Tasked with presenting a lunchtime briefing to IT and InfoSec leaders at CAMSS Canada (September 2018), about the Security Crisis of the Internet of Things, my presentation – whilst warmly received – sparked sufficient lively debate to provide subjects of future posts e.g. ‘is it the consumer’s responsibility or the product manufacturer’s responsibility to secure… (0 comment)

The unrelenting number of cybercrime breaches reported each week would seem to buttress the traditional school of thought that a cybercriminal’s capability increases the chances of a successful breach of a firm’s cyber defences. However, I often debate the question ‘are cybercriminals really becoming more capable in this age of the dark web and the… (0 comment)

Cybercriminals don’t care TBH…
Cybercriminals don’t seek to prove or disprove the CISO’s qualifications, in all truth; all they care about testing is our ‘defence’ – which consists of software, hardware and – most importantly, our security teams who do the actual physical work to defend the corporate systems. If we respect and acknowledge each and every team member… (0 comment)

Keeping it Simple – The Equifax CISO’s Qualifications!
So the former Equifax CISO, who’s most likely feeling pretty low over the security breach – has subsequently borne the brunt of many professionals mocking her ‘music’ degree – presumably suggesting the lack of a technical degree caused the breach! Let’s consider this fact: Between 2016/17, the FBI,  Yahoo, Sony, TalkTalk, and even LinkedIn –… (0 comment)

The Big Risks of your Tiny USB Stick
So you’ve been handed a brand ‘new’ USB (Memory) stick from a conference you’ve attended, or you’ve found a misplaced USB stick on the floor inside or outside the office, and you want to find out what’s on it so you can return it to its rightful owner; so what’s the first thing you do… (0 comment)

The $2 Trillion Dollar Cyber Crime Industry and the Corporate Board’s Fiduciary Responsibilities
With Cybercrime’s annual turnover projected to reach $2 TRILLION dollars by 2019, Boards need to step up the engagement of CISO’s and CIOs at the board table. Why are CIOs/CISOs still struggling to get a seat at the table? Not because board executives don’t understand security or technology, and not because CIOs/CISOs aren’t speaking ‘strategy’ language… (0 comment)

Always Check the Email Header!
Attempts to ‘phish’ information from cyber-users has moved on a bit from the standard ‘419’ sob-stories to targeted spear phishing attacks, and increasingly persistent tries at exploiting personal financial information from the unwary majority. I’ve done quite a bit of shopping on Amazon recently, and was contacted in April by Amazon to advise me to… (0 comment)

Crime-as-a-Service:  Who’s “vishing” For Your Bank Card Details?
Social Engineering is the Cyber Criminal’s favoured weapon in mounting information and cyber-security attacks, and the new era of Crime-as-a Service has increased the risk further. Social engineering is simply the act of manipulating an individual’s psychological or emotional state, and persuading them to disclosing information they wouldn’t normally share. Since financial institutions have made some inroads… (0 comment)

The best policies and controls in the world can’t resolve the weakest link in the chain of IT security breach prevention, detection and mitigation – i.e. ‘people’. To mitigate against the risk of falling foul of information security civil or criminal regulations – here’s a checklist of responsibilities for employees: IT and Information Security leaders:… (0 comment)