Testing cybersecurity plans with table-top exercises
If a picture is worth a thousand words, and video is worth many multiples more, what value is an interactive experience that plants you firmly in the hot seat during a major security incident? Reading about cyberattacks or data breaches is useful, but it can’t replicate the visceral feeling of a table-top exercise. Variously called […]
More cod than phishing: email compromise is a bigger risk than you think
Phishing emails and social engineering attacks are a huge security risk. When we describe security incidents that involve criminals scamming individuals or businesses out of money, security professionals often use terms like “CEO fraud”, “fake boss scams”, or “impersonation fraud” and “business email compromise” interchangeably for convenience. But there’s a case for treating business email […]
AWS Cloud: Proactive Security and Forensic Readiness – part 5
Part 5: Incident Response in AWS In the event your organisation suffers a data breach or a security incident, it’s crucial to be prepared and conduct timely investigations. Preparation involves having a plan or playbook at hand, along with pre-provisioned tools to effectively respond to and mitigate the potential impact of security incidents. These response […]
Security roundup: February 2019
We round up interesting research and reporting about security and privacy from around the web. This month: security as a global business risk, insured vs protected, a 12-step programme, subject access requests made real, French fine for Google, and an imperfect getaway. Risks getting riskier Some top ten lists are not the kind you want […]
Ireland’s cybersecurity watchdog publishes new guidance for businesses
Ireland’s National Cyber Security Centre has published guidance on cybersecurity for Irish businesses. It’s a welcome addition to the roster of material available to help organisations to develop or refine their security strategy. The team at BH Consulting has picked out key points from the guide, and added some more context and analysis. The report’s […]
No-deal Brexit and GDPR: here’s what you need to know
Business craves certainty and Brexit is currently giving us anything but. At the time of writing, it’s looking increasingly likely that Britain will leave the EU without a withdrawal agreement. This blog rounds up the latest developments on data protection after a no-deal Brexit. (Appropriately, we’re publishing on Data Protection Day, the international campaign to […]
Cybersecurity for startups
In the early days of a startup, it’s easy to get caught up in the buzz of building a new business. Keeping so many plates spinning – from fundraising and hiring to shipping product – can mean security sometimes falls off the priority list. But in the face of ever-rising volumes of data breaches and […]
Malware threats in 2019
It’s unlikely we’ll ever look back fondly to a time when ransomware would announce itself noisily. But at least victims knew they were under attack. Now, the signs are that malware’s adopting sneaky tactics to avoid detection. Fileless malware looks set to be a significant security threat in 2019, and that could be bad news […]
Security newsround: January 2019
We round up interesting research and reporting about security and privacy from around the web. This month: the security year in review, resilience on rails, incidents in depth, phishing hooks millennials, Internet of Threats, and CISOs climbing the corporate ladder. A look back at cybercrime in 2018 It wouldn’t be a new year’s email without […]
Health research and the issue of consent
By 30 April of this year, any organisation conducting health research in Ireland must either get consent to GDPR standard or else obtain a consent declaration. But in order to do the former, they need to know what explicit informed consent is (also known as GDPR-level consent). The problem is, a lot of people don’t […]