You are here
Home > Opinion

Autism, Cybercrime, and Security’s Skill Struggle

I've seen this linkage in several articles. Take a look at your own security team and see if they are on the spectrum. It might help you understand them a little better and help with candidate selection...: [...] Often, she continued, cybercriminals are first diagnosed as being on the autism spectrum during the criminal justice process. Later in her career, as a cyber agent for INTERPOL's Global Complex for Innovation (IGCI), she realized the issue was broader. Ledingham's w

The West’s dangerous lack of tech strategy

"It's a good start, but not nearly enough" is a good description of the West's approach to data governance post-GDPR...: COPENHAGEN — In the 19th century, global power belonged to those who controlled the seas. In the 21st, it will belong to those who rule over our digital highways. If the West fails to take swift action, the world’s autocrats and non-democratic states — led by China — will be the ones to win this race. A divided and sluggish West has failed to keep up

How bellwether cybersecurity technologies predict success

I'm going to disagree with this article. In my experience, what marks out the most successful organisations is getting the basics right. Only then does it make sense to implement these more advanced technologies. We saw this in the SIEM market and it's the same for the cyber deception market. Only organisations that are able to define, monitor, and respond to  incidents get value from advanced tools and techniques...: When it comes to cybersecurity, what differentiates highl

Cybersecurity for the Public Interest

This essay by Bruce Schneier has a Victorian-era feel of co-operative societies about it. And that's not a bad thing. The infosec cognoscenti is a curious mix of libertarian individualists that act largely as a caring and supportive community...: The Crypto Wars have been waging off-and-on for a quarter-century. On one side is law enforcement, which wants to be able to break encryption, to access devices and communications of terrorists and criminals. On the other are almost

RSAcon: In praise of the little booth, but maybe time to go virtual?

A recent tweet from Brian Krebs set me thinking about the time, effort, and hard-earned cash that is spent on going to conferences. In technology most of the really interesting stuff comes from small start-ups, all shouting to be heard above the rumble from the 800lb gorillas. The smart attendees make some time to stroll around the small booths to see what's on offer but it's difficult to attract attention. I'...

Beware! Password Managers Are Not As Safe As You Think

I did some experimentation on a KeePass database recently, using a weak password to secure the database, then attempting to crack it by using a commonly available list of passwords. Here are the results: $keepass$*2*60000*222*dff8fd97c0ddf71bb5dce91ae64a8a71f2eda8202fa2b7ecc5261a2221309c72*19c91a8b732a36363711f1384be8ee74ac35525b6a15f4aa30aa0111619ae401*9413e33793ae6f1e70bc091896d97dc3*4ef55a44c853deb63329064ea3c94b74c8b8ce6af35b98fb5c29bc5e46630eaa*9b424254508ac4e941214b83e...

Which Cybersecurity Framework is Right for You?

A useful crib sheet. I advise mostly small and medium sized businesses and a lot of security guidance is overkill for them. My preferred approach is: Privacy Impact Assessment (PIA) - what data am I collecting and processing and what are the risks? Put another way: what do I want to protect? For each Risk, establish a suitable control - example: anonymisation and/or encryption of personal information Put a governance system in place to monitor the application and e...

It’s time to create a global playbook for cybersecurity

I'm generally in favour of a global, coordinated response to global threats. Climate change, Ozone holes..., and cyber security require a global response. This opinion piece from Singapore sums up the 'why' pretty well. One note of caution: if an attacker knows how you will respond, then they can use that against you so keep playbooks at a strategic, not tactical level...: [...] Technology nationalism is flourishing because the world is engaged in a game without rules: there

Huawei risk can be managed, say UK cyber-security chiefs

Decades ago I designed and implemented telecoms networks. This was back in the days of modems, frequency division modulation, and analogue transmission but we managed to use the (by today's standards) crude elements to design banking and other critical infrastructure. One key concept was the building of a test bed where we could check the quality and impact of the equipment vendors' hardware and software. That was because the teleco had ownership of service quality and took t...

Australia accuses foreign government of cyber attack on lawmakers

You'll notice that no evidence of foreign involvement has been given. It's now the knee jerk reaction (with some justification) to blame "The Chinese" or "The Russians" but we should be careful. There's a  significant chance of any cyber warfare escalating rapidly (in microseconds) so attribution should be based on evidence, not feelings or beliefs...: A cyber attack on Australian lawmakers that breached the networks of major political parties was probably carried out by a f