New EU law aims to raise cybersecurity standards across borders.
New EU law aims to raise cybersecurity standards across borders.
Organisations are leaving themselves exposed by failing to demand adequate security protections when buying new technology, according to a senior Cisco executive who warned that security and networking specialists must work together better to close persistent gaps.
Businesses wanting to improve their security practice need to reconsider the way they position cybersecurity within their business philosophy, a security analyst has told an audience of security practitioners while warning that the persistence of “terrifying” images of cybersecurity practitioners had challenged the progression of cybersecurity into becoming a mainstream business concern.
While spending on cybersecurity expertise would seem to be a no-brainer, the large number of companies without formal inhouse expertise suggests another ongoing, underlying challenge in finding and securing those skills within the current competitive market.
More than a third of reported Australian data breaches are due to human error, the Office of the Australian Information Commissioner (OAIC) has revealed as it released its first full-quarter statistical report about the functioning of the new Notifiable Data Breaches (NDB) scheme.
Users tend to receive the most emails with malicious attachments on Thursdays and they’re most likely to click on messages in the morning purporting to be from the local postal service, according to an analysis of email attacks that has reinforced the importance of time and human factors for cybersecurity protection.
On 22 February 2018, new laws mandating businesses to report the leak of personal identifiable information (PII) to the Office of the Australian Information Commissioner (OAIC) come into effect. During this year’s AusCERT conference Ben Di Marco and Matthew Pokarier walked through this new law and what it means for businesses.
Australian IT experts are struggling to secure increasingly complex networks and increasing compliance pressure isn’t providing enough incentive for change, a security expert has warned as looming breach-notification legislation threatens to publicly expose poor risk management practices and their consequences.
Even as one-time Internet giant Yahoo is swallowed in a $6.5 billion acquisition, merger and acquisitions (M&A) experts have warned that due-diligence audits of companies targeted for acquisition often reveal cybersecurity risks that compromise compliance and could threaten the merger and acquisition activities.
Twitter has suspended at least two accounts that were spreading links to spyware aimed at people who sympathise with terrorists.
Victoria’s Commissioner for Privacy and Data Protection, David Watts has issued the Victorian Protective Data Security Standards (VPDSS).
If enterprises want to understand how they can better invest in security defenses, build the necessary processes to respond to attacks, and mitigate the risks of a breach they need to get threat intelligence right.
Security researchers have blown the whistle on an app that should arguably never have been published for Google’s one-billion-plus Android users on Google Play.
Australian ICT security specialists are earning less than ICT sales professionals, network specialists, telecommunications engineers, and other skilled ICT professionals, a new Australian Computer Society (ACS) analysis has found.
Australia may be the world's fourth-largest holder of network-security patents, but its Telecommunications companies and government agencies are the least trusted industries when it comes to protecting user data, a new survey has found. Case in point: the besieged US Office of Personnel Management – already hit with a class-action suit over the recent breach of data on US government employees – which took a key system offline after a security flaw was identified in a Web-based background-check system.
Along with death and taxes, security compliance programs are becoming one of the unavoidable facts of life for many of us. That means someone has to create a compliance program so you can monitor and put appropriate controls in place around information security.
NBN Co is now nearly two years into its Protective Security Policy Framework (PSPF) compliance program, and has come a long way from when it started, says Dr Malcolm Shore, principal security officer at NBN Co.
What’s the most important factor of a successful security program? Technology such as endpoint protection? Making sure your change management processes and system development life cycle includes consideration of security risks? Strong policies? Not quite.
As a CSO and CIO you may be wondering why I crafted a diagnostic related to understanding your most critical web products. The original purpose of the diagnostic was to discern which applications and how applications are ported successfully to a service provider's cloud. The diagnostic determines which cloud IaaS products (storage components, network components, and virtualization machines) are needed for an application. It addresses the platform components (server/operating system and web server) in the PaaS layer. Lastly, it focuses on the SaaS software application.
Shrink-wrap and click-wrap agreements are the fine print you see, among other things, when you click through terms and conditions in accessing an online service (e.g., in connection with a cloud computing service) or as part of the installation of a piece of software.
Increasing mandates around the security of personal data have made encryption for every business. Australian businesses are leading the world in the use of encryption to protect backups, payment-related data, and laptops – and yet they still have a long way to go before encryption is both ubiquitous and manageable.
If your last access-control update was even a few years ago, you’re probably more exposed to fraud and exploitation than you’d like to be.
It’s not hard to understand why bot management is critical to maintaining business availability and customer satisfaction – but do you know how to properly deal with bots?
Increasing use of encryption has created new challenges for enterprise security managers. Ever more-sophisticated encryption such as Perfect Forward Secrecy (PFS) protects data and may even boost your Google ranking – but it also provides a haven for malicious code that may use encryption to bypass enterprise security controls.
Why nation-state attacks are everyone’s problem