What can we learn from the BA outage?

Jun 15th, 2017 Availability, Information Risk Management James Gillies

The recent catastrophic BA outage, allegedly caused by an electrical contractor resulting in the total and immediate shutdown of the entire data centre highlighted an interdependency of systems that wasn’t previously known. It was stated that there are around 200 systems used by BA in its operations that are required to work together. This is a surprising number when you think that as a consumer…

Is your Incident Management like Dad’s Army?

Jun 7th, 2017 Incident Response James Gillies

Listed as dedicated critical area of Cyber Security in the UK governments “10 Steps to Cyber Security”, Incident Management should be given some attention in your organisation if hasn’t already been. I mentioned recently that the Ipsos Mori Cyber Security Breaches Survey 2017 reported that overall only 11% of all UK business have any formal Incident Management plan in place. According the 10 Steps guidance,…

HSBC

Thoughts on HSBC voice recognition…

Jun 1st, 2017 Confidentiality, Data Breach James Gillies

Because they cannot be 100% accurate the real issue here with biometric systems is something called Type 1 and Type 2 Errors and the so-called Crossover Error Rate. Voice recognition systems themselves are not necessarily “weak” – so the distinction must be made as to how the particular system that HSBC went live with was compromised. Biometrics systems will ultimately fall foul of either not…

Password Management

Is Password Management software secure?

May 25th, 2017 Confidentiality, Secure Configuration James Gillies

As we move forward with our digital lives, complying with the need to “log into” just about anything we touch these days it becomes increasingly difficult to maintain a high degree of password hygiene. There are those incredibly disciplined people amongst us that can perform effective Password Management in their head, and then there are the rest of us that well, can’t. I have previously recommended…

WannaCry Infection

Is my business vulnerable to WannaCry?

May 19th, 2017 Incident Response, Malware, User Education and Awareness James Gillies

Already being hailed as the largest ransomware outbreak in history, it has been reported by the BBC that over 150 countries have already been infected by the WannaCry ransomware. Allegedly stolen from US intelligence as part of a large collection of leaks, a so-called zero-day vulnerability was weaponised into a strain of ransomware – with the capability to spread without human interaction, a so-called worm….

Should I consider using a Password Manager?

May 11th, 2017 Confidentiality, Privacy, Secure Configuration James Gillies

Last week I gave some tips on methods to create a strong password, however these may not be suitable if you have a large number of passwords to manage. In this scenario making use of a Password Manager may be appropriate. Best practice would be to have a different and complex password for everything (such as a website) that you would log into. However, very…

How do I create a strong password?

May 4th, 2017 Confidentiality, Secure Configuration James Gillies

Follows are some tips on how you can create a a strong password. Some might be obvious, other not so… Your passwords belong to you, no-one else – don’t share your passwords! Regardless of complexity, don’t write your passwords down. (To this day I still see passwords on Post-IT notes and whiteboards!) The longer the password, the harder it is to crack, 8 characters should…

Checklists

We’ve had an incident, how do we respond?

Apr 27th, 2017 Incident Response James Gillies

The Cyber Security Breaches Survey 2017 brings us up-to-speed with the latest findings across UK businesses. Recently published by Ipsos MORI, it is an in-depth survey across 1,500 Micro to Large-sized businesses. Offering great insight into how other businesses have fared with Incident Management and their impressions of Cyber Security over the past year, it is recommended reading to provide some context to your own…

Why is the Wonga breach such a big deal?

Apr 20th, 2017 Data Breach, Data Protection James Gillies

Wonga, the pay-day loan company has become the latest high-profile company to become the victim of a data breach, affecting over 250,000 of their customers. Whilst the specifics of the hack are still unknown Wonga have said that personal data accessed “may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number…

Are we exposed with unlocked USB ports?

Mar 30th, 2017 Confidentiality, Data Breach, Secure Configuration James Gillies

In my experience this is an area around which the Channel Islands have been generally slow to adopt a stronger security posture, and whilst the threats surrounding Data Leakage were as valid then as they are today, it is surprising that only 21% of UK businesses have a formal policy around what can be stored on removable/USB devices, a figure published in the Cyber Security…

Gravityscan Badge