You are here
Home > Opinion

Companies still unprepared for GDPR rule changes and potential EU data breaches

It's not just companies outside the EU that are struggling. I find a lot of misconceptions even in in-region organisations. The most annoying is when I see something labelled as 'GDPR Compliant'. I'll say it (yet) again: you don't comply to GDPR, it's not a set of tick-boxes, you make sure you align to the principles...: Enterprises across the world are still struggling to comply with the new rules enshrined in the GDPR that came into effect more than a year ago. The regulat

Identity and Access Management: Preventing a Cyber Attack

I read the linked article to see if there were any new insights on the application of IAM to prevent the kind of attacks we see. Nope. That prompted me to think of a simple way of prioritising the security and privacy related actions that we all should take. If I start by pointing out that the most common method of attack is phishing. That means that IAM would be useless prevention as an already authenticated user is the route for the attack. It would be a much better use

Why phones that secretly listen to us are a myth

Plenty of meat for conspiracy theorists to get their teeth into here even if the 'always listening' phone isn't really a thing. Thinking about my own household, if I say "Hey Siri" at least three devices will try to talk back to me. Then there's the TV, the Sky Q box, the children (scrub that, they don't respond). Back in the 90's, Scott McNealy said "Privacy is dead, get over it". That's probably more true now than ever...: [...] Interestingly, the study found that most of

Cyber Risk Board Oversight

This feedback from EY's contact with board members resonated with the themes I've been picking up in discussions with CISOs and DPOs. I'll summarise it as "Get the basic cyber hygiene in place, security and privacy by design, and trust but verify."  or "Start with understanding what do you want to protect." <shameless plug>Over at Glock Enterprises we've been building a portfolio of services and supporting tools that help organisations with their security and privacy p

New Chubb InFocus Report Outlines Latest Cyber Risks

Note the inclusion of both a major privacy issue and an emerging cybersecurity threat in this report. Many organisations treat Privacy and Security as separate issues with data governance (think CDO, DPO...) and infosec (CISO) being handled in different reporting lines. Time for a governance rethink?...: WHITEHOUSE STATION, N.J. , Aug. 27, 2019 /CNW/ -- Chubb's latest Cyber InFocus Report, "Know the Latest Trends in Cyber Risks," outlines the newest cyber exposures that all

Why risk management is vital for digital transformation

This from an interview with Sam Olyaei, senior principal analyst, Gartner. Do you have a threat model for your digital transformation program? I don't just mean the technology platform, but all the business risks associated with taking your business digital. If you were operating an oil platform, your risk management would cover all aspects of the operation. It should be the same for your digital platform...: [...] As organisations embrace digital technologies, they become e

Young people should do national cyberservice

I'm fully in favour of this. I work with ex-8200 experts and they really know their stuff...: [...] Cyberservice graduates would enter the labour market or university education with superb qualifications. They might never work for the government; on the contrary, they could take their expertise and make lots more money in industry. Indeed, like many ex-conscripts in the Israeli Defence Forces’ elite Unit 8200, they could go on to launch innovative startups. [...]

8chan dumped by Cloudflare security after El Paso shooting

When business ethics trumps the 'freedom of speech'. It's one thing to position yourself as a platform not a publisher, another to be aware of the content and do nothing about it. I wonder how long before the first DDoS attack?...: On Saturday a 21-year-old male allegedly shot up a crowded mall in El Paso, Texas, killing 20 and injuring a further 26. Hours later, authorities found a 2,300-word manifesto the killer had written and posted onto 8chan prior to the massacre. It...

Software Developers and Security

Metaphorically looking over the shoulder of the developer making "Tut,tut" noises isn't the way to do this. The 'cost' of writing non-secure code needs to go up for developers. Security reviews should be built in to the development cycle and developers encouraged to make the review process as frictionless as possible by getting it right first time. I'm a fan of threat modelling as a way of getting devs and security to work together...: According to a survey: "68% of the secu

France’s Macron announces creation of a new space force command

"Gentlemen, start your [meme] engines." I foresee many cartoons of space troopers (some in red shirts - and we all know what that means) clashing in orbit with one side calling the other "Cheese-eating surrender-monkeys" whilst laser pulses flash around. Seriously though, with the investments in micro satellites much of the internet will bypass terrestrial networks all together so there will be valuable assets in space that need protecting ..: French President Emmanuel Macro