Prepare for breach: 10 steps to better incident response planning
Developing an incident response plan – and testing various scenarios against it – is now a must. Let’s all remember the Central Bank of Ireland’s stark warning back in 2016. “Firms should assume they will be subject to a successful cyber-attack or business interruption.” Having a structured and formalised response plan ensures organisations can deal […]
Time to see security training as an investment, not a cost
Having finished 2017 with a blog about allocating security spending, we’re starting the new year on a similar note. Specifically, it’s about investing in security awareness training. Harvard Business Review argued that better training is the best security investment a business can make. Its choice of word was deliberate: businesses need to see security training […]
Data Protection Implications of Brexit
Well I guess this comes as no big surprise. In its “Notice to stakeholders: withdrawal of the United Kingdom and EU rules in the field of data protection”, the EU today declared that the United Kingdom post Brexit will not meet the adequacy requirements with regards to the transfer of personal data from the EU […]
Here’s FUD in your eye: how to tell GDPR fact from fiction
Like it or not, fear, uncertainty and doubt [FUD] are time-honoured tactics for some vendors to scare up easy sales. The General Data Protection Regulation (GDPR) is seeing its fair share of FUD, and Brian Honan has called out the ‘fake news’ surrounding the regulation. GDPR = Y2K? In an audio interview with Information Security […]
No, Minister: politicians’ unsafe email access practices renew password debate
Passwords are back in the news thanks to a politician’s unwitting post on Twitter. British MP Nadine Dorries admitted that her staff and interns all have access to her email through a shared password. As inevitable as a politician’s promise at election time, there was a stampede of commentators decrying such an obvious security fail. […]
GDPR: readiness still far away for many, with less than six months to go
GDPR enforcement begins in under six months, but new surveys suggest many organisations will struggle to be ready in time. One survey found that fewer than one in five businesses are “well prepared” for the regulation. In separate research, 95 per cent of businesses said being compliant will be a “massive challenge”. The first finding […]
Catch-22 for security careers when companies seek experience over enthusiasm
When I first started on my path to cybersecurity, I was just as eager to learn and pursue challenges then as I am now. I have many more years of learning ahead in my career, but I found it quite difficult to actually get into the industry. During interviews, I was routinely told how great […]
Phishing is the biggest threat to users’ login details, major study finds
Phishing has long been recognised as one of the most effective tools in an attacker’s arsenal. Now, extensive new research based on a year’s worth of data provides further empirical proof. Criminals find phishing far more effective than keyloggers or data breaches for obtaining credentials and accessing someone’s account. Between March 2016 and March 2017, […]
Security newsround: November 2017
We round up reporting and research from across the web about the latest security news. This month: effective awareness programmes, CEOs in the spotlight, Wi-Fi weaknesses and the best browser for blocking bad stuff online. Security Awareness Month October was Security Awareness Month in Europe and the US. There were many good articles and posts […]
AWS Cloud: Proactive Security and Forensic Readiness – part 1
Part 1 – Identity and Access management in AWS This is the first in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to identity and access management in AWS. In a recent study by Dashlane regarding password strength, AWS was listed […]