What can we learn from the BA outage?

Jun 15th, 2017 Availability, Information Risk Management James Gillies

The recent catastrophic BA outage, allegedly caused by an electrical contractor resulting in the total and immediate shutdown of the entire data centre highlighted an interdependency of systems that wasn’t previously known. It was stated that there are around 200 systems used by BA in its operations that are required to work together. This is a surprising number when you think that as a consumer…

If all is well, what should we be doing next?

Mar 16th, 2017 Information Risk Management James Gillies

It’s important to understand your security posture, through regular reporting mechanisms, notifications and completion of remediation tasks. But as with many things, Cyber Security is a journey not a destination. Whilst you should be aware of both negative and positive aspects of your security posture, there is always room to ask further questions. Discuss, debate and even argue as required to move forward with the…


How vulnerable is my business to a Cyber Attack today, and what about tomorrow?

If to be forewarned is to be forearmed then it makes sense in terms of defending against Cyber Threats to know exactly where your weaknesses are. As mentioned previously, 90% of exploits are from known vulnerabilities – so it’s a no-brainer for you as the data owner to know just how vulnerable your infrastructure is to a potential breach. Although operationally efficient, patching your servers…


4 Cyber Threat predictions for 2017

As many predictions including my own in 2016 demonstrated, email as an attack vector is back with a bang as business everywhere were attacked through phishing emails, tricking people into opening malicious links and bogus attachments – often leading directly to a data breach. Spear Phishing targets specific individuals and business units, the recent US election highlighted an example of this. There was also a…

How do we prevent ourselves getting burned in public?

Sep 7th, 2016 Data Breach, Information Risk Management James Gillies

There has been a lot of discussion in the technology world recently about the scheme where a team of security researchers MedSec Holdings disclosed details of alleged vulnerabilities in medical equipment they were testing, manufactured by St Jude Medical to investment researchers Muddy Waters in order to profit from the fallout when the vulnerabilities were made public. St Jude’s share price dropped by 4.4%. One…

Budget for year 2017

How much should we budget for Cyber Security?

Aug 24th, 2016 Compliance, Information Risk Management James Gillies

When budgeting for cyber security consider what you must do for legal and regulatory compliance, and what you should do for good security. As good security is a business enabler, do that first. Then analyse any compliance gaps and fill them. You should budget accordingly. How you decide to deal with risk is important: will you accept, avoid, transfer or mitigate? Let’s say you calculate…

Hacker in hood with laptop initiating cyber attack.

Should we plan for a Cyber Attack?

The bad guys are getting smarter. With all the best will in the world and all the tools at your disposal an incident is inevitable. Planning properly for such a Cyber Attack and putting in place contingency plans is a critical area of Cyber Security that is often ignored. The Cyber Security Breaches Survey 2016 reported that only 10% of UK business overall have a…

Cyber Security Business Awareness

Is there a contradiction of business awareness and attitudes towards Cyber Security?

Jul 13th, 2016 Information Risk Management James Gillies

You are the boss of your organisation. Are you getting updates about Cyber Security within your business? Or possibly more importantly, are you asking for them? e.g What problems are we having that might be affecting our security posture and exposing my company? Is our Anti-Virus up to date? Are our backups OK and have they been tested recently? When were our firewall rules last…

Gravityscan Badge