You are here
Home > Opinion

Cybersecurity must focus on deploying emerging technologies

I'm going to disagree with the esteemed chap from Unisys (below). What the vast majority of organisations should do is get the basics of risk identification and risk management in place before any attempt to deploy new technology. When an organisation has an appropriate set of controls, then, and only then, should they look at implementing technology. The other major point is that most of the innovation in cybersecurity aimed at combating new and emerging threats comes out

Critical Flaw in Cisco’s Email Security Appliance Enables ‘Permanent DoS’

We see a lot of attacks aimed at Firewalls, antivirus etc. This one is aimed at Cisco email security devices, see the article on Threatpost for more detail. One of the major risks associated with the implementation of security controls is that the control mechanism itself carries a significant degree of risk. For example, if you put a device in the heart of your email infrastructure you had better ensure that you haven't just made it easier for attackers to block email by ...

Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies.

This HBR article makes the point that the threat to our privacy has shifted because of the ability to handle huge volumes of data. The average citizen will have little or no understanding of the impact of giving consent so data processors won't be able to rely on the concept of 'informed consent' to protect themselves from litigation or regulatory control...: [...] More specifically, the threat of unauthorized access to our data used to pose the biggest danger to our digital

Law Firm Innovation – The Newest BS Phrase

I recently invited my contacts on LinkedIn to write down their 'trigger words'. One of mine is the oft-misued 'innovation'. It seems I'm not the only one...: Having recently attended a conference on law firm innovation, I came to the realization that Blockchain has lost its pre-eminent place in the legal BS stratosphere. This is a sad day. Blockchain had a good life and provided tons of opportunities for people to opine on how ‘everything’ will change because of it. I recall

How Big Tech learned to love regulation

If, like me, you did business studies back in the last millennium then you'd be familiar with Porter's Five Forces. I'm seeing the move by Big Tech to embrace regulation not as any expression of altruism but as a way of locking in competitive advantage. If regulation becomes a significant barrier to entry, then the big boys win...: LISBON — An unlikely cheerleader has joined the fight to regulate Big Tech: Silicon Valley. Amid growing public anger at big beasts like Googl

Another Look at Virtual Integrity

If you don't mind a bit of self-aggrandisement, this article is worth a read as it prompts thoughts about how the virtual world affects your integrity. To thine own self be (virtually) true...: [...] I coined a new term “integrity theft” (that never took off), which I defined as tempting people to do wrong or go places online that violated their core values and beliefs. What is 'integrity theft?' Everyone is aware of the dangers associated with identity theft. Integrit

Symantec Uncovers North Korean Group’s ATM Attack Malware

In the last few hours I've written the words 'COBOL', 'ColdFusion', and now 'AIX'. What next: 'PDP-11', 'Lotus Notes', 'Windows NT 4'...? We really do need to do something about outdated software. I hope the regulatory pressure from GDPR and GDPR-like law now being implemented globally means we say bye-bye to the 1960's and 70's, maybe even the 80's. 90's, and 'noughties' as well... Researchers from Symantec have uncovered the malware tool North Korea's infamous Lazarus Gr...

Gab Vanishes, and the Internet Shrugs

The subtext here is that a handful of infrastructure companies have to power to limit your access to the internet. We're a Cloudflare/GoDaddy user. If one of the websites we look after publishes something inflammatory, but not illegal, should those companies be able to deny access?... Before Saturday, Oct. 27, relatively few people were familiar with Gab, the fringe social network developed as an alternative to Twitter and Facebook. By the end of the day, however, media outl

Transitioning to remote working

This is from an HR-focused website. It's wrong in so many ways. First, relying on VPNs is no longer best practise. I recommend adoption of a 'zero-trust' model. Don't 'trust' networks, end points, applications, or people. Trust comes from the combination of an authorised and authenticated (and security-aware) user, certified and up to date end points with appropriate security controls, and certified and up to date applications. The one thing I would never 'trust' is a network...

We understand monetary debt, so why not security debt?

An interesting way at looking at the ROI from security investments. I heard a much more succinct way of expressing the same thing recently "How much is it worth to you if nothing happens?" [...] In many ways this can be put into perspective by looking at the events that led up to the global financial crisis in 2008, for which Collaterised Debt Obligations, or CDOs, were largely responsible. These complex derivatives are essentially debt owned by one business and sold on to a

Top