Zero Day Vulnerability

What is a Zero Day attack, and how do I protect my business against them?

Oct 26th, 2016 Malware, Vulnerability Management James Gillies

An example of a zero day vulnerability would be a security weakness in an operating system such as Windows which is unknown to the vendor, in this case Microsoft. During the period of time that a hacker would discover and attempt to exploit that vulnerability, before the vendor becomes aware of the problem and then subsequently plugs up the security hole with a Windows Update…

Backups

Our backups are good, aren’t they?

Oct 19th, 2016 Availability James Gillies

Although your backups may well be “good” as far as you know, your backup strategy itself may need to be re-visited, here’s some high-level questions to start with: What are you backing up? Just the data, or the whole environment? In other words, if you were to fall foul of a cyber attack and lose everything how quickly or easily could you recover with only…

Passwords Manager

How can I better manage my passwords?

Passwords are a pain. Needed for everything these days, you are constantly asked to register on this or that website in order to obtain the information you require, resulting in a mountain of credentials which need protecting. Some people use the same password for everything, others use stronger passwords for ‘important’ things. Some people work out what a password should be based on a system…

Macros

How risky are Macros to our business?

Oct 5th, 2016 Malware, User Education and Awareness James Gillies

2016 has seen a renewed and sustained level of cyber threats which use email as the attack vector. If you’re not being coerced into clicking a link in a malicious email, then you may be invited to open an attachment, which will almost always require you to run macros or “enable content.” Macros, which appear in Office documents such as Microsoft Word or Excel, are…

How does the Yahoo breach affect me? I don’t use Yahoo?

Sep 28th, 2016 Data Breach James Gillies

The Yahoo breach is a great example of three or four different Cyber Security issues all linking together to demonstrate the destructive power of today’s cyber-criminals. Rarely now the stereotypical spotty/angry teenager looking for notoriety; cyber criminals are industrially funded, technologically gifted and in some cases even state-sponsored – cybercrime is big business! This particular incident is significant because it is the largest known breach…

Ransomware

What are some steps we can take against Ransomware?

Sep 25th, 2016 Data Breach, Secure Configuration James Gillies

More advanced than ever, Ransomware has evolved quicker in recent months than commercial technologies can keep up with and accounts for over $1.2B in damages to businesses, according to Cyber Security vendor, Sophos. “90% of breaches are from exploits, 90% of exploits are from known vulnerabilities and 66% of IT staff lack incident response skills.” High-level steps to take are as follows: Don’t click on…

Defence-In-Depth

How does defence-in-depth work for Cyber Security?

Sep 14th, 2016 Monitoring, Network Security, Secure Configuration James Gillies

Although Cyber Security can seem daunting, there are some fundamental security principles that will help define a good defensive posture. Without talking about particular technologies or processes we can keep it abstract to get the concept across, one of which is defence-in-depth. Your defences need to be layered. Constantinople is an example of a city that withstood attacks for 1,000 years due to its layered…

How do we prevent ourselves getting burned in public?

Sep 7th, 2016 Data Breach, Information Risk Management James Gillies

There has been a lot of discussion in the technology world recently about the scheme where a team of security researchers MedSec Holdings disclosed details of alleged vulnerabilities in medical equipment they were testing, manufactured by St Jude Medical to investment researchers Muddy Waters in order to profit from the fallout when the vulnerabilities were made public. St Jude’s share price dropped by 4.4%. One…

Safe Corporate Travel

What should we consider for our Safe Corporate Travel Policy?

Aug 31st, 2016 Data Breach, Home and Mobile Working James Gillies

Travelling for work and working from home are different things and should be treated appropriately when measuring risk and protecting corporate data. According to a new study by Cloud security firm Bitglass, 25.3% of data breaches in recent years within the US financial sector were due to lost or stolen devices. To develop a Safe Corporate Travel policy, there are some points you should consider:…

Budget for year 2017

How much should we budget for Cyber Security?

Aug 24th, 2016 Compliance, Information Risk Management James Gillies

When budgeting for cyber security consider what you must do for legal and regulatory compliance, and what you should do for good security. As good security is a business enabler, do that first. Then analyse any compliance gaps and fill them. You should budget accordingly. How you decide to deal with risk is important: will you accept, avoid, transfer or mitigate? Let’s say you calculate…

Gravityscan Badge