Moving to a more mature security posture?
Intended to be topical and informative, my blog contains lightweight discussions around various Cyber Security issues.
As GDPR enforcement approaches you should start to think about the ESI (Electronically Stored Information) held on your systems that could contain personal data. Whilst reviewing how data is being stored, processed, transferred, updated and protected you must also consider how to later perform e-Discovery on all of that data. Not unlike the proverbial see-saw, the more you lock something away the more difficult it…
It’s important to understand your security posture, through regular reporting mechanisms, notifications and completion of remediation tasks. But as with many things, Cyber Security is a journey not a destination. Whilst you should be aware of both negative and positive aspects of your security posture, there is always room to ask further questions. Discuss, debate and even argue as required to move forward with the…
Previously a buzz word and often tongue-in-cheek as another fad that would come and go, whether we like it or not, or are even aware of it Cloud computing is now being used by half of all UK businesses. Market research company Ipsos Mori reported last year that 66% of UK medium sized firms use cloud providers to host websites or email, or transfer or…
As your business becomes more mature in its approach to Cyber Security you may have a business objective to expose certain web services to the internet, Microsoft Outlook Web Access and ActiveSync being examples. Although trivial to expose such services via standard perimeter firewall rules, it has become increasingly risky to do so without having extra layers of defence in place to protect business data…
In today’s digital world data is considered to be the crown jewels and should be protected from those that might abuse it. The value to the business that data represents should be balanced against the risk of it being exposed. Traditionally viewed as a pure security issue, as data protection laws start to change this will become much more of a compliance issue. In simple…
The countdown to the new millennium heard of horror stories predicted for planes falling out of the sky for failing to deal with the looming date of 31st December 1999. Working in a bank all night I witnessed the world transit through the different time zones, following the dawn. By the time we in the UK were in the early hours of the New Year…
If to be forewarned is to be forearmed then it makes sense in terms of defending against Cyber Threats to know exactly where your weaknesses are. As mentioned previously, 90% of exploits are from known vulnerabilities – so it’s a no-brainer for you as the data owner to know just how vulnerable your infrastructure is to a potential breach. Although operationally efficient, patching your servers…
We’ve all been on the phone at some point when the fire alarms go off. “Excuse me, I’ll have to call you back…” is usually the response. Then, with minimum of fuss we would all quietly file out of the building, and congregate in a pre-designated area awaiting further instructions. After various checks were completed we would be informed that we were all present and…
As many predictions including my own in 2016 demonstrated, email as an attack vector is back with a bang as business everywhere were attacked through phishing emails, tricking people into opening malicious links and bogus attachments – often leading directly to a data breach. Spear Phishing targets specific individuals and business units, the recent US election highlighted an example of this. There was also a…
Last week witnessed a massive Distributed Denial of Service attack against Dyn.com, who provide DNS services to major websites. This had the effect of disrupting users of Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix. The ‘botnet’ that performed this DDoS attack was comprised of hacked IoT (Internet of Things) devices, partly comprised of Chinese-made digital video recorders and IP cameras. The devices had been compromised…
