CS Oct 2021

Secure systems, secure data, secure people, secure business 

Computing Security October 2021 

contents 

CONTENTS 

Computing 

Security 

NEWS 

OPINION 

INDUSTRY 

COMMENT 

CASE STUDIES 

PRODUCT REVIEWS 

SUPPLY & DEMAND 

BACKING YOURSELF 

How to achieve backup 

The supply chain has never 

protection - with your 

been more vulnerable and at risk 

workforce fully engaged 

RANSOMWARE PAYDAYS 

If you are a victim, should 

you give in or fight it out? 

COMMENT 3 

Police point finger at tech giants 

CYBER THREAT INTELLIGENCE 

Some resources you just can’t do 

without and top intel is one of them 

ARTICLES 

ACHIEVING A SECURE WIPE 8 

Gareth Owen of Redkey USB delves into 

the world of Data Wipe Standards 

SECURITY AND THE SUPPLY CHAIN 10 

With supply chains under heavy pressure 

and shortages forecast, Paul Harris, 

Pentest Limited, looks at the implications 

NORTHERN IRELAND: HELPING TO 

BUILD A CYBER-SECURE FUTURE 12 

A new type of expertise is helping to safeguard 

personal, business and government 

data - and to defend critical infrastructure 

against hostile attacks 

4 

A SHAPE-SHIFTING WORLD 

ATTACKERS USE TRUSTED CLOUD SERVICES AND CONSTANTLY CHANGE THEIR 

TACTICS TO AVOID KNOWN PATTERNS OF BEHAVIOUR. CAN ADVANCED THREAT 

PROTECTION STILL BE EXPECTED TO KEEP PACE AGAINST SUCH FORCES? 

A 

Patrick Wragg, Integrity360: the key to 

advanced threat protection is layers 

ensuring your operating systems and 

applications are up to date; users are 

educated; and that you have the latest 

security solutions in place. 

dvanced threat protection (ATP) 

refers to a category of security 

solutions that defends against 

sophisticated malware or hacking-based 

attacks, targeting sensitive data. ATP 

solutions can be available as software or 

as managed services. They can differ in 

approaches and components, but most 

include some combination of endpoint 

agents, network devices, email gateways, 

malware protection systems, and a 

centralised management console to 

correlate alerts and manage defences. 

But how do they operate and perform 'in 

anger', so to speak, and where might there 

be any weaknesses? At the same time, 

in a world where the threat levels alter 

i ally and rapidly at an alarming rate, 

d to be adapted to 

HEART OF THE ORGANISATION 

email attack is phishing [ie, harvesting login 

information using spoofed web pages of 

trusted brands]; once attackers have the 

ability to remotely log in to a corporate 

network, they can launch convincible fraud 

campaigns and surveil the environment to 

find the most sensitive data to steal or the 

most business-critical servers to infect with 

ransomware." 

Security controls beyond the gateway 

have traditionally focused on data loss 

prevention, sophisticated malware analysis 

and endpoint security solutions, he points 

out. "However, advanced email threats still 

evade detection and containment largely 

because attackers use trusted cloud servic 

and constantly change their tactics to avo 

known patterns of behaviour. Endpoint 

security agents can quickly spot a 

compromised device, but it may be too 

loss prevention can detect sensiti 

rganisation, but 

i 

A SHAPE-SHIFTING WORLD 14 

Can advanced threat protection (ATP) outwit 

attackers who now use trusted cloud services 

and constantly change their tactics to avoid 

known patterns of behaviour? Or is keeping 

ahead of such potent forces slipping out of 

the grasp of those under fire? 

CALLING FOR BACKUP 20 

ALL THE LATEST INTEL 17 

What approach should an enterprise take to 

Steven Usher, Brookcourt Solutions, offers 

ensure it has the best protections in place - 

his insights on measuring the success of 

a cyber threat intelligence program 

as well as employees who are fully engaged 

in making the process work? Getting this 

DATA IMPACT ASSURANCE LEVELS 18 

right is a complex, but essential, process 

The time has come to 'DIAL' it in, states 

and the payback its own reward! 

ADISA founder Steve Mellings 

SHOULD YOU PAY THE RANSOM? 23 

When threatened with a ransom demand, 

should you just submit? Steven Usher, of 

Brookcourt Solutions, weighs up the pros 

and cons 

TO PAY OR NOT TO PAY? 28 

Paying ransomware is a topic that greatly 

OPERATIONAL RESILIENCE 24 

divides opinion, especially in the corporate 

James Drake, of XCINA Consulting, looks 

boardroom. Cold logic might dictate that 

at the challenges and many opportunities 

any demand should be firmly rejected. 

that new regulations will bring 

What if it turned out to be a matter of life 

THE FLAWS IN HOME WORKING 25 

or death, though - wouldn’t that change 

Organisations have been opened up to 

everything? 

a world of new and unmanaged cyber risk 

AUTHENTICATION VS INSURANCE 26 

Nick Evans, of SecurEnvoy, considers a 

KNOWING YOUR ENEMY 32 

perplexing dilemma - and the role of MFA 

Threat intelligence is massively important 

STING IN THE TALE 34 

for all levels of organisations, since even 

Tim Callan, of Sectigo, on how easy it is to 

large companies have limitations on 

manipulate and falsify business emails 

resources. So, efforts must be put into 

projects that will pay off and help keep 

PRODUCT REVIEWS 

enterprises that much safer 

• Redkey USB 6 

• Zivver Secure Email 27 

computing security October 2021 @CSMagAndAwards www.computingsecurity.co.uk

Previous page

Next page

1

2

3

4

6

7

8

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

CS Oct 2021

Create successful ePaper yourself

Delete template?

Save as template?