Wetware beats hardware

Why do I bang on so much about training? If driverless cars are the future, why can't machine learning give us perfectly secure networks? Here's a quote from an interview with Steve Furber in The Register. He says it better than I can: Furber gives the example of Google's much-publicised triumph when its network, having … Continue reading Wetware beats hardware →

Yes, data protection matters to you too

It's been a big week for security news. Parliamentary email hacked, UK politician logon credentials circulating for sale, a massive (paper) data breach at the NHS, another massive ransomware outbreak, Boomerang Video fined... Wait, what? Who the hell are Boomerang Video? Boomerang are a small video-game rental operation. Their website was hacked in 2014 and … Continue reading Yes, data protection matters to you too →

I told you so

Reuters: Ransomware virus hits computer servers across the globe I told you so. And yes, it looks like it's the same attack method as WannaCry. This time without a killswitch. Did you do anything after WannaCry? Looks like lots of people didn't... Backup now. Patch MS-CVE-2017-010 now. Patch MS-CVE-2017-0199 now. Turn off SMB1 now. Send out … Continue reading I told you so →

#WannaCrypt #NHSCyberAttacks : what comes next?

I was having a chat with a journalist over the weekend, talking about what the future looks like for cyber-security risk in the UK. Here’s a transcript: J: Where does it all go from here? BR: Lots of hot air from politicians. Nothing done for months. A massive deal for ATOS or someone to refresh … Continue reading #WannaCrypt #NHSCyberAttacks : what comes next? →

Stop saying yes

We learned last year that the Russian Carbanak hacking group were planning to target hospitality businesses. We learned this week that they’re succeeding, and extracting ransom (or causing disruption) at luxury hotels all over the place, including in Britain. What incredibly sophisticated technique are they using to penetrate security? Are there basements full of hollow-eyed … Continue reading Stop saying yes →

Plumbing the depths

Here I am, back from my hols, with a refreshed bright and breezy outlook. How long will it take for the reality of information security to bring me back down to earth, I wonder? Oh, look, it’s not even noon on my first day back and here’s an article showing a whole new way people … Continue reading Plumbing the depths →

Don’t ask, don’t tell

British businesses are immune from cyber-threat. They must be, because when I sit down to compile the list of recent compromises I use to support my talks, the examples are always American. So it can’t possibly be happening here. Never mind the Barclaycard-backed survey that reported that 48% of the surveyed businesses had been hit … Continue reading Don’t ask, don’t tell →