Reuters: Ransomware virus hits computer servers across the globe I told you so. And yes, it looks like it's the same attack method as WannaCry. This time without a killswitch. Did you do anything after WannaCry? Looks like lots of people didn't... Backup now. Patch MS-CVE-2017-010 now. Patch MS-CVE-2017-0199 now. Turn off SMB1 now. Send out … Continue reading I told you so
Have we reached peak internet? No, you cry, more things can still go online for more people more of the time. Yup. But how much of that time will those people spend defending themselves against digital threats, or recovering from the consequences, or wading through unsolicited messages, or drowning in advertising? The slightly duller version … Continue reading Is the internet eating itself?
A chain is only as strong as its weakest link. Are you that link? Hackers don’t come in through the firewall. They come in, most of the time, through a much easier route: the staff. How? By exploiting basic psychology, and being prepared to do a little research. The easiest way to get someone’s password … Continue reading 6 rules to avoid disaster: a practical guide to phishing and spear-phishing
I've been asked why, despite being a technologist by background, I don't write about tech, or cover the most recently exposed exploits. Most security professionals spend most of their time selling, implementing, maintaining and monitoring technology. Most customers looking to improve their security think of it in terms of buying product - upgrading firewalls, buying … Continue reading Give a man a fish, or teach him to fish?
I’ve said this before, but I’m going to say it again. By all means, worry about hackers – after all, they may be out to get you. Go ahead and buy that firewall; pay that technology company for their perimeter defence audit. Invest in anti-malware and anti-virus software. Have effective and tested plans in case … Continue reading Groundhog day as sensitive data lost in the post by government…again
There’s a great story I heard from a security trainer once, which I’ve shamelessly stolen and use in my own courses: A US corporation decides to introduce an ID badge policy, requiring all staff to wear their badges visibly at all times, and to challenge anyone seen walking around without a badge. Badges are issued, … Continue reading How good is your physical security?
You probably won’t win £108 million on the lottery. But you will get hacked… There are times when I find it harder than usual to stay upbeat. As I’ve said before, much of what we do as IT security professionals feels like preaching Armageddon to atheists. They’re convinced it won’t happen, so they don’t really … Continue reading It could be you