Journal Cover Computer Fraud & Security
  [SJR: 0.196]   [H-I: 13]   [341 followers]  Follow
    
   Full-text available via subscription Subscription journal
   ISSN (Print) 1361-3723
   Published by Elsevier Homepage  [3051 journals]
  • The Insider Threat
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      For many years, organisations have focused on securing the perimeter. Firewalls, intrusion detection, anti-malware and many other technologies are designed to keep unwanted outsiders out. But they are of little use against the threat that originates from within your organisation.

      PubDate: 2017-09-02T14:44:43Z
       
  • Major BUPA breach caused by employee copying files
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Private health insurance firm Bupa Global has admitted to a data breach affecting around 108,000 policies that was allegedly the result of a rogue employee simply copying the data. The employee has not been named but has been fired by the firm, which says it is pursuing legal action.

      PubDate: 2017-09-02T14:44:43Z
       
  • Editorial
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): Steve Mansfield-Devine
      There's a little homily that security practitioners like to trot out on special occasions. An organisation, they say, has to defend everything, covering all potential avenues of attack, but an attacker only needs to find one vulnerability. And that vulnerability might be one of your employees.

      PubDate: 2017-09-02T14:44:43Z
       
  • Ransomware menace will grow says Google
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Ransomware attacks are proving to be very lucrative and we're likely to see many more of them, according to research carried out by Google with New York University and presented at the recent Black Hat conference.

      PubDate: 2017-09-02T14:44:43Z
       
  • In brief
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8


      PubDate: 2017-09-02T14:44:43Z
       
  • Using data virtualisation to detect an insider breach
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): George Smyth
      The latest figures from Lloyd's of London indicate that a worldwide cyber-attack could result in losses of $53bn, with potential consequences akin to that of a natural disaster 1 . Some eye-watering sums have been racked up by recent crimes – for example the WannaCry attack cost $8bn globally while NotPetya caused $850m in damages.

      PubDate: 2017-09-02T14:44:43Z
       
  • Can artificial intelligence help in the war on cybercrime'
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): Danny Maher
      It is hard to avoid the buzz in the industry around artificial intelligence (AI) and associated technologies such as machine learning, deep learning, automated network monitoring and user and entity behaviour analytics (UEBA). Exciting as is it to hear these buzzwords, AI is in fact not a new concept. Yet suddenly we are starting to see it being applied more broadly and more enthusiastically by companies as tools in the fight in an increasingly challenging cyberwar.

      PubDate: 2017-09-02T14:44:43Z
       
  • Personal cloud-based apps: the new insider risk
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): Omri Sigelman
      Personal messaging apps are taking over our business lives. Not only do they provide a convenient, real time way to stay in touch with friends and colleagues while in the office or on the move, they also replicate much of the functionality of first-generation corporate collaboration systems.

      PubDate: 2017-09-02T14:44:43Z
       
  • The evolution of the digital insider trader
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): Joseph Carson
      The insider threat has been a major risk to all governments and organisations around the world for many years. High-profile examples are numerous – Nick Leeson and the collapse of Barings bank; Jeffrey Skilling, the former Enron president; and the more recent intelligence leaks from Chelsea Manning, Edward Snowden and Reality Winner that disclosed sensitive information that was damaging to the security and reputation of the US.

      PubDate: 2017-09-02T14:44:43Z
       
  • Are employees part of the ransomware problem'
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): Michael Fimin
      Ransomware is most commonly spread by hackers. But we know from experience that employees also sometimes contribute – albeit unintentionally – to ransomware attacks.

      PubDate: 2017-09-02T14:44:43Z
       
  • Employees are lax on cyber fundamentals
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): André Mouradian
      Every organisation that purchases and distributes devices to its employees – and then grants those employees access to corporate data, systems and networks – puts trust in those users to care for their devices and handle them properly. Unfortunately, the results of a recent survey show that trust is being broken on a regular basis.

      PubDate: 2017-09-02T14:44:43Z
       
  • Defending against spear-phishing
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8
      Author(s): Jason Steer
      There is no doubt about it, spear-phishing is big business – it is even becoming a serious political and diplomatic weapon. Last year saw a 1,300% increase in business email compromise attacks and a 400% rise in ransomware. And 90% of successful data breaches could be traced back to a spear-phishing email (according to PhishMe research). This is how attackers can evade your defences and assume the privileges of an insider.

      PubDate: 2017-09-02T14:44:43Z
       
  • Events
    • Abstract: Publication date: August 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 8


      PubDate: 2017-09-02T14:44:43Z
       
  • Another massive ransomware outbreak – or was it'
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7
      There has been another major ransomware campaign with some similarities to the recent ‘WannaCry’ outbreak. However, the vast majority of victims of the new attack seem to reside inside Ukraine and there is debate over whether this was a genuine attempt to extort money or, in fact, a cyberwar attack.

      PubDate: 2017-07-23T23:57:48Z
       
  • Editorial
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7
      Author(s): Steve Mansfield-Devine
      Cyber-security is often portrayed as an arms race between the bad guys – whether they are nation states, individual criminals or amorphous bands of activists – and those who strive to defend us, the latter being mainly firms selling security products.

      PubDate: 2017-07-23T23:57:48Z
       
  • In brief
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7


      PubDate: 2017-07-23T23:57:48Z
       
  • Cyber-security in government: reducing the risk
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7
      Author(s): Joe Kim
      In May of last year, the UK Government reported that two-thirds of the country's large businesses had been hit by a cyber-attack within the previous 12 months. 1 Therefore it's no surprise that cyber-security is high on the agenda for the Government – highlighted by the recent £1.9bn investment into a five-year cyber-security strategy that was set into motion in February 2017 with the official opening of the National Cyber Security Centre. 2,3 The UK Government recently reported that two-thirds of the country's large businesses had been hit by a cyber-attack within the previous year. So it's no surprise that cyber-security is high on the Government's agenda. Cyber-security needs to be baked into every corner of every government organisation. From finance administration to front-line workers, everyone needs to play a part in keeping government infrastructure safe and secure. Joe Kim of SolarWinds looks at some steps that government IT teams can take to help protect their organisations from determined cyber-criminals looking for a lucrative payday.

      PubDate: 2017-07-23T23:57:48Z
       
  • A log aggregation forensic analysis framework for cloud computing
           environments
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7
      Author(s): Muhammad Naeem Ahmed Khan, ShahWali Ullah
      Cloud computing has emerged in the past decade to provide wide-ranging computational facilities at cheaper cost. Cloud computing facilitates the sharing of processing units, storage devices and applications. The National Institute of Standards and Technology describes cloud computing as a model for facilitating on-demand ubiquitous network access to a combined pool of computing resources – eg, networks, storage, servers, services and applications. These resources can easily be provisioned and released without the service provider's interaction. Cloud computing is now in widespread use. But it does pose a number of security challenges. Muhammad Naeem Ahmed Khan and ShahWali Ullah of the Shaheed Zulfikar Ali Bhutto Institute of Science and Technology propose an analysis model based on aggregating available logs from clients and servers that could help identify and detail suspicious activity on cloud-based systems.

      PubDate: 2017-07-23T23:57:48Z
       
  • Cost-effective and fault-tolerant identity-based key management for
           configurable hierarchical cloud environments
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7
      Author(s): Manreet Sohal, Sandeep Sharma
      Cloud computing is seen as the future of enterprise IT. The significance of the cloud stems from the boundless services provided by it. There is the potential for numerous security solutions to be developed for a variety of service interactions in the cloud and for storing data that has been created or processed by these services. This suggests that cryptographic key management will add an extra layer of intricacy to the issue of cloud security.

      PubDate: 2017-07-23T23:57:48Z
       
  • Events
    • Abstract: Publication date: July 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 7


      PubDate: 2017-07-23T23:57:48Z
       
  • Security skills shortage becomes critical as GDPR looms
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      The shortage of information security skills in Europe is reaching a crisis point just as the EU's General Data Protection Regulation (GDPR) is threatening crippling fines for any organisation that is breached.

      PubDate: 2017-06-22T12:29:38Z
       
  • Editorial
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      Author(s): Steve Mansfield-Devine
      The recent WannaCry ransomware scourge should act as a lesson to us all – in several ways. One of these is that such outbreaks require calm, sober analysis, not knee-jerk reactions.

      PubDate: 2017-06-22T12:29:38Z
       
  • UK data breach fines double
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      As we approach the full implementation of the EU's General Data Protection Regulation (GDPR) in spring of next year, analysis by PwC has shown that the UK was (with Italy) the most active region in Europe for regulatory enforcement of data breach rules.

      PubDate: 2017-06-22T12:29:38Z
       
  • Bank mainframes under threat
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      Most financial services CIOs believe that their mainframe systems are more secure than other platforms, but more than three-quarters of them say they are still exposed to a significant risk of insider threats due to blind-spots in internal data access and controls.

      PubDate: 2017-06-22T12:29:38Z
       
  • In brief
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6


      PubDate: 2017-06-22T12:29:38Z
       
  • With GDPR, preparation is everything
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      Author(s): Jocelyn Krystlik
      Since the new European General Data Protection Regulation (GDPR) on the protection of personal data was voted in, businesses have been working towards the transition that will take place in May 2018. 1 With just a year to comply, they are considering issues such as strengthened cyber-security, liability of data collection entities and new mandatory procedures. With the imminent arrival of the EU General Data Protection Regulation (GDPR), many businesses have been working towards the transition that will take place in May 2018. With just a year to comply, they are considering issues such as strengthened cyber-security, liability of data collection entities and new mandatory procedures. The GDPR will force firms to catch up with the threat of cyber-security in relation to strategy, legislation and operations. Businesses need to restore order to their operations, and this has many facets and challenges, as Jocelyn Krystlik of Stormshield explains.

      PubDate: 2017-06-22T12:29:38Z
       
  • The impact of quantum computing on cryptography
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      Author(s): Jean-Philippe Aumasson
      Quantum computing has been heralded by some as the death of cryptography as we know it. Yet the quantum computers that exist today can't perform more complex operations than tasks such as factoring 15 into 3×5, so they're pretty useless. A useful quantum computer would need to be large and reliable enough to perform operations involving thousands or millions of quantum bits (qubits) in order to break cryptographic algorithms widely used today. Quantum computing has been heralded by some as the death of cryptography, although such machines are still in the early stages of development. We don't yet know how hard it is to build a scalable, fault-tolerant quantum computer, but we should be prepared and understand the real impact of quantum computing on our networks' security. Jean-Philippe Aumasson of Kudelski looks at how quantum computers work, the algorithms that run on them and the potential impact on cryptography.

      PubDate: 2017-06-22T12:29:38Z
       
  • Data governance: going beyond compliance
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      Author(s): Steve Mansfield-Devine
      Information security, in its broadest sense, is often an afterthought in an organisation's IT planning and spending and rarely gets the high-level attention it needs and deserves. The problem is worse when you look at the specific aspects of data security that fall under the umbrella of governance risk and compliance (GRC). In this interview, Danielle Jackson, chief information security officer at SecureAuth, thinks that's changing. But is the change heading in the right direction or is the responsibility simply being shifted' Information security is often an afterthought in an organisation's IT planning and spending and rarely gets the high-level attention it needs and deserves. The problem is worse when you look at the specific aspects of data security that fall under the umbrella of governance risk and compliance (GRC). In this interview, Danielle Jackson of SecureAuth explains how she thinks that situation is changing. But is the change heading in the right direction or is the responsibility simply being shifted'

      PubDate: 2017-06-22T12:29:38Z
       
  • The information security landscape in the supply chain
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6
      Author(s): Nader Sohrabi Safa
      Information security breaches have serious consequences for companies. And information security breaches in the defence industry negatively impact national security. Selling information concerning industrial design, organisational strategic plans, customers, experts and other valuable information for monetary benefit, revenge, bribery and embezzlement are just some examples of the human dimension of information security. 1

      PubDate: 2017-06-22T12:29:38Z
       
  • Events
    • Abstract: Publication date: June 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 6


      PubDate: 2017-06-22T12:29:38Z
       
  • Verizon report shows business is booming for cyber-criminals
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5
      The annual ‘Data Breach Investigations Report’ (DBIR) from Verizon – considered by many a bellwether of online criminal activity – shows that, by and large, the forms of cybercrime we're witnessing are unchanged while the levels are increasingly massively. Sadly, also unchanged are organisations' lamentable levels of protection and individuals' readiness to be scammed.

      PubDate: 2017-05-23T08:36:32Z
       
  • Editorial
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5
      Author(s): Steve Mansfield-Devine
      It appears the Fancy Bear group has struck again. While attribution is tricky in cyber-attacks, it takes a special kind of cognitive dissonance to believe that the Russians weren't behind the breach of email accounts belonging to members of the presidential election campaign of (the now elected) Emmanuel Macron.

      PubDate: 2017-05-23T08:36:32Z
       
  • In brief
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5


      PubDate: 2017-05-23T08:36:32Z
       
  • Nigerian princes to kings of malware: the next evolution in Nigerian
           cybercrime
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5
      Author(s): Alexander Hinchliffe
      Nigeria has a reputation for harbouring a class of cyberthreat actors infamous for so-called ‘419’ scams. These come from Nigerian ‘princes’ and trick people into revealing financial details and making money transfers. While these exploits have resulted in real financial losses, it is often the case that these attacks – and indeed the attackers – are seen as amusing and are parodied as such, thus relegating Nigerian threat actors to a lower classification of cyber-criminal. However, this is far from reality and our image of Nigerian cyber-criminality needs to be reset.

      PubDate: 2017-05-23T08:36:32Z
       
  • GDPR compliance: your tech department's next big opportunity
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5
      Author(s): Phil Beckett
      As our dependency on technology steadily increases, so do the trails of information that we leave behind. You only need to look at recent scandals in the press to understand how vital data protection is becoming when it comes to maintaining the privacy of individuals, organisations and governments. Data breaches and leaks can have an enormous range of consequences.

      PubDate: 2017-05-23T08:36:32Z
       
  • Beyond Bitcoin: using blockchain technology to provide assurance in the
           commercial world
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5
      Author(s): Steve Mansfield-Devine
      Mention the word ‘blockchain’ to most people and, assuming that they've heard of it at all, they will most likely associate it with Bitcoin, or perhaps another crypto-currency. As a decentralised, cryptographically authenticated record of transactions, the blockchain is the key concept that makes Bitcoin feasible. Yet, as Patrick Hubbard, technical product marketing director at SolarWinds, explains in this interview, the same concept has applications far beyond the contentious world of alternative currencies – in fact, far beyond finance altogether.

      PubDate: 2017-05-23T08:36:32Z
       
  • Events
    • Abstract: Publication date: May 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 5


      PubDate: 2017-05-23T08:36:32Z
       
  • Editorial
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4
      Author(s): Steve Mansfield-Devine
      If you weren't previously concerned about your online privacy you should be now. And while earlier (and continuing) threats were mostly the province of regimes widely viewed as repressive or democracies acting covertly (viz the kind of thing that Edward Snowden uncovered), now the attacks on our online freedoms are overt and come shrouded in the flags of public safety and free markets.

      PubDate: 2017-04-26T11:47:27Z
       
  • DDoS business is booming
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4
      Research by Kaspersky Lab into Distributed Denial of Services (DDoS) services being offered on the black market has concluded that the business is both profitable for service suppliers and cheap for customers.

      PubDate: 2017-04-26T11:47:27Z
       
  • In brief
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4


      PubDate: 2017-04-26T11:47:27Z
       
  • The impact of nation-state hacking on commercial cyber-security
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4
      Author(s): Charl van Der Walt
      We're living in an extraordinary time. When TV news in South Africa, where I live, pronounced Donald J Trump President-elect of the US my wife – a psychologist who couldn't be bothered to update her iPad – turned to me and exclaimed: “The Russians hacked it”. Never has the realm of computer security been more followed in the mainstream, nor indeed has it ever played such a significant role in the day-to-day life of the average citizen. Never has computer security been more followed in the mainstream press nor has it ever played such a significant role in the day-to-day life of the average citizen. Charl van Der Walt of SecureData SensePost examines some of the major stories that have hit the headlines recently and the implications for the future. And he identifies some key trends, including the role that government policy will play in the security of nations and individual citizens.

      PubDate: 2017-04-26T11:47:27Z
       
  • Building an effective threat intelligence platform that would make
           Einstein proud
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4
      Author(s): Leon Ward
      It seems as though everyone is talking about threat intelligence at the moment. Nearly every security vendor wants to get in on the action and the majority of security operations groups are either being told by their management to get on board with it, or they've attended various security conferences and realised they need to add threat intelligence into their security programme for the year. It seems as though everyone is talking about threat intelligence. Nearly every security vendor wants to get in on the action and most security departments are being told by their management to get on board with it. But organisations still have plenty of questions, such as: What sort of threat intelligence should I get? How do I use it effectively? How is it going to help me? And what is threat intelligence anyway? Leon Ward of ThreatQuotient helps explain how threat intelligence fits into your organisation's security strategy.

      PubDate: 2017-04-26T11:47:27Z
       
  • Best practices to deal with top cybercrime activities
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4
      Author(s): Chip Epps
      Modern businesses are quickly wising up to the dangers presented by an always-on business model. Customers are increasingly using online tools to access accounts, services or expertise and employees are looking to connect to their organisations’ networks remotely at any time. This has driven the desire for daily access to be easier and more convenient. Customers are increasingly using online tools to access accounts, services or expertise and employees are looking to connect to their organisations’ networks remotely at any time. However, with this agility comes a measure of concern. Hackers are also taking notice and creating viruses and malware for malicious purposes. It is more important than ever for businesses to implement sufficient security practices. So, what are the top cybercrime activities that businesses need to watch out for, and what can be done to combat them? Chip Epps of HID Global investigates.

      PubDate: 2017-04-26T11:47:27Z
       
  • Insuring against cyber-attacks
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4
      Author(s): Philip Low
      A UK Government survey has estimated that the average cost of a cyber-security breach is £75,000-£311,000 for small and medium-size enterprises (SMEs) and £1.46m-£3.14m for larger organisations. 1 Attacks against all business are increasing and SMEs are just as much a target as corporates, particularly in the areas of ransomware and email fraud.

      PubDate: 2017-04-26T11:47:27Z
       
  • Events
    • Abstract: Publication date: April 2017
      Source:Computer Fraud & Security, Volume 2017, Issue 4


      PubDate: 2017-04-26T11:47:27Z
       
 
 
JournalTOCs
School of Mathematical and Computer Sciences
Heriot-Watt University
Edinburgh, EH14 4AS, UK
Email: journaltocs@hw.ac.uk
Tel: +00 44 (0)131 4513762
Fax: +00 44 (0)131 4513327
 
Home (Search)
Subjects A-Z
Publishers A-Z
Customise
APIs
Your IP address: 54.156.92.243
 
About JournalTOCs
API
Help
News (blog, publications)
JournalTOCs on Twitter   JournalTOCs on Facebook

JournalTOCs © 2009-2016