22 April 2014

REJOICE, IT’S HERE! THE VERIZON DBIR 2014...

Yes, it’s that time of year again where the long awaited Verizon DBIR 2014 has finally been released! So with a nice cup of coffee and some smooth jazz playing in the background, I will endeavour to distil the essence of this always excellent publication... Well, this year, the DBIR departs from just analysing data breaches to looking at 63,347 confirmed security incidents, of which 1,367 were confirmed data breaches (compared to 621 for 2012) across 95 countries (compared to 27 in 2012). This gives far greater richness to the data set and the insights that can be derived from it (rightly so, the DBIR team notes that incidents need not necessarily result on data loss to have a significant impact on an organisation – I couldn’t agree more!). Also don’t miss the month by month review of the major incidents of 2013 on pages 3 & 4, that’ll get you in the mood...


10 March 2014

DON'T BE A TARGET... ON RETAIL POS, BANKS, EMV & WINDOWS XP...

McAfee Labs' latest report reveals that hackers are using basic 'off the shelf' malware to target retail POS systems, a very topical subject, I’m sure you will agree... But we have to remember that the breaches mentioned in the McAfee report took place in the US, and there is one notable difference between retailers there and those in Europe: the US haven’t yet adopted EMV (aka Chip & PIN)...

9 February 2014

HOW TO RESPOND TO A CRISIS IN THE 21st CENTURY...

[UPDATED 10th MARCH 2014]
I first wrote on this subject in May 2012 (The social media side of incident response).
Today, it is still my most popular entry on this blog with 4,129 unique views as I write. This means that in any given day since I published it, 6 people somewhere in the world have read that post... I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. So here’s the 2014 version...

15 November 2013

A NICE MAN WANTS TO GIVE ME SOME MONEY…

I use LinkedIn a lot. I find it an excellent business networking tool and over the years, it has enabled me to meet some fantastic people and make lovely new friends. It’s a tool for reaching out and each time I receive a new connection request, I assume that I may be able to help that person in some way. In most cases, I remember that I have interacted with the individual outside of the social media sphere, but sometimes, I draw a blank (perhaps because my memory is getting worse with age!). Consequently, to frame the next interaction, I always look at their profile to see how many areas of interest are in common, how our respective networks intersect, or how many groups or companies are shared… More often than not, this gives me a good idea, but sometimes, it doesn't...

28 August 2013

DO ASSET MANAGEMENT COMPANIES KNOW THEIR ASSETS?...

Google
Because of the substantial value they hold, financial services organisations have always been a prime target for cyber criminals. We have seen many data breaches and targeted attacks against networks, applications, websites and, most importantly, data and information. In recent years, organised crime has shown increasing sophistication. This has meant that in addition to the more traditional hacks used to ultimately perpetrate fraud, we have seen a surge in attacks targeted at disrupting business operations in order to extract ransom.

11 August 2013

I AM WHO I AM... OR AM I?

Google
I have spent the last 18 months pondering on the whole sphere of identity and authentication and a number of things have happened:
The analysts continue to tell us that lax password management and policies continue to put individuals and organisations at risk (according to the Trustwave Global Security Report 2013, Welcome1 is the most commonly used password by count - followed closely by STORE123 and Password1 - whereas Password1 is still most widely used when looking at % of unique active directory samples, followed closely by password1 and Welcome1)


8 August 2013

TALK TO THE HAND (OR FACE, OR FINGER)…

Google
As far as I can tell, apart from sci-fi buffs and Big Bang Theory fans, biometrics started to enter public consciousness in 2009-2010 and since then, we have experienced increased user acceptance. This started with biometrics usage for border security as the most significant development due to technology advances and large scale national ID deployments.