Moving to a more mature security posture?
Intended to be topical and informative, my blog contains lightweight discussions around various Cyber Security issues.
An example of a zero day vulnerability would be a security weakness in an operating system such as Windows which is unknown to the vendor, in this case Microsoft. During the period of time that a hacker would discover and attempt to exploit that vulnerability, before the vendor becomes aware of the problem and then subsequently plugs up the security hole with a Windows Update…
Although your backups may well be “good” as far as you know, your backup strategy itself may need to be re-visited, here’s some high-level questions to start with: What are you backing up? Just the data, or the whole environment? In other words, if you were to fall foul of a cyber attack and lose everything how quickly or easily could you recover with only…
Passwords are a pain. Needed for everything these days, you are constantly asked to register on this or that website in order to obtain the information you require, resulting in a mountain of credentials which need protecting. Some people use the same password for everything, others use stronger passwords for ‘important’ things. Some people work out what a password should be based on a system…
2016 has seen a renewed and sustained level of cyber threats which use email as the attack vector. If you’re not being coerced into clicking a link in a malicious email, then you may be invited to open an attachment, which will almost always require you to run macros or “enable content.” Macros, which appear in Office documents such as Microsoft Word or Excel, are…
The Yahoo breach is a great example of three or four different Cyber Security issues all linking together to demonstrate the destructive power of today’s cyber-criminals. Rarely now the stereotypical spotty/angry teenager looking for notoriety; cyber criminals are industrially funded, technologically gifted and in some cases even state-sponsored – cybercrime is big business! This particular incident is significant because it is the largest known breach…
More advanced than ever, Ransomware has evolved quicker in recent months than commercial technologies can keep up with and accounts for over $1.2B in damages to businesses, according to Cyber Security vendor, Sophos. “90% of breaches are from exploits, 90% of exploits are from known vulnerabilities and 66% of IT staff lack incident response skills.” High-level steps to take are as follows: Don’t click on…
Although Cyber Security can seem daunting, there are some fundamental security principles that will help define a good defensive posture. Without talking about particular technologies or processes we can keep it abstract to get the concept across, one of which is defence-in-depth. Your defences need to be layered. Constantinople is an example of a city that withstood attacks for 1,000 years due to its layered…
There has been a lot of discussion in the technology world recently about the scheme where a team of security researchers MedSec Holdings disclosed details of alleged vulnerabilities in medical equipment they were testing, manufactured by St Jude Medical to investment researchers Muddy Waters in order to profit from the fallout when the vulnerabilities were made public. St Jude’s share price dropped by 4.4%. One…
Travelling for work and working from home are different things and should be treated appropriately when measuring risk and protecting corporate data. According to a new study by Cloud security firm Bitglass, 25.3% of data breaches in recent years within the US financial sector were due to lost or stolen devices. To develop a Safe Corporate Travel policy, there are some points you should consider:…
When budgeting for cyber security consider what you must do for legal and regulatory compliance, and what you should do for good security. As good security is a business enabler, do that first. Then analyse any compliance gaps and fill them. You should budget accordingly. How you decide to deal with risk is important: will you accept, avoid, transfer or mitigate? Let’s say you calculate…
