I was having a chat with a journalist over the weekend, talking about what the future looks like for cyber-security risk in the UK. Here’s a transcript: J: Where does it all go from here? BR: Lots of hot air from politicians. Nothing done for months. A massive deal for ATOS or someone to refresh … Continue reading #WannaCrypt #NHSCyberAttacks : what comes next?
Actually, it's more like #globalcyberattack. For those of you who are still hiding in their bunkers in case Trump nukes North Korea, the short version is that some crims have used a nasty bug in Windows to spread ransomware across the globe. It still had to get in via an email, and Microsoft patched the bug … Continue reading #nhscyberattack
I’ve let this one fester for a while – partly because I’ve been angry about other things, and partly because you must be bored with my ranting about the GDPR by now. But I really can’t let this one pass. A key principle – perhaps the key principle – of the GDPR is the requirement … Continue reading Kafka strikes again: GDPR requires consent, but you can’t ask for it
Keeping your server in your office keeps your data safe, right? Just make sure the firewall is working and you’re golden. Because if it’s inside your physical perimeter, it’s protected, isn’t it? Well… It depends on your visitor policies. Your what? All that boring stuff to do with signing people in, showing them to meeting … Continue reading Visitors – you just can’t trust them
We don’t let children play with matches. So why do we let white goods manufacturers play with WiFi? Please give me one good use case for connecting your fridge, dishwasher, toaster, kettle, coffee machine, light bulb, door lock or thermostat to the internet. I can’t think of anything that doesn’t sound like a bad science … Continue reading Oh look, it’s the Internet of Shit
Those who do not understand history are doomed to repeat it. And here I am, watching it repeat. This is my third post on this topic. Sorry. But it's important. Amber Rudd, the UK Home Secretary, suggested on Sunday that end-to-end encryption is “unacceptable”. She trotted out the usual excuses about terrorism and the need … Continue reading Amber Rudd read History, but didn’t understand it
I think I might have mentioned recently that your main cyber risk is your own staff, and that it's more often carelessness than ill intentions. Apparently I was being clairvoyant again: yesterday Boeing notified the regulator that an employee had accidentally sent out the personal details of 36,000 staff in an email to his wife. Now Boeing has to pay for … Continue reading What was that about insider risk?