Security newsround: September 2018

We round up interesting research and reporting about security developments from around the web. This month: the devastation from NotPetya, a sound idea for authentication, help with NIST and cutting-edge security analysis. The shipping news If the truly wise learn from the experiences of others, then there are lessons galore from Maersk’s ransomware infection. You […]
CEO fraud: call it what you want, but I call it messing with the quids

A ruse by any other name, invoice redirection scams are a huge and growing business problem. They’re also known as fake boss scams, impersonation fraud, CEO fraud, or business email compromise, and they’ve risen by 58 per cent in the past year. That’s according to Lloyds Bank which estimates that UK SMEs lose £27,000 on […]
Red player one: learning the right security lessons from a red team exercise

A red team exercise can be a valuable way of testing how effective your security controls are. Having your internal security team, or an external consultant, simulate an attacker trying to breach your defences can reveal plenty. Their success or otherwise can show where you need to improve from a security perspective, or what you’re […]
AWS Cloud: Proactive Security and Forensic Readiness – part 4

Part 4: Detective Controls in AWS Security controls can be either technical or administrative. A layered security approach to protecting an organisation’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. Detective controls exist to identify that […]
Buckle up: what the auto industry can teach us about IoT security

Help Net Security has published an op-ed from Brian Honan entitled ‘IoT security: lessons we can learn from the evolution of road safety’. The piece compares the lack of safety features in cars 50 years ago with today’s Internet of Things. Inspired by a conversation with his father about growing up in rural Ireland, when […]
Security newsround: August 2018

We round up research and reporting from across the web about security developments. This month in our security newsround: authentication acceptance, failing the text test, defining resilience for infosec, avoiding distraction, privacy made simpler and much more. More forceful arguments for multi-factor authentication The UK National Cyber Security Centre has published new guidance on multi-factor […]
Here’s the missing ingredient in a solid security and business continuity plan

Security incidents can cast an unforgiving light on many organisations’ readiness. They highlight the need for security programmes that go further than just fixing things when they break. Response has been security’s classic default reaction to an incident. Something is broken, so we need to fix it. But this misses a critical ingredient: resilience. If […]
I read the news today, oh boy: social sharing and the dangers of false information

We’ve all done it: shared a post on social media in the belief that it’s spreading an important message or helping someone in need. But how many of us check to see whether it’s genuine? Earlier today I appeared on East Coast FM Radio in Ireland to talk about this problem. The interview came after […]
Pen testing: why do you need it, and five steps to doing it right

Penetration testing can contribute a lot to an organisation’s security by helping to identify potential weaknesses. But for it to be truly valuable, it needs to happen in the context of the business. I asked Brian Honan, CEO of BH Consulting, to explain the value of pen testing and when it’s needed. “A pen test […]
Is banning USB drives the key to better security behaviour?

Convenience often beats security where users are concerned. Take USB keys, for example. They’re a very handy way to transfer files between computers, but they’re also a huge security risk. IBM recently attempted taking the drastic step of banning all removable portable storage devices (eg: USB, SD card, flash drive) completely. Should others follow suit? […]