Security newsround: October 2018
We round up interesting research and reporting about security developments from around the web. This month: data breaches are up (again), help with hacks, incident response, attacks on trust providers and a numbers game. Breach over troubled water More than 4.5 billion data records were compromised in the first half of 2018. That’s a 133 […]
Ireland needs a coherent national approach to cybersecurity
I was interviewed by the Irish Times on why “Ireland (is) Vulnerable to Cybersecurity Attack” During my chat with Charlie Taylor I mentioned a number of concerns I have regarding how Ireland is dealing with cybersecurity at a national level and that in many areas it is disjointed with no one department or function taking […]
Dublin Information Sec 2018: take note of this advice to embed lessons from a data breach
When assembling an incident response team, it’s worth including someone whose job is to take notes. It might seem like a small point, but it’s a big help for communicating during a breach, and learning lessons afterwards. Maybe it’s because I write things down for a living, but for me, that was one of the […]
Plan for potential incidents and breach scenarios, cybersecurity conference hears
Businesses should prepare an incident plan for security breaches in advance to know what resources they’ll need to deal with it. Speaking at the Technology Ireland ICT Skillnet Cybercrime Conference earlier today, Brian Honan said that running different scenarios can help businesses identify whether they’ll need assistance from IT, legal, HR or public relations. Research […]
Busting myths and misconceptions around GDPR and security
For better or worse, GDPR and security are often wedded together, when the relationship in fact is slightly more complicated. Sarah Clarke, a specialist in privacy, security, governance risk and compliance with BH Consulting, has picked apart some myths and misconceptions around the subject. She kindly gave us permission to use material she published in […]
UK issues data protection guidance for a no-deal Brexit scenario
In preparation for a possible no-deal Brexit, the UK Government has published guidance about how this will affect data protection. The EU uses a mechanism called an adequacy decision to allow the free flow of personal data to countries outside the EU. BH Consulting CEO Brian Honan has identified the key section of the UK […]
Security newsround: September 2018
We round up interesting research and reporting about security developments from around the web. This month: the devastation from NotPetya, a sound idea for authentication, help with NIST and cutting-edge security analysis. The shipping news If the truly wise learn from the experiences of others, then there are lessons galore from Maersk’s ransomware infection. You […]
CEO fraud: call it what you want, but I call it messing with the quids
A ruse by any other name, invoice redirection scams are a huge and growing business problem. They’re also known as fake boss scams, impersonation fraud, CEO fraud, or business email compromise, and they’ve risen by 58 per cent in the past year. That’s according to Lloyds Bank which estimates that UK SMEs lose £27,000 on […]
Red player one: learning the right security lessons from a red team exercise
A red team exercise can be a valuable way of testing how effective your security controls are. Having your internal security team, or an external consultant, simulate an attacker trying to breach your defences can reveal plenty. Their success or otherwise can show where you need to improve from a security perspective, or what you’re […]
AWS Cloud: Proactive Security and Forensic Readiness – part 4
Part 4: Detective Controls in AWS Security controls can be either technical or administrative. A layered security approach to protecting an organisation’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. Detective controls exist to identify that […]