AWS Cloud: Proactive Security and Forensic Readiness – part 3
Part 3: Data protection in AWS This is the third in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting data within AWS. Data protection has become all the rage for organisations that are processing personal data of individuals in […]
AWS Cloud: Proactive Security and Forensic Readiness – part 2
Part 2: Infrastructure-level protection in AWS This is the second in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to protecting your virtual infrastructure within AWS. Protecting any computing infrastructure requires a layered or defence-in-depth approach. The layers are typically divided […]
No, Minister: politicians’ unsafe email access practices renew password debate
Passwords are back in the news thanks to a politician’s unwitting post on Twitter. British MP Nadine Dorries admitted that her staff and interns all have access to her email through a shared password. As inevitable as a politician’s promise at election time, there was a stampede of commentators decrying such an obvious security fail. […]
Catch-22 for security careers when companies seek experience over enthusiasm
When I first started on my path to cybersecurity, I was just as eager to learn and pursue challenges then as I am now. I have many more years of learning ahead in my career, but I found it quite difficult to actually get into the industry. During interviews, I was routinely told how great […]
Phishing is the biggest threat to users’ login details, major study finds
Phishing has long been recognised as one of the most effective tools in an attacker’s arsenal. Now, extensive new research based on a year’s worth of data provides further empirical proof. Criminals find phishing far more effective than keyloggers or data breaches for obtaining credentials and accessing someone’s account. Between March 2016 and March 2017, […]
AWS Cloud: Proactive Security and Forensic Readiness – part 1
Part 1 – Identity and Access management in AWS This is the first in a five-part blog series that provides a checklist for proactive security and forensic readiness in the AWS cloud environment. This post relates to identity and access management in AWS. In a recent study by Dashlane regarding password strength, AWS was listed […]
Companies face Cybersecurity double whammy in Brexit and GDPR
There are two seemingly separate major events happening in the coming years that will impact on how companies process and store personal data of people living in the European Union. The first is the European General Data Protection Regulation (GDPR) which comes into effect in May 2018. The other is Brexit, where the United Kingdom […]
AWS Cloud: Proactive Security & Forensic Readiness five-part best practice
In a time where cyber-attacks are on the rise in magnitude and frequency, being prepared during a security incident is paramount. This is especially crucial for organisations adopting the cloud for storing confidential or sensitive information. This blog is an introduction to a five-part blog series that provides a checklist for proactive security and forensic readiness in […]
Ransomware investigation: notes from the digital forensics front line
I have always had a big interest in digital forensics; it’s why I chose to pursue this career path. This post documents my first official forensics case involving ransomware: in other words, I got paid to root through someone else’s computer. Although my role is not limited to digital forensics, I enjoy when these cases […]
Pay me my money down: fake invoice email scams highlight business process problems
The effectiveness of an email scam like CEO fraud relies on one person in the target organisation having the means and the opportunity to make payments. It’s not a security problem that technology alone can fix. This type of scam came to mind as news emerged of yet another victim. The Irish Independent reported that criminals […]