If, like me, you did business studies back in the last millennium then you'd be familiar with Porter's Five Forces. I'm seeing the move by Big Tech to embrace regulation not as any expression of altruism but as a way of locking in competitive advantage. If regulation becomes a significant barrier to entry, then the big boys win...: LISBON — An unlikely cheerleader has joined the fight to regulate Big Tech: Silicon Valley. Amid growing public anger at big beasts like Googl
If you don't mind a bit of self-aggrandisement, this article is worth a read as it prompts thoughts about how the virtual world affects your integrity. To thine own self be (virtually) true...: [...] I coined a new term “integrity theft” (that never took off), which I defined as tempting people to do wrong or go places online that violated their core values and beliefs. What is 'integrity theft?' Everyone is aware of the dangers associated with identity theft. Integrit
In the last few hours I've written the words 'COBOL', 'ColdFusion', and now 'AIX'. What next: 'PDP-11', 'Lotus Notes', 'Windows NT 4'...? We really do need to do something about outdated software. I hope the regulatory pressure from GDPR and GDPR-like law now being implemented globally means we say bye-bye to the 1960's and 70's, maybe even the 80's. 90's, and 'noughties' as well... Researchers from Symantec have uncovered the malware tool North Korea's infamous Lazarus Gr...
The subtext here is that a handful of infrastructure companies have to power to limit your access to the internet. We're a Cloudflare/GoDaddy user. If one of the websites we look after publishes something inflammatory, but not illegal, should those companies be able to deny access?... Before Saturday, Oct. 27, relatively few people were familiar with Gab, the fringe social network developed as an alternative to Twitter and Facebook. By the end of the day, however, media outl
This is from an HR-focused website. It's wrong in so many ways. First, relying on VPNs is no longer best practise. I recommend adoption of a 'zero-trust' model. Don't 'trust' networks, end points, applications, or people. Trust comes from the combination of an authorised and authenticated (and security-aware) user, certified and up to date end points with appropriate security controls, and certified and up to date applications. The one thing I would never 'trust' is a network...
An interesting way at looking at the ROI from security investments. I heard a much more succinct way of expressing the same thing recently "How much is it worth to you if nothing happens?" [...] In many ways this can be put into perspective by looking at the events that led up to the global financial crisis in 2008, for which Collaterised Debt Obligations, or CDOs, were largely responsible. These complex derivatives are essentially debt owned by one business and sold on to a
How's the project going to develop a 'European Google'? No, nothing happening. Meanwhile, politics is being played out with the FAANGs in the crosshairs...: STRASBOURG — Emmanuel Macron is gunning to turn his crusade against Big Tech into a broad political rallying cry ahead of next year’s European Parliament election. Six months after the Facebook/Cambridge Analytica scandal prompted outrage across the European Union, the French president’s finance minister pressed EU pa
A good question from ZDNet. Back in 2001 (yes, I'm that old) I developed and launch a two-factor authentication and authorisation service based on RSA SecurID, tech that's still going strong. However, the 2nd factor being 'something you have' (in this case a hardware of software 'token') is being replaced by 'something you are', led by smartphone technology. Are we ready for biometrics being pervasive? [...] There is also a danger that we risk making biometrics like our f
A paternalistic plea to think of better ways to keep users safe because expecting them to do it for themselves simply isn't working. I have to declare my interest here. I spend a lot of time on awareness programs and risk assessments for clients. I attempt to balance the People/Process/Technology elements of security programs but find that most organisations don't actually know what they are trying to protect so expecting their staff the be aware of risks is bound to fail...:...
It's strange, but not unexpected, that enterprises are lagging the consumer markets in adoption of DX. It's difficult to buy a TV (or a heating system) that isn't internet connected, or avoid Amazon Echo adverts. Enterprises are quite rightly concerned about security but there are steps that your business could take to mitigate the risks of becoming digital (whatever that means)...: [...] "The digital transformation or DX wave appears to be sweeping away everything that stan