You are here
Home > Opinion

Security is biggest hurdle to effective digital transformation

It's strange, but not unexpected, that enterprises are lagging the consumer markets in adoption of DX. It's difficult to buy a TV (or a heating system) that isn't internet connected, or avoid Amazon Echo adverts. Enterprises are quite rightly concerned about security but there are steps that your business could take to mitigate the risks of becoming digital (whatever that means)...: [...] "The digital transformation or DX wave appears to be sweeping away everything that stan

Diversity at cybersecurity conferences is too important to ignore

What I don't see in any of these debates about diversity is any stats as to the make-up of the infosec community as a whole. It starts with encouraging talent from as wide a pool as possible. The "Who talks at conference" is a side issue...: In early 2018, the RSA Conference announced its keynote lineup of over 20 speakers. When only one of them was a woman -- activist Monica Lewinsky -- the security industry reacted. From outrage to alternative conferences, diversity at cyb

Cybersecurity and the Ungrateful Masses

For all of us who provide cybersecurity support (paid or unpaid) here's an attempt to explain why the masses don't seem to value us. Looking at my own domestic and work situation, I find it strange how one of my family, or one of my business partners (you know who you are), can complain they have a problem, then get angry with me for trying to understand their problem by asking questions and asking them to take certain actions. "Can't you just fix it!" is the usual refrain. S...

Happy GDPR Day?

Even though the regulation has been in force for 2 years, today marks the day when enforcement action starts. I guess, like me, most people are fed up with the number of 'please opt-in' emails that are being sent out and others wailing about 'having to delete my marketing database'. My response to those opt-in emails is to delete them. If I'm on a marketing database for any reason other than I gave my willing consent then I don't want to be contacted. If you're emailing pe...

25% of Businesses Targeted with Cryptojacking in the Cloud

Reading the headline made me think that there's a business opportunity here. The 'Freemium' model usually relies on advertising to pay for the entry level, with upgrades to advert-free and feature enhanced models. Maybe some budding entrepreneur could add crypto-mining as an option and/or other distributed workloads so that users could opt-in to use their own compute power to pay for applications and content. In effect, rather than advertising $$ powering the internet, it ...

Zero-day flaw exploited in targeted attacks is fixed by Microsoft

Follow-up articles to Patch Tuesday just about always contain an explanation of why you should patch (see below). Given that, even if no attack was seen in the wild before the patch was issued, exploits will be coming thick and fast once the bad guys reverse-engineer the patches then why don't we drop all the effort to explain 'why patch this time' and move to 'why patch all the time'. I advise patching as soon as possible and accepting the risk that something might break...:...

RSA CTO: ‘Modernization Can Breed Malice’

I suppose it's no surprise that the CTO of a large security vendor is calling for consolidation of the market. I've heard a different story from customers who perceive innovation as coming from startups and look to the bigger players to provide operational excellence. In the cloud space we now talk about hybrid models of some in-house and some public cloud. In infosec we need a similar mix of big boys and nimble startups..: Zulfikar Ramzan predicted the future of cybersecuri

How Microsoft, Amazon, Alphabet Are Reshaping Security

I found myself offering advice yesterday that I thought I'd never hear myself saying. In response the the question "My McAfee licence has expired, what antivirus should I install on my PC?" I found myself saying "Windows defender covers all the basics. McAfee is massive overkill as long as you use gmail, keep everything up to date, and avoid the more ‘interesting’ websites. If you use a Mac and/or iOS then the default security settings will keep you secure in most situations ...

The eternal struggle: Security versus users

You can get the flavour of this article from the extract below. I want to make a different, but linked point. We don't have 'Security' telling people not to leave their house keys lying around so why should we need a special team to remind people to protect their digital assets?...: There's an old joke that a job in security is a safe place to be grumpy. From what I've seen over my career, that is often true. Security people seem to cherish their reputation for being pessimi

Intellectual property insurance still under valued despite rise of cyber attacks

Reading this article (extract below) in the Insurance Post brought back memories of from almost 20 years ago when I used to talk at events and train security teams around the world. The first question then, and now: "What do you want to protect?". Without an understanding of the assets you're trying to protect your security controls, remediation, and risk mitigation will have no linkage to your business needs. Even though it's focused on information about 'Human Persons', ...