HSBC

Thoughts on HSBC voice recognition…

Jun 1st, 2017 Confidentiality, Data Breach James Gillies

Because they cannot be 100% accurate the real issue here with biometric systems is something called Type 1 and Type 2 Errors and the so-called Crossover Error Rate. Voice recognition systems themselves are not necessarily “weak” – so the distinction must be made as to how the particular system that HSBC went live with was compromised. Biometrics systems will ultimately fall foul of either not…

Why is the Wonga breach such a big deal?

Apr 20th, 2017 Data Breach, Data Protection James Gillies

Wonga, the pay-day loan company has become the latest high-profile company to become the victim of a data breach, affecting over 250,000 of their customers. Whilst the specifics of the hack are still unknown Wonga have said that personal data accessed “may have included one or more of the following: name, e-mail address, home address, phone number, the last four digits of your card number…

Are we exposed with unlocked USB ports?

Mar 30th, 2017 Confidentiality, Data Breach, Secure Configuration James Gillies

In my experience this is an area around which the Channel Islands have been generally slow to adopt a stronger security posture, and whilst the threats surrounding Data Leakage were as valid then as they are today, it is surprising that only 21% of UK businesses have a formal policy around what can be stored on removable/USB devices, a figure published in the Cyber Security…

Predictions

4 Cyber Threat predictions for 2017

As many predictions including my own in 2016 demonstrated, email as an attack vector is back with a bang as business everywhere were attacked through phishing emails, tricking people into opening malicious links and bogus attachments – often leading directly to a data breach. Spear Phishing targets specific individuals and business units, the recent US election highlighted an example of this. There was also a…

Passwords Manager

How can I better manage my passwords?

Passwords are a pain. Needed for everything these days, you are constantly asked to register on this or that website in order to obtain the information you require, resulting in a mountain of credentials which need protecting. Some people use the same password for everything, others use stronger passwords for ‘important’ things. Some people work out what a password should be based on a system…

How does the Yahoo breach affect me? I don’t use Yahoo?

Sep 28th, 2016 Data Breach James Gillies

The Yahoo breach is a great example of three or four different Cyber Security issues all linking together to demonstrate the destructive power of today’s cyber-criminals. Rarely now the stereotypical spotty/angry teenager looking for notoriety; cyber criminals are industrially funded, technologically gifted and in some cases even state-sponsored – cybercrime is big business! This particular incident is significant because it is the largest known breach…

Ransomware

What are some steps we can take against Ransomware?

Sep 25th, 2016 Data Breach, Secure Configuration James Gillies

More advanced than ever, Ransomware has evolved quicker in recent months than commercial technologies can keep up with and accounts for over $1.2B in damages to businesses, according to Cyber Security vendor, Sophos. “90% of breaches are from exploits, 90% of exploits are from known vulnerabilities and 66% of IT staff lack incident response skills.” High-level steps to take are as follows: Don’t click on…

How do we prevent ourselves getting burned in public?

Sep 7th, 2016 Data Breach, Information Risk Management James Gillies

There has been a lot of discussion in the technology world recently about the scheme where a team of security researchers MedSec Holdings disclosed details of alleged vulnerabilities in medical equipment they were testing, manufactured by St Jude Medical to investment researchers Muddy Waters in order to profit from the fallout when the vulnerabilities were made public. St Jude’s share price dropped by 4.4%. One…

Safe Corporate Travel

What should we consider for our Safe Corporate Travel Policy?

Aug 31st, 2016 Data Breach, Home and Mobile Working James Gillies

Travelling for work and working from home are different things and should be treated appropriately when measuring risk and protecting corporate data. According to a new study by Cloud security firm Bitglass, 25.3% of data breaches in recent years within the US financial sector were due to lost or stolen devices. To develop a Safe Corporate Travel policy, there are some points you should consider:…

Smartphones

We trust our staff, so why do we need to protect their smartphones?

Aug 10th, 2016 Data Breach, Home and Mobile Working James Gillies

Ubiquitous and permanently connected to the internet, smartphones are here to stay. As devices that talk to everything all of the time, they access corporate data more easily whilst boundaries to the company network blur or even disappear. Imagine: Joe from Accounts procures his new iPhone as part of his renewed contract and one of the first things he does after restoring the backup of…

Gravityscan Badge