What can we do about Cryptolocker?

“That’s criminal!” said my wife when I told her about Cryptolocker. Actually, all malware is criminal (Computer Misuse Act 1990, for the legal eagles), but Cryptolocker is particularly nasty, and currently running rampant. In case you haven’t heard of it, it’s malware which once running on your PC sets about encrypting your files; to get … Continue reading What can we do about Cryptolocker? →

Why security awareness training is more important than firewall upgrades

Most people’s image of cyber-crime comes from the media. A slovenly teenager sits in a darkened room, typing frantically in front of a bank of screens. Cut to shirtsleeved workers, typing in equally frantic defence in front of their screens. At some point the hacker is “through the firewall” and has complete control. Shortly afterwards … Continue reading Why security awareness training is more important than firewall upgrades →

Is prevention better than cure?

A great deal of security writing is about preventing breaches. This seems pretty sensible at first glance – after all, isn’t that what security is? But when you think about it for a little longer, you begin to see some cracks. Let’s just remind ourselves that “cyber”-security is just part of an overall security picture. … Continue reading Is prevention better than cure? →

Pervasive security, or why paranoia can be a good thing

Once upon a time, humans lived in small bands, huddled together for warmth and security. We defended ourselves against predators by establishing secure perimeters – the cave-mouth, the palisade of stakes – and keeping close watch on the unfriendly night outside the radius of our firelight. This tendency to defend a perimeter against external threat … Continue reading Pervasive security, or why paranoia can be a good thing →