Category Archives: Security controls

The OT and IT debate – is our critical infrastructure safe?

Power station critical national infrastructure

 

 

 

 

 

 

 

 

Back in 2011, GE coined the phrase “the Industrial Internet”. They were referring to how the gap between the operational technology (OT) that controls our critical infrastructure facilities and traditional enterprise information technology (IT) is closing. In the quest for smarter enterprise data, we are connecting our OT to our IT. Smart as that may seem, there can be unintended consequences – rather than a controlled ‘coming together’, it can be more of a fatal collision if the associated risks are ignored.

Seven years on, OT and IT are becoming more and more connected every day. Yet, there seems to be a level of denial that such connectivity exists. This can mean that critical cyber security controls are being ignored – a dangerous place to be. Continue reading “The OT and IT debate – is our critical infrastructure safe?” »

Share

The NIS Directive explained – compliance and guidance

NIS Directive explained

 

 

 

 

 

 

 

 

The Chinese have just celebrated the start of The Year of the Dog. But for anyone with responsibility for data security in their organisation, it’s very much ‘The Year of Regulation’. You’ll have heard plenty about the General Data Protection Regulation (GDPR), but what about the European Union’s other piece of security legislation, the Network and Information Security (NIS) Directive?

May is going to be a busy month in cyber security, with the NIS Directive being transposed into national law on 9th May, quickly followed by the GDPR on 25th May – as if you needed reminding. Continue reading “The NIS Directive explained – compliance and guidance” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Measuring and understanding cyber security effectiveness – where do you start?

Cyber Security Measurement

 

 

 

 

 

 

 

 

“You can’t manage what you can’t measure.”

Peter Drucker

This classic quote from management guru Peter Drucker is equally applicable to the measurement challenge we face in information security. 

If we can’t (or don’t) measure, how can we identify if we’ve been successful with our security initiatives? For example, is a lack of security incidents an indication of success? If so, how can we demonstrate it? Likewise, without evidence of what is working (and where) – how can we justify often significant security expenditure – or indeed, make effective security decisions?

In this article we’ll take an introductory look at the use of metrics to measure cyber security effectiveness (sometimes also referred to as ‘security maturity’) with dashboards and benchmarking. We will also reference existing frameworks and models and provide links for you to explore in more depth. Continue reading “Measuring and understanding cyber security effectiveness – where do you start?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

The one-stop guide to cyber security advice (Part 1)

Best cyber guides reviewed

 

 

 

 

 

 

 

 

It’s always the big cyber security attacks that steal the headlines, but dig a little deeper and there are everyday stories of hacker inflicted misery – many of which could have been prevented.

So, if you are increasingly concerned about the threat to your own data and are looking for advice, this guide is for you.

It’s part one of a two-part series reviewing the ‘best of’ the many respected sources of cyber security advice available, with some of our most popular articles included. Continue reading “The one-stop guide to cyber security advice (Part 1)” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Convince your board – cyber attack prevention is better than cure

Cyber attack ahead

 

 

 

 

 

 

 

 

There is a recurring message in many of the surveys about cyber security. It’s broadly this: a high number of businesses say that cyber security is an important issue – but a low number report any evidence of actually doing something about it.

The latest Cyber Security Breach Survey 2017 illustrates this perfectly. IPSOS MORI interviewed 1,523 UK businesses. In 74% of cases the directors or senior management said that cyber security is a high priority but only 20% currently provide staff with cyber security training – and only 33% have any formal policies in place. Continue reading “Convince your board – cyber attack prevention is better than cure” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Ransomware attacks – don’t let them happen to you

 

 

 

 

 

 

 

 

 

The BBC has reported there could be further ransomware attacks this week, following the global cyber-attack that saw 48 NHS Trusts, Hospitals and GPs’ surgeries become its most high profile victims.

It has taken an attack on an institution that serves to protect lives to propel ransomware onto our TV screens and newspapers – but ransomware has been around for some time and it doesn’t just target organisations the size of the NHS.

This article briefly covers what ransomware is, what happened in the attack and offers advice on how to protect your own systems – whether you are a large organisation, an SME or a solo business/operator running a single computer. Continue reading “Ransomware attacks – don’t let them happen to you” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Why basic cyber security could save you a lot of wonga

Wonga cyber attack

 

 

 

 

 

 

 

Another week, another embarrassing cyber attack. This time it’s payday lenders Wonga who are the latest high profile business to fall victim to hackers with reports suggesting 270,000 customers’ details have been stolen (of which 245,000 are in the UK) – including the last four digits of bank cards.

For a business named after the slang for money, it’s ironic that, when the dust settles – the attack may cost them a tidy sum of their own wonga – just as it did for TalkTalk. Continue reading “Why basic cyber security could save you a lot of wonga” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

Cyber Insurance – can you ever be fully covered?

Cyber insurance image

 

 

 

 

 

 

 

 

Whether it be from hackers, careless employees, malicious insiders or ransomware (pick your own threat list) – organisations are under increasing risk of cyber attack. And, wherever there is a risk – there’s the option of insurance.

Cyber insurance, also referred to as cyber risk insurance or cyber liability insurance coverage (CLIC), has been around for over a decade. Now, as cyber threats grow, cyber insurance looks set to join other business insurance policies in the risk management toolkit. But, can it really adequately compensate against the consequences of an attack? Continue reading “Cyber Insurance – can you ever be fully covered?” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

5 ways to spring clean your cyber security

Cyber spring clean

 

 

 

 

 

 

 

 

 

Spring is here, the evenings are getting lighter. It’s a time when we clean and refresh for the year ahead. It’s also a time for renewal and optimism – but if there’s one area that we don’t want to experience the joys of spring it’s cyber crime.

Cyber criminals can threaten our personal security, steal intellectual property, create and distribute viruses and disrupt our critical national infrastructure. They can also target and manipulate employees (the Insider Threat) – sometimes with their co-operation, sometimes without their knowledge and attacks can remain undetected sometimes for months. Continue reading “5 ways to spring clean your cyber security” »

avatar

Ben Wheeler

Ascentor marketing and content editor.

More Posts

Share

An ounce of prevention could be worth a ton of cyber attack cure

Cyber attack prevention or cure

 

 

 

 

 

 

 

The cyber attack on TalkTalk last year is estimated to have cost the company around £60m. Despite initial claims that the attack was ‘sophisticated’, it transpires that it was conducted by children from their homes. Not so much sophisticated as sofa-sticated!

Blaming an attack on very capable and well-resourced attackers tries to convince customers that nothing much could have been done to prevent it from happening – it’s just one of things that you have to accept if you’re going to do business in the cyber world. We disagree – there is much that can be done with a little awareness and application. Continue reading “An ounce of prevention could be worth a ton of cyber attack cure” »

avatar

Paddy Keating

Director and Government Service Manager at Ascentor

More Posts

Follow Me:
Twitter

Share