17 July 2014

THE 10 COMMANDMENTS OF YOUR DIGITAL LIFE...

This post was first published on http://www.informationsecuritybuzz.com/10-commandments-digital-life/
We keep hearing about all the issues surrounding privacy, government snooping, ID Theft being on the rise (and even new types of ID Theft creating “Synthetic” identities). It is also generally accepted that the weakest link in the cyber kill chain is Dave.

28 April 2014

I KNOW PSD 2 IS NOT SEXY... But in 2 minutes videos with cool jazz...

Have you ever wondered what the Payments Services Directive 2 (PSD 2) is all about?... Been put off by reading 102 pages of regulations (plus related reading)?... Have an inkling that information security is part of it?...
[UPDATED 5TH MAY 2014]
I originally published a 5 mins video and asked for feedback at my 1st publishing attempt on YouTube. My thanks go to all those payments & security professional that took the time to review it, this latest effort wouldn't have been possible without them. The result is two shorter videos of 2 mins each (with different cool jazz tracks...) that are much more streamlined...
As always, your views and comments are much appreciated!

22 April 2014

REJOICE, IT’S HERE! THE VERIZON DBIR 2014...

Yes, it’s that time of year again where the long awaited Verizon DBIR 2014 has finally been released! So with a nice cup of coffee and some smooth jazz playing in the background, I will endeavour to distil the essence of this always excellent publication... Well, this year, the DBIR departs from just analysing data breaches to looking at 63,347 confirmed security incidents, of which 1,367 were confirmed data breaches (compared to 621 for 2012) across 95 countries (compared to 27 in 2012). This gives far greater richness to the data set and the insights that can be derived from it (rightly so, the DBIR team notes that incidents need not necessarily result on data loss to have a significant impact on an organisation – I couldn’t agree more!). Also don’t miss the month by month review of the major incidents of 2013 on pages 3 & 4, that’ll get you in the mood...


10 March 2014

DON'T BE A TARGET... ON RETAIL POS, BANKS, EMV & WINDOWS XP...

McAfee Labs' latest report reveals that hackers are using basic 'off the shelf' malware to target retail POS systems, a very topical subject, I’m sure you will agree... But we have to remember that the breaches mentioned in the McAfee report took place in the US, and there is one notable difference between retailers there and those in Europe: the US haven’t yet adopted EMV (aka Chip & PIN)...

9 February 2014

SOCIAL MEDIA: HOW TO RESPOND TO A CRISIS IN THE 21st CENTURY...

[UPDATED 10th MARCH 2014]
I first wrote on this subject in May 2012 (The social media side of incident response).
Today, it is still my most popular entry on this blog with 4,129 unique views as I write. This means that in any given day since I published it, 6 people somewhere in the world have read that post... I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. So here’s the 2014 version...

15 November 2013

A NICE MAN WANTS TO GIVE ME SOME MONEY…

I use LinkedIn a lot. I find it an excellent business networking tool and over the years, it has enabled me to meet some fantastic people and make lovely new friends. It’s a tool for reaching out and each time I receive a new connection request, I assume that I may be able to help that person in some way. In most cases, I remember that I have interacted with the individual outside of the social media sphere, but sometimes, I draw a blank (perhaps because my memory is getting worse with age!). Consequently, to frame the next interaction, I always look at their profile to see how many areas of interest are in common, how our respective networks intersect, or how many groups or companies are shared… More often than not, this gives me a good idea, but sometimes, it doesn't...

28 August 2013

DO ASSET MANAGEMENT COMPANIES KNOW THEIR ASSETS?...

Google
Because of the substantial value they hold, financial services organisations have always been a prime target for cyber criminals. We have seen many data breaches and targeted attacks against networks, applications, websites and, most importantly, data and information. In recent years, organised crime has shown increasing sophistication. This has meant that in addition to the more traditional hacks used to ultimately perpetrate fraud, we have seen a surge in attacks targeted at disrupting business operations in order to extract ransom.