offered to businesses who join the scheme.
- March 24th, 2014
The lead up to Windows XP’s expiration is causing a frenzy among the many businesses that are still running on the retiring operating system. Recent statistics show that XP still represents more than 30 percent of market share; unfortunately, the infection rate is six times higher than that of Windows 8 and two times higher than Windows 7. This means that every day that passes once Windows XP support expires will bring new risks to businesses that haven’t upgraded. As a result, we’re increasingly seeing IT departments starting or completing their migrations to Windows 7 in order to prevent huge customer support costs and minimize their attack vectors and risks of downtime.
- February 14th, 2014
IT security doesn’t often get much love, from end users or system administrators. So in this post, I’m going to give you 5 reasons why you should embrace least privilege security with open arms on Valentine’s Day.
- January 19th, 2014
Migrating from XP to 7 offers organizations a good moment to re-assess their security setup. But where to start?
After nearly 13 years, Tuesday 8 April is the day Windows XP reaches the end of the road as Microsoft pulls extended support. Anyone still running XP after that day will be on their own and left exposed to an inevitable wave of malware attacks lured by the pickings to be had from millions of PCs running an unpatched operating system.
- September 25th, 2013
User Account Control was a great idea but it has taken privilege management to fulfill its potential
How did computer security get into such a troubled and confused state? It’s a question security professionals must ask themselves on a daily basis as they face demands that threaten to explode budgets while offering no guarantee that any of the expensively-assembled defenses will actually work.
The roots of the malaise go back to the early years of the millennium when enterprises and consumers using Windows 2000 and Windows XP were suddenly ambushed by waves of clever software attacks that warned the world that criminals had floored an evolutionary accelerator pedal. By the time XP and Windows received its first major security upgrade in the form of Service Pack 2 in 2004, it was becoming clear that security had entered an unsettling era that might take decades to play out.
- August 19th, 2013
Plans to reduce admin numbers by 90% have probably been misunderstood
A year ago, few beyond the realms of computer security, politics and journalism had even heard of the US National Security Agency (NSA) let alone could explain what it did. Then the Edward Snowden affair happened and suddenly one of the world’s most secretive organizations overnight turned into one which has had its every action and statement pored over with huge fascination.
Even so, when NSA director General Keith Alexander turned up at the International Conference on Cybersecurity in New York on 8 August to speak at a roundtable discussion, he probably didn’t think he was going to say much that hadn’t already been said in recent weeks.
Then he mentioned plans to reduce the number of NSA IT system administrators by a dramatic-sounding 90 percent, and people’s ears pricked up. Edward Snowden was a system administrator, of course, one of around 1,000 employed by the Agency itself, or indirectly through consultancy firms. Was this a way of saying that sysadmins at the NSA had too much power and getting rid of them would reduce the risk of another embarrassing breach?