In a previous blog post I wrote about the rise of ransomware over the last year. In this post I will briefly outline what steps organisations should take to avoid becoming the next victim of ransomware. Continue reading
I recently attended the East Midlands Cyber Crime Breakfast, where a panel of experts outlined what they saw as the principal cyber crime threats that were affecting organisations in the East Midlands. Continue reading
At the back end of 2014, Forbes published a great article “To Stop Data Theft, Let’s Start Disconnecting Computers From The Internet“
The last paragraph says:
Some corporate and government data simply doesn’t belong on the Internet. Why is that so hard to understand?
A good question indeed.
In the blog Secure Delivery of a Payload we discussed how secure information exchange consists of two distinct elements: the information you need to convey – the payload, and the technical method used to carry the payload – the protocol. Attackers wishing to break into your network can exploit either of these: the protocol or the payload.
At home, I have invested in good quality locks on my doors and windows, conforming to the standard required by my insurance company. In addition to that I have also invested in an intruder alarm.
I recently attended a professional development event in Birmingham run by OWASP and the Institute of Information Professionals (IISP). One of the topics on the agenda was how to evade anti-virus (AV) software packages.
Shock horror. The breaking news is that AV software is not going to stop cyber attacks on your organisation, as has been blogged on before here on Cyber Matters.
However two aspects stood out for me.
On January 29, we held the second IISP meeting in the East Midlands, at the Institute of Directors in Nottingham, attended by close to 30 delegates.
The meeting was opened by Colin Powers with an introduction and explanation that some quick reshuffling of the agenda was in order as the main speakers train was running late. He also published the hash-tag #IISPEastMids, with delegates encouraged share their thoughts on the meeting live via twitter (these tweets are available as an archive).
At this time of year, it seems that one of the duties of a CTO of a security company to make predictions about the year ahead.
My prediction is somewhat generic, followed by a wish list. Please help me with my wish list, so we can prevent my prediction!
I recently read the book “Advance Persistent Threat: Understanding the Danger and How to Protect your Organization”. The following paragraph in the introductory Chapter really stood out for me: