10 March 2014

DON'T BE A TARGET... ON RETAIL POS, BANKS, EMV & WINDOWS XP...

McAfee Labs' latest report reveals that hackers are using basic 'off the shelf' malware to target retail POS systems, a very topical subject, I’m sure you will agree... But we have to remember that the breaches mentioned in the McAfee report took place in the US, and there is one notable difference between retailers there and those in Europe: the US haven’t yet adopted EMV (aka Chip & PIN)...

9 February 2014

HOW TO RESPOND TO A CRISIS IN THE 21st CENTURY...

[UPDATED 10th MARCH 2014]
I first wrote on this subject in May 2012 (The social media side of incident response).
Today, it is still my most popular entry on this blog with 4,129 unique views as I write. This means that in any given day since I published it, 6 people somewhere in the world have read that post... I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. So here’s the 2014 version...

15 November 2013

A NICE MAN WANTS TO GIVE ME SOME MONEY…

I use LinkedIn a lot. I find it an excellent business networking tool and over the years, it has enabled me to meet some fantastic people and make lovely new friends. It’s a tool for reaching out and each time I receive a new connection request, I assume that I may be able to help that person in some way. In most cases, I remember that I have interacted with the individual outside of the social media sphere, but sometimes, I draw a blank (perhaps because my memory is getting worse with age!). Consequently, to frame the next interaction, I always look at their profile to see how many areas of interest are in common, how our respective networks intersect, or how many groups or companies are shared… More often than not, this gives me a good idea, but sometimes, it doesn't...

28 August 2013

DO ASSET MANAGEMENT COMPANIES KNOW THEIR ASSETS?...

Google
Because of the substantial value they hold, financial services organisations have always been a prime target for cyber criminals. We have seen many data breaches and targeted attacks against networks, applications, websites and, most importantly, data and information. In recent years, organised crime has shown increasing sophistication. This has meant that in addition to the more traditional hacks used to ultimately perpetrate fraud, we have seen a surge in attacks targeted at disrupting business operations in order to extract ransom.

11 August 2013

I AM WHO I AM... OR AM I?

Google
I have spent the last 18 months pondering on the whole sphere of identity and authentication and a number of things have happened:
The analysts continue to tell us that lax password management and policies continue to put individuals and organisations at risk (according to the Trustwave Global Security Report 2013, Welcome1 is the most commonly used password by count - followed closely by STORE123 and Password1 - whereas Password1 is still most widely used when looking at % of unique active directory samples, followed closely by password1 and Welcome1)


8 August 2013

TALK TO THE HAND (OR FACE, OR FINGER)…

Google
As far as I can tell, apart from sci-fi buffs and Big Bang Theory fans, biometrics started to enter public consciousness in 2009-2010 and since then, we have experienced increased user acceptance. This started with biometrics usage for border security as the most significant development due to technology advances and large scale national ID deployments.

4 April 2013

A CONSOLIDATED VIEW ON DATA BREACHES IN 2012 - PART 2...

Google
It seems that many of you found my previous post of interest, so as promised, here’s the second part. But first, let’s all have a look at this 2min 48s video: Security Threats by the Numbers from the Cisco 2013 Annual Security Report. Unsurprisingly, the Trustwave GSR highlights that e-commerce sites were the most targeted asset, accounting for 48% of all investigations...