I use LinkedIn a lot. I find it an excellent business networking tool and over the years, it has enabled me to meet some fantastic people and make lovely new friends. It’s a tool for reaching out and each time I receive a new connection request, I assume that I may be able to help that person in some way. In most cases, I remember that I have interacted with the individual outside of the social media sphere, but sometimes, I draw a blank (perhaps because my memory is getting worse with age!). Consequently, to frame the next interaction, I always look at their profile to see how many areas of interest are in common, how our respective networks intersect, or how many groups or companies are shared… More often than not, this gives me a good idea, but sometimes, it doesn't...
A blog about information security, payments, risk, fraud, digital innovation and social media... Connect on LinkedIn?
15 November 2013
10 October 2013
YOUR PROVIDER IS HACKED, YOU'RE ASSURED OF NO FINANCIAL LOSS. BUT ARE YOU SAFE?...
[UPDATED 20th FEBRUARY 2014] In the aftermath of the Santander and Barclays KVM hacks, @GrahamCluley kindly invited me to post my comments on his blog.
A few weeks on, I have some updates which you may find interesting…
A few weeks on, I have some updates which you may find interesting…
28 August 2013
DO ASSET MANAGEMENT COMPANIES KNOW THEIR ASSETS?...
Google
Because of the substantial value they hold, financial services organisations have always been a prime target for cyber criminals. We have seen many data breaches and targeted attacks against networks, applications, websites and, most importantly, data and information. In recent years, organised crime has shown increasing sophistication. This has meant that in addition to the more traditional hacks used to ultimately perpetrate fraud, we have seen a surge in attacks targeted at disrupting business operations in order to extract ransom.
Because of the substantial value they hold, financial services organisations have always been a prime target for cyber criminals. We have seen many data breaches and targeted attacks against networks, applications, websites and, most importantly, data and information. In recent years, organised crime has shown increasing sophistication. This has meant that in addition to the more traditional hacks used to ultimately perpetrate fraud, we have seen a surge in attacks targeted at disrupting business operations in order to extract ransom.
11 August 2013
I AM WHO I AM... OR AM I?
Google
I have spent the last 18 months pondering on the whole sphere of identity and authentication and a number of things have happened:
The analysts continue to tell us that lax password management and policies continue to put individuals and organisations at risk (according to the Trustwave Global Security Report 2013, Welcome1 is the most commonly used password by count - followed closely by STORE123 and Password1 - whereas Password1 is still most widely used when looking at % of unique active directory samples, followed closely by password1 and Welcome1)
I have spent the last 18 months pondering on the whole sphere of identity and authentication and a number of things have happened:
The analysts continue to tell us that lax password management and policies continue to put individuals and organisations at risk (according to the Trustwave Global Security Report 2013, Welcome1 is the most commonly used password by count - followed closely by STORE123 and Password1 - whereas Password1 is still most widely used when looking at % of unique active directory samples, followed closely by password1 and Welcome1)
8 August 2013
TALK TO THE HAND (OR FACE, OR FINGER)…
Google
As far as I can tell, apart from sci-fi buffs and Big Bang Theory fans, biometrics started to enter public consciousness in 2009-2010 and since then, we have experienced increased user acceptance. This started with biometrics usage for border security as the most significant development due to technology advances and large scale national ID deployments.
As far as I can tell, apart from sci-fi buffs and Big Bang Theory fans, biometrics started to enter public consciousness in 2009-2010 and since then, we have experienced increased user acceptance. This started with biometrics usage for border security as the most significant development due to technology advances and large scale national ID deployments.
4 April 2013
A CONSOLIDATED VIEW ON DATA BREACHES IN 2012 - PART 2...
Google
It seems that many of you found my previous post of interest, so as promised, here’s the second part. But first, let’s all have a look at this 2min 48s video: Security Threats by the Numbers from the Cisco 2013 Annual Security Report. Unsurprisingly, the Trustwave GSR highlights that e-commerce sites were the most targeted asset, accounting for 48% of all investigations...
It seems that many of you found my previous post of interest, so as promised, here’s the second part. But first, let’s all have a look at this 2min 48s video: Security Threats by the Numbers from the Cisco 2013 Annual Security Report. Unsurprisingly, the Trustwave GSR highlights that e-commerce sites were the most targeted asset, accounting for 48% of all investigations...
31 March 2013
A CONSOLIDATED VIEW ON DATA BREACHES IN 2012 - PART 1...
Google
It’s that time of year again where we try to make sense of all the new research and statistics. Today, I give you the Trustwave 2013 Global Security Report which analyses 400 data breach investigations (compared to 300 in 2011) across 29 countries (compared to 18 in 2011). Unsurprisingly, 96% of the breaches involved the theft of customer records (payment card data, PII, email addresses), compared to 89% in 2011. Closer to home, this is confirmed by the CIFAS Fraudscape report published in March 2013, where, whilst total fraud in the UK only showed a 5% increase since 2011, abuse of identity fraud increased by a whopping 17.1%, correlating to the Trustwave report showing that out off all client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs, clearly pointing to social engineering.
It’s that time of year again where we try to make sense of all the new research and statistics. Today, I give you the Trustwave 2013 Global Security Report which analyses 400 data breach investigations (compared to 300 in 2011) across 29 countries (compared to 18 in 2011). Unsurprisingly, 96% of the breaches involved the theft of customer records (payment card data, PII, email addresses), compared to 89% in 2011. Closer to home, this is confirmed by the CIFAS Fraudscape report published in March 2013, where, whilst total fraud in the UK only showed a 5% increase since 2011, abuse of identity fraud increased by a whopping 17.1%, correlating to the Trustwave report showing that out off all client-side attacks observed, 61% targeted Adobe Reader users via malicious PDFs, clearly pointing to social engineering.
27 February 2013
WILFUL BLINDNESS AND WISHFUL THINKING...
Google
Yesterday, an article on CBS Money Watch caught my eye: Businesses deluded about threat of cyber attack. The article was a short introduction to a recent survey conducted by Deloitte. And isn’t it spooky that the same old things keep cropping up everywhere?...
Unsurprisingly, the Deloitte report highlights that 88% of the businesses surveyed believe that they are not really at risk. As you would expect, they also identify lack of employee awareness and third party risks as top security vulnerabilities (46% of organisations don’t evaluate the security and privacy practices of vendors before sharing sensitive or confidential information, according to a recent Experian/Ponemon survey. If you’re not already fed up with trend predictions, see earlier blog post for my 2013 predictions.
But for me, these were not the most interesting points of the study...
Yesterday, an article on CBS Money Watch caught my eye: Businesses deluded about threat of cyber attack. The article was a short introduction to a recent survey conducted by Deloitte. And isn’t it spooky that the same old things keep cropping up everywhere?...
Unsurprisingly, the Deloitte report highlights that 88% of the businesses surveyed believe that they are not really at risk. As you would expect, they also identify lack of employee awareness and third party risks as top security vulnerabilities (46% of organisations don’t evaluate the security and privacy practices of vendors before sharing sensitive or confidential information, according to a recent Experian/Ponemon survey. If you’re not already fed up with trend predictions, see earlier blog post for my 2013 predictions.
But for me, these were not the most interesting points of the study...
28 January 2013
GAZING AT 2013: THE RIGHT FOCUS AND THE RIGHT LANGUAGE...
Google
Well, it’s the New Year, and I wish you all the best for a fantastic 2013! I can’t believe my last post was in November! And it’s already the end of January! So I thought I’d get in quickly with my two pennies worth of crystal ball gazing before it becomes unfashionable... What did we learn from 2012? Are there any interesting market trends? How does it affect security? What is the current state of information security and how is it shaping up? Are we getting any better? If any of these questions spark your interest of if you’d just like to see if my Nostradamus impression has something in it, read on...
Well, it’s the New Year, and I wish you all the best for a fantastic 2013! I can’t believe my last post was in November! And it’s already the end of January! So I thought I’d get in quickly with my two pennies worth of crystal ball gazing before it becomes unfashionable... What did we learn from 2012? Are there any interesting market trends? How does it affect security? What is the current state of information security and how is it shaping up? Are we getting any better? If any of these questions spark your interest of if you’d just like to see if my Nostradamus impression has something in it, read on...
Subscribe to:
Posts (Atom)