Another vulnerability shocked the Linux world on 27th January 2015. The Qualys security research team found a critical vulnerability in the Linux GNU C Library (glibc) that allows attackers to remotely take control of an entire system without having any prior knowledge of system credentials. What does it mean for Linux system administrators? Was it really a shocking event? Here's everything you need to know.

This October marks the 16th annual Cybersecurity Awareness Month, and this should serve as a reminder that businesses of all sizes need to implement strong cyber security. Graham Marcroft highlights six areas that combine to help create a holistic cyber security strategy.

Nick Lowe explores how current security measures against bulk data theft from organizations are broken: and how they can be fixed.

Jeff Harris explores the security blind spot created by growing volumes of SSL-encrypted data, and how to approach SSL inspection to get complete visibility of threats without compromising performance.

Organizations taking an ‘all or nothing’ zero trust often find that they struggle to implement it effectively, especially when it comes to application access control. Chris Buijs explains why integrating DNS into the zero trust framework can help.

Saket Modi, CEO at Safe Security, explains why he thinks the current way of doing cyber security in many organizations is broken as far too much of the risk analysis and associated decisions are based on estimates and guesswork, instead of using a knowledge-based approach.

Ian Kilpatrick gives his thoughts about the security year ahead. Emerging issues include the IoT security time-bomb, GDPR blackmail, and rising DDoS attacks. More encouragingly, 2018 may see increased boardroom commitment to information security.

Business continuity consultant, Charlie Maclean-Bristol FBCI, recently conducted a response exercise using cyber attack as the scenario. In this article he captures ten lessons learnt from conducting the exercise.

Toby Scott-Jackson explores how penetration testing has changed: and how it must continue changing in the future to remain a crucial tool in helping manage cyber risks as organizations move into the epoch of the Internet of Things.

Organizations need to embrace a mindset of continuously identifying - and closing - gaps in their cyber security posture to ensure the organization is as secure as it can be. To achieve this a person, or team, needs to be appointed to this role says Matt Cable.

Infrastructure as a service (IaaS) offerings allow enterprises to focus on business growth, gain flexibility and scalability, as well as achieve significant cost savings. However, IaaS also raises some unique data leakage concerns that must be addressed. Anurag Kahol looks at three cornerstones of security when considering IaaS platforms...

Most organizations now allow employees to use IM in some capacity; or their employees use it anyway! And with IT teams under a lot of pressure, the risks of data leakage that come with IM are often forgotten about. Thomas Fischer thinks that IM threats are worth talking about…

Kamel Heus explores the concept of identity sprawl, the risks associated with it, and suggests five best practices which organizations can implement to help ensure a robust identity consolidation strategy.

Security success is no longer just about keeping threats out of your network, but instead about how quickly you can respond and thwart an attack when it happens. This article highlights ‘seven deadly sins’ that organizations often commit when attempting to build an incident response function.

Encryption can be a response to many data security requirements – but only if you choose the proper solution, implement it thoroughly and don’t overestimate its power.

While most organizations have been conducting regular risk assessments in traditional areas for many years, cyber risk assessments are still in their infancy for many. Here Barry O'Donnell offers some tips to ensure that there are no gaps in your cyber risk assessments.

Ransomware has rapidly become the key cyber threat to organizations globally, with the number of bad actors increasing and extortion tactics evolving. Joseph Buckley looks at trends in this area and how the ransomware threat is likely to develop in the future.

First developed in 2010, the zero trust security model has recently grown significantly in popularity. Jan van Vliet explains why zero trust security offers several benefits over and above traditional network-based security approaches; and describes the fundamental aspects required for implementing it.

Throughout history, deception has been a critical component of military activities. Now that most organizations are continuously targets of cyber attacks deception provides a way to stay ahead of cyber attacks instead of feeling like we’re always one step behind. Carolyn Crandall explains further...

Derek Lin believes that the key to effective security is to take a people-centric approach, understanding each and every user’s normal or baseline behaviour. No easy task, but machine learning makes it possible.