You are here
Home > Opinion

Google’s Sundar Pichai says privacy can’t be a ‘luxury good’

Compare and contrast these utterings with Mark Zuckerberg's statements on privacy. No matter how well-meaning the CEO is, the business model of both companies currently relies on hoovering data. I'd need to see a shift in how Google makes money to change my trust level...: [...] Pichai acknowledged that having access to our data makes Google's services run better, but that users -- all users -- should still expect their privacy to be protected without having to pay extra for

The NIST Privacy Framework Is More Needed Than Ever

In the world of information security if you compare ISO270001 with NIST CSF, ISO is a framework of sets of principles and CSF is much more a set of rules to follow. You can 'comply' with NIST and 'follow' ISO270001. Best practise is to use CSF as the basis for controls that you implement in your ISO 270001 framework. Let's see if it's the same with GDPR vs. NIST privacy framework..: In recent weeks, the National Institute of Standards and Technology released their latest dra

Britain strikes an artful compromise on Huawei and 5G

An opinion post from The Economist. One thing not often mentioned is that the 3G and 4G core are currently in a large part from Huawei so we should already be experienced in looking for signs of nefarious activity...: [...] Britain’s decision matters: it is a member of the “Five Eyes” intelligence-sharing alliance led by America, and was one of the first Western economies in which Huawei built a presence. Britain also has experience of electronic spying and knows Huawei well

The end of ‘Detect and Protect’ cybersecurity measures

Not exactly "the end of" more "can't be totally reliant on". My view is that you need a range of measures, starting with an understanding of the threats your business is facing, through establishing and refreshing appropriate security controls (like CTR, detailed below), and being able to mitigate the impact of the inevitable breaches. This is part of the toolbag...: I became particularly passionate about the need to shift away from ‘detect and protect’ technologies after an

Major Mobile Financial Apps Harbor Built-in Vulnerabilities

This comes down to "Who do you trust?". I'm unlikely to attempt to reverse engineer every app that I use so I have to put some level of trust in the company that provides it and the location where it's installed from. We've already seen that bad stuff can get into the 'official' app stores, especially Google Play, I'd like to think that the major financial institutions take care with their apps, but that's evidently not the case. I should theoretically reduce my exposure by l

Autism, Cybercrime, and Security’s Skill Struggle

I've seen this linkage in several articles. Take a look at your own security team and see if they are on the spectrum. It might help you understand them a little better and help with candidate selection...: [...] Often, she continued, cybercriminals are first diagnosed as being on the autism spectrum during the criminal justice process. Later in her career, as a cyber agent for INTERPOL's Global Complex for Innovation (IGCI), she realized the issue was broader. Ledingham's w

The West’s dangerous lack of tech strategy

"It's a good start, but not nearly enough" is a good description of the West's approach to data governance post-GDPR...: COPENHAGEN — In the 19th century, global power belonged to those who controlled the seas. In the 21st, it will belong to those who rule over our digital highways. If the West fails to take swift action, the world’s autocrats and non-democratic states — led by China — will be the ones to win this race. A divided and sluggish West has failed to keep up

How bellwether cybersecurity technologies predict success

I'm going to disagree with this article. In my experience, what marks out the most successful organisations is getting the basics right. Only then does it make sense to implement these more advanced technologies. We saw this in the SIEM market and it's the same for the cyber deception market. Only organisations that are able to define, monitor, and respond to  incidents get value from advanced tools and techniques...: When it comes to cybersecurity, what differentiates highl

Cybersecurity for the Public Interest

This essay by Bruce Schneier has a Victorian-era feel of co-operative societies about it. And that's not a bad thing. The infosec cognoscenti is a curious mix of libertarian individualists that act largely as a caring and supportive community...: The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost

RSAcon: In praise of the little booth, but maybe time to go virtual?

A recent tweet from Brian Krebs set me thinking about the time, effort, and hard-earned cash that is spent on going to conferences. In technology most of the really interesting stuff comes from small start-ups, all shouting to be heard above the rumble from the 800lb gorillas. The smart attendees make some time to stroll around the small booths to see what's on offer but it's difficult to attract attention. I'...