Have we reached peak internet? No, you cry, more things can still go online for more people more of the time. Yup. But how much of that time will those people spend defending themselves against digital threats, or recovering from the consequences, or wading through unsolicited messages, or drowning in advertising? The slightly duller version … Continue reading Is the internet eating itself?
Toys and home conveniences are in the news this week. VTech, a maker of gadgets for ankle-biters, are on the rack after being soundly hacked. The outrage took a new turn today after it became clear that the compromised data included pictures and audio recordings of kids. Nothing like a potential pedo-angle to get the … Continue reading Remember who’s listening this Xmas
I published this note about supply chain security today. Less than 8 hours later we learn that the ICO has fined the Crown Prosecution Service £200k for failing to secure some laptops that held confidential information on victims of crime. The laptops were stolen from a residential flat being used by a film production company … Continue reading Told you so: supply chain failure costs CPS £200k
Before you leave your house, do you check all the locks – doors and windows? Bet you do. When you audit your organisation’s IT security, do you do the same thing? Bet you don’t. You may have excellent perimeter defences; strong security policies; thorough security awareness training. You may run mobile device management, and configuration … Continue reading Front door locked, back door open
So now we have our own Target. Details are still sketchy, but it looks as though millions of TalkTalk customers have been thoroughly compromised. From the sound of it, there were some pretty basic failures, including lack of encryption and retention of sensitive data in the same location as everything else. Was this predictable? Of … Continue reading Less TalkTalk, more action
If you’re not in the public eye, you’re not likely to get hacked for fun. Anonymous et al are in it for the oxygen of publicity. Most hackers are in it for the money. So to understand your risk, you need to follow the money. How can hackers monetise you? Firstly, by using you as … Continue reading How does this hacking thing work, then?
A non-exec directorship might (unfairly) be seen as a sinecure – a reward for a career’s accomplishments – combining a comfortable stipend with a light workload and the occasional decent lunch. Once upon a time this might well have had some truth to it, but the winds of change have long blown through the boardroom, … Continue reading Non-exec? Are you asking the right questions?
With fraud on the rise, a need to secure tax revenues, and a global commitment to reducing money laundering, it’s no wonder that regulation requires ever more stringent verification of customers’ identities. The trouble is that something which used to be the province of banks has become the province of, well, everyone. Including any number … Continue reading When verifying identity risks losing it – the overgrowth of KYC
I’ve said this before, but I’m going to say it again. By all means, worry about hackers – after all, they may be out to get you. Go ahead and buy that firewall; pay that technology company for their perimeter defence audit. Invest in anti-malware and anti-virus software. Have effective and tested plans in case … Continue reading Groundhog day as sensitive data lost in the post by government…again
A great deal of security writing is about preventing breaches. This seems pretty sensible at first glance – after all, isn’t that what security is? But when you think about it for a little longer, you begin to see some cracks. Let’s just remind ourselves that “cyber”-security is just part of an overall security picture. … Continue reading Is prevention better than cure?