Tony Morbin

Executive News Editor, EU

Morbin is a veteran cybersecurity and tech journalist, editor, publisher and presenter working exclusively in cybersecurity for the past decade – at ISMG, SC Magazine and IT Sec Guru. He previously covered computing, finance, risk, electronic payments, telecoms, broadband and computing, including at the Financial Times. Morbin spent seven years as an editor in the Middle East and worked on ventures covering Hong Kong and Ukraine.

Staying Ahead of Attacks Through Information Sharing

Tony Morbin • July 11, 2023

Given the sustained onslaught of cyberattacks against the healthcare industry, organizations can help protect all enterprises simply by sharing advance information, said Steve Hunter, vice president of marketing and development at Health-ISAC. Ensuring anonymity helps users share more freely.

Tips for Implementing a Good Third-Party Risk Program

Tony Morbin • July 10, 2023

Attackers are targeting the weakest link in the supply chain. Because every vendor poses a risk, you need to classify them by risk and track all the data they manage, said Matan Or-El, co-founder and CEO of Panorays, who advised taking a holistic view of your third-party risk program.

Enabling Boards to Measure Cybersecurity Effectiveness

Tony Morbin • July 10, 2023

Operationalizing security comes down to making it part of the business process, and everyone in the organization must be responsible. Goals and the objectives must be clearly spelled out, including lines of accountability and ownership, said Jason Hart, chief technology officer for EMEA at Rapid7.

Aligning Cybersecurity Controls With Business Risk Appetite

Tony Morbin • July 7, 2023

Information security is no longer confined to the tech domain, and instead must align with business outcomes, adapted to suit an organizations' risk appetite, said Matt Gordon-Smith, former CISO at Gatwick Airport. Security teams often must balance competing needs and risks.

Balancing Privacy and Visibility - Insider Threat Meets DLP

Tony Morbin • July 6, 2023

Legacy DLP is broken due to excess complexity, extended time to value and misalignment with security and business goals, said Next's Chris Denbigh-White. Addressing insider threats in a meaningful way is one of the biggest data protection challenges for organizations, he said.

Putting Monetary Value on Cyber Risk

Tony Morbin • July 4, 2023

Cyber insurance companies gather a lot of information on the cost of breaches, but security organizations need to know the bigger picture. Jack Jones, chairman of the FAIR Institute, discussed identifying risk and evaluating overall costs with the FAIR model.

Why We Need a Holistic Risk-Based Approach to Cybersecurity

Tony Morbin • July 3, 2023

Cybersecurity organizations are constantly monitoring systems for signs of a breach and patching vulnerabilities, but the real focus should be on enterprise risk. Nick Sanna, president of FAIR Institute, makes the case for implementing a risk-based approach to cybersecurity.

How PAM Tackles Accelerated Change in the Threat Landscape

Tony Morbin • May 18, 2023

The modern threat environment continues to evolve, with automation, the move the cloud, software as a service, AI, new user expectations and increasingly sophisticated attacks from threat actors. How do we cope with those changes today - and the certainty that there will be new challenges tomorrow?

Achieving OT Security Maturity

Tony Morbin • May 9, 2023

OT security is being discussed in the board room as attackers adopt the use of AI and automation. Many organizations never fully implement the frameworks that define OT security maturity, and we need holistic solutions and platform approaches that address the operator's needs.

Handling Open-Source Content Licensing: Wrong Answers Only

Tony Morbin • April 26, 2023

When you create proprietary code, even using a component of open-source code within a subcomponent could cause your project to become open-source code.Jeanette Sherman of Mend Security discusses the need to identify open-source code and the license types being used.

Advanced Authentication: Trust Your Digital ID in Mainframe

Tony Morbin • March 24, 2023

Network boundaries have dissipated while changes in regulation and customer approaches to trust now require more advanced authentication and the ability to treat each authentication in relation to its specific risk level. Broadcom's Mary Ann Furno discusses these issues.

Organization-Wide Passwordless Orchestration

Tony Morbin • January 31, 2023

In this audiocast with Information Security Media Group, Joe Garber explains why a single authentication platform is the best way to gain a holistic view across information silos, enabling automation of key actions.

Why is DDoS still a problem, and what do we need to do about it?

Tony Morbin • December 16, 2022

After 20 years DDoS remains a problem due to the old protocols used by the internet, making DDOS protection and mitigation not just sensible to have but a fundamental element of cybersecurity.

Securing Federal Government Contractors

Tony Morbin • December 2, 2022

Federal government departments issue documents, store sensitive PII and disperse vast payments across multiple siloed environments that have inconsistent access requirements, which often make them insecure and a prime target for fraudsters and thieves. How can these departments secure access?

Simplifying Implementation of a Zero Trust Architecture

Tony Morbin • November 16, 2022

The primary challenge with zero trust is keeping it simple, operationally efficient and easy to understand, with predictably positive outcomes. This is achieved across various systems, not with different solutions, policies and technologies in different areas, and it should involve minimal friction.