When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the auditors.

Call her Linda Leesburg. Fresh out of graduate school and starting her first serious job, she decided to buy some kitchen utensils and related items, including a dish set, cookware, silverware and a coffee maker, to outfit the kitchen of her new apartment. She could easily buy these products at a local store, but she discovered a store online that offered them at an unusually low price.

Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise. This has led to enterprise perimeters becoming “borderless”.

The National Cyber Security Centre (NCSC) is the UK’s technical authority for cybersecurity. Established in 2016, it has worked to improve online safety and security, and has brought clarity and insight to an increasingly complex online world. In its 6th annual review, it gives insights to its understanding of the cyber environment affecting the UK. One of the most important roles of the NCSC is to identify, monitor, and analyse key cybersecurity threats, risks, and vulnerabilities.

The National Cyber Security Centre (NCSC) recently published important cybersecurity guidance to help protect retailers, which comes right as the holiday shopping season is in full swing. Retail organizations are no strangers to cyber attacks. In fact, some recent large-scale retail industry cyber attacks have included popular brands such as Guess, Under Armour, CVS Health, Home Depot, and Target.

The holiday season has arrived, and cyberattacks are expected to increase with the upcoming celebratory events. According to The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) 2022 Holiday Season Threat Trends and summary report, ransomware and phishing attacks are expected to increase in retail. With the FIFA World Cup 2022, many cybersecurity experts have advised heightened caution about online impersonation scams and phishing campaigns.

Law enforcement agencies in the United States, UK, Netherlands, Poland, and Germany have brought down the most popular DDoS-for-hire services on the internet, responsible for tens of millions of attacks against websites. 50 of the world's biggest "booter" sites used to launch disruptive distributed denial-of-service attacks have been taken down as part of "Operation Power Off" - a joint action by the US Department of Justice, FBI, the UK's National Crime Agency, and their equivalents.

As we walk towards the end of 2022, full-scale predictions are made about the trends for cybersecurity in the upcoming year: how will cybersecurity affect us, what major cyber threats will dominate the landscape, and, where shall we allocate cybersecurity budgets? Above all, what can we do to secure our businesses and protect our tangible and intangible assets from cybercriminals’ activities?

Network security is a significant topic that all organizations should consider as a major concern. Regardless of the industry, business, or scope of their operations, all enterprises need to have good network security practices in place to protect against cyberattacks. There are a plethora of different security solutions for different needs, and organizations have to figure out what will work best for them and use the resources that they require.

Philip Ingram (PI) talked to Darren Desmond (DD). Darren currently works with the Automobile Association (AA) in the UK as the Chief Information Security Officer (CISO), joining in 2018. He started his professional career in the British Army's Royal Military Police, before a stint in the Special Investigation Branch, and Military Intelligence.