Is the internet eating itself?

Have we reached peak internet? No, you cry, more things can still go online for more people more of the time. Yup. But how much of that time will those people spend defending themselves against digital threats, or recovering from the consequences, or wading through unsolicited messages, or drowning in advertising? The slightly duller version … Continue reading Is the internet eating itself? →

Remember who’s listening this Xmas

Toys and home conveniences are in the news this week. VTech, a maker of gadgets for ankle-biters, are on the rack after being soundly hacked. The outrage took a new turn today after it became clear that the compromised data included pictures and audio recordings of kids. Nothing like a potential pedo-angle to get the … Continue reading Remember who’s listening this Xmas →

Told you so: supply chain failure costs CPS £200k

I published this note about supply chain security today. Less than 8 hours later we learn that the ICO has fined the Crown Prosecution Service £200k for failing to secure some laptops that held confidential information on victims of crime. The laptops were stolen from a residential flat being used by a film production company … Continue reading Told you so: supply chain failure costs CPS £200k →

Front door locked, back door open

Before you leave your house, do you check all the locks – doors and windows? Bet you do. When you audit your organisation’s IT security, do you do the same thing? Bet you don’t. You may have excellent perimeter defences; strong security policies; thorough security awareness training. You may run mobile device management, and configuration … Continue reading Front door locked, back door open →

Less TalkTalk, more action

So now we have our own Target. Details are still sketchy, but it looks as though millions of TalkTalk customers have been thoroughly compromised. From the sound of it, there were some pretty basic failures, including lack of encryption and retention of sensitive data in the same location as everything else. Was this predictable? Of … Continue reading Less TalkTalk, more action →

How does this hacking thing work, then?

If you’re not in the public eye, you’re not likely to get hacked for fun. Anonymous et al are in it for the oxygen of publicity. Most hackers are in it for the money. So to understand your risk, you need to follow the money. How can hackers monetise you? Firstly, by using you as … Continue reading How does this hacking thing work, then? →

Non-exec? Are you asking the right questions?

A non-exec directorship might (unfairly) be seen as a sinecure – a reward for a career’s accomplishments – combining a comfortable stipend with a light workload and the occasional decent lunch. Once upon a time this might well have had some truth to it, but the winds of change have long blown through the boardroom, … Continue reading Non-exec? Are you asking the right questions? →

When verifying identity risks losing it – the overgrowth of KYC

With fraud on the rise, a need to secure tax revenues, and a global commitment to reducing money laundering, it’s no wonder that regulation requires ever more stringent verification of customers’ identities. The trouble is that something which used to be the province of banks has become the province of, well, everyone. Including any number … Continue reading When verifying identity risks losing it – the overgrowth of KYC →

Groundhog day as sensitive data lost in the post by government…again

I’ve said this before, but I’m going to say it again. By all means, worry about hackers – after all, they may be out to get you. Go ahead and buy that firewall; pay that technology company for their perimeter defence audit. Invest in anti-malware and anti-virus software. Have effective and tested plans in case … Continue reading Groundhog day as sensitive data lost in the post by government…again →

Is prevention better than cure?

A great deal of security writing is about preventing breaches. This seems pretty sensible at first glance – after all, isn’t that what security is? But when you think about it for a little longer, you begin to see some cracks. Let’s just remind ourselves that “cyber”-security is just part of an overall security picture. … Continue reading Is prevention better than cure? →