I've written about email-based fraud before. I cover it in every talk I give. It's in our 20-minute guide to cyber-security. It's in our October newsletter. It's made the mainstream news. But whether you call it spear-phishing, whaling or "business email compromise" it seems that all the training in the world just can't help some … Continue reading It’s 2018 and there are still morons
Being involved in cyber-security can be quite depressing. So much of the time we see things that make life better for many people being spoiled by a few bad hats. I can't help feeling this is getting worse, and that our digital future will be more paranoid, more cautious, less global and considerably less convenient … Continue reading Have we passed peak convenience?
I was having a chat with a journalist over the weekend, talking about what the future looks like for cyber-security risk in the UK. Here’s a transcript: J: Where does it all go from here? BR: Lots of hot air from politicians. Nothing done for months. A massive deal for ATOS or someone to refresh … Continue reading #WannaCrypt #NHSCyberAttacks : what comes next?
British businesses are immune from cyber-threat. They must be, because when I sit down to compile the list of recent compromises I use to support my talks, the examples are always American. So it can’t possibly be happening here. Never mind the Barclaycard-backed survey that reported that 48% of the surveyed businesses had been hit … Continue reading Don’t ask, don’t tell
Have we reached peak internet? No, you cry, more things can still go online for more people more of the time. Yup. But how much of that time will those people spend defending themselves against digital threats, or recovering from the consequences, or wading through unsolicited messages, or drowning in advertising? The slightly duller version … Continue reading Is the internet eating itself?
I published this note about supply chain security today. Less than 8 hours later we learn that the ICO has fined the Crown Prosecution Service £200k for failing to secure some laptops that held confidential information on victims of crime. The laptops were stolen from a residential flat being used by a film production company … Continue reading Told you so: supply chain failure costs CPS £200k
If you’re not in the public eye, you’re not likely to get hacked for fun. Anonymous et al are in it for the oxygen of publicity. Most hackers are in it for the money. So to understand your risk, you need to follow the money. How can hackers monetise you? Firstly, by using you as … Continue reading How does this hacking thing work, then?
A non-exec directorship might (unfairly) be seen as a sinecure – a reward for a career’s accomplishments – combining a comfortable stipend with a light workload and the occasional decent lunch. Once upon a time this might well have had some truth to it, but the winds of change have long blown through the boardroom, … Continue reading Non-exec? Are you asking the right questions?
I’ve touched on this before. Too many businesses assume that all their customers are the same. At the heart of the assumption is an over-developed sense of their own importance. Most consumer-facing businesses have a fan-base, a core of devoted users of their products and services. These are their visible customers; they act as brand … Continue reading Not everyone is a fanboi
I've been asked why, despite being a technologist by background, I don't write about tech, or cover the most recently exposed exploits. Most security professionals spend most of their time selling, implementing, maintaining and monitoring technology. Most customers looking to improve their security think of it in terms of buying product - upgrading firewalls, buying … Continue reading Give a man a fish, or teach him to fish?