CEO fraud: call it what you want, but I call it messing with the quids
A ruse by any other name, invoice redirection scams are a huge and growing business problem. They’re also known as fake boss scams, impersonation fraud, CEO fraud, or business email compromise, and they’ve risen by 58 per cent in the past year. That’s according to Lloyds Bank which estimates that UK SMEs lose £27,000 on […]
Red player one: learning the right security lessons from a red team exercise
A red team exercise can be a valuable way of testing how effective your security controls are. Having your internal security team, or an external consultant, simulate an attacker trying to breach your defences can reveal plenty. Their success or otherwise can show where you need to improve from a security perspective, or what you’re […]
AWS Cloud: Proactive Security and Forensic Readiness – part 4
Part 4: Detective Controls in AWS Security controls can be either technical or administrative. A layered security approach to protecting an organisation’s information assets and infrastructure should include preventative controls, detective controls and corrective controls. Preventative controls exist to prevent the threat from coming in contact with the weakness. Detective controls exist to identify that […]
Buckle up: what the auto industry can teach us about IoT security
Help Net Security has published an op-ed from Brian Honan entitled ‘IoT security: lessons we can learn from the evolution of road safety’. The piece compares the lack of safety features in cars 50 years ago with today’s Internet of Things. Inspired by a conversation with his father about growing up in rural Ireland, when […]
Here’s the missing ingredient in a solid security and business continuity plan
Security incidents can cast an unforgiving light on many organisations’ readiness. They highlight the need for security programmes that go further than just fixing things when they break. Response has been security’s classic default reaction to an incident. Something is broken, so we need to fix it. But this misses a critical ingredient: resilience. If […]
I read the news today, oh boy: social sharing and the dangers of false information
We’ve all done it: shared a post on social media in the belief that it’s spreading an important message or helping someone in need. But how many of us check to see whether it’s genuine? Earlier today I appeared on East Coast FM Radio in Ireland to talk about this problem. The interview came after […]
Pen testing: why do you need it, and five steps to doing it right
Penetration testing can contribute a lot to an organisation’s security by helping to identify potential weaknesses. But for it to be truly valuable, it needs to happen in the context of the business. I asked Brian Honan, CEO of BH Consulting, to explain the value of pen testing and when it’s needed. “A pen test […]
Is banning USB drives the key to better security behaviour?
Convenience often beats security where users are concerned. Take USB keys, for example. They’re a very handy way to transfer files between computers, but they’re also a huge security risk. IBM recently attempted taking the drastic step of banning all removable portable storage devices (eg: USB, SD card, flash drive) completely. Should others follow suit? […]
Security awareness: it’s all just child’s play
Security awareness is not so different from parenting. Our aim is to change behaviour for the better. As dad to three children, I’m used to communicating with the different personality types of each of my kids. In an office environment, it’s just bigger kids in a bigger playground. Whether it’s a team, a department, or […]
How branding gives your security awareness messages extra strength
Many security professionals probably give little thought to branding; they prefer to leave that fluffy stuff to the marketing team. But when it comes to security awareness, branding can add a touch of goodness to your efforts. (And if you want to know what this has to do with creamy pints of the black stuff, […]