In this series, we are looking through the Unified Kill Chain. In the first part, we looked at what came before the current model. In the second, we looked briefly at the entire chain. In this part, we will look in-depth at the first stage: Initial Foothold.

Passwords are as naff as they are incredibly prevalent. The death of passwords has been predicted many times over the years, for example by some guy called Bill Gates way back in 2004. Clearly, predictions are a risky game, but recent developments suggest that we may, actually, honestly, finally be about to see the death of passwords—they shall certainly not be missed, if so. In this article, we will look at the newly-minted WebAuthn standard for Web authentication, and what it may mean for authentication.

In this series, we are looking through the Unified Kill Chain. In the previous part, we looked at two previous attempts to model the behaviour of a cyber attacker. Both were ultimately flawed, and in this part we will introduce a third proposed model which combines the best of both: the Unified Kill Chain.

We’ve previously discussed the nature of ‘the Cloud’—a.k.a. ‘someone else’s computer’—and how it may have an impact on your business decisions, particularly when it comes to file storage. However, ‘the Cloud’ is a term that encompasses many disparate offerings, from the lowest-level Infrastrucutre-as-a-Service (IaaS) to the increasingly popular Software-as-a-Service (SaaS) model. In this article, we will focus on what a SaaS product actually is, and what that may mean for you and your company.

A lot of cyber security discussion lately is centred around the actions and identities of a range of Advanced Persistent Threats (APTs). You may have found yourself wondering just what these threats are, what differentiates them from the more bogstandard kinds of threat that you are used to and who they pose the most risk to.

In this series of articles we will be looking at the various steps of the Unified Kill Chain, a proposed methodology for understanding how cyber attackers go about attacking their targets. In this first part, we will look at a few past attempts to create such a methodology, and the flaws with them.

What can you learn from the cyber security mindset? Well, they do say that pessimists outlive optimists, so perhaps the same is true for businesses—those that take a more pessimistic outlook survive in a cut-throat world where more optimistic ones fall.

In the previous part, we discussed what the Cloud—particularly when used for storage purposes—really is, and some security concerns that may arise from this better understanding. In this second part, we will run through some more points for ensuring that your file storage procedures are secure, and present an analogy to help you think about your processes.

Remember back to when you were little, and you had just found out that Santa Claus wasn’t real, or the tooth fairy, or the Easter bunny (if you are only just learning this now, I apologise). Get ready to relive that experience today, because I am going to let you in on one of the tech. industry’s dirty secrets. Ready? Here goes: the Cloud doesn’t exist. I imagine I’ve just blown your socks off, so I’ll give you a moment to go pick them back up.

Information is power, as the famous saying goes. Information is the lifeblood of a business, as well as a tantalising target for an attacker. All businesses will find themselves dealing with different types of information, from things that they are happy to make public to things they would rather keep under wraps. How can you ensure that all such items are properly labelled, so that all employees (and anyone else who gets their hands on them) will know how to handle them? The answer is information classification.

One of the most fundamental tenets of information security is the Principle of Least Privilege. First formulated by Jerome Saltzer for a 1974 Communications of the ACM article, the Principle states that ‘every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.’ What does this mean for a business and its employees?

It is a fact of business life that employees may, one day, cease to be a part of your organisation. There may be many reasons for this, and the separation may be more or less mutual; more or less amicable. The one thing that all separations have in common is the need for you to have policies and procedures to be in place that will ensure a smooth transition, without leaving yourself vulnerable.

The British Security Industry Association (BSIA), which claims to represent a membership ‘responsible for more than 70% of privately provided UK security products and services (by turnover)’, released in early January a document titled Cyber secure it – Best practice guidelines for connected security systems with the aim of ‘summaris[ing] current guidelines to minimise the exposure to digital sabotage of network connected equipment, software and systems used in electronic security systems.’ Here, we will give you a brief overview of the guidance.