Skip to main content

Checklist or your memory, is one better?

Checklist or your memory, is one better?

Quite rightly, security professionals are proud of how much information they hold in their heads. There is no doubt that to be effective you need to have immediate access to lots of different concepts. However, the really effective ones also have a checklist. First off – the problem. Lots of certificate exams are memory tests and […]

Read More

Threat Hunting – essential for every business

Threat Hunting - Do it right

Lots of articles, blog posts and webcasts talk about threat hunting. Despite this few, if any, organisations do it. This is a mistake. Security hit the headlines again recently, when Equifax admitted to a breach exposing around 143 million records of personal data. While details are still emerging, it looks like the attackers compromised an […]

Read More

Dashboards vs Security – are they really helping?

Example Security Dashboards

Metrics, Dashboards and Security Like them or not, metrics are a fundamental part of every organisation. Security doesn’t get to a free pass. It is a rare CISO who doesn’t demand dashboards showing how all the security controls are performing. Therefore for most organisations, this is a fight long lost. This may not always be a […]

Read More

North Wales Cyber Security Cluster – April 2016 Meeting

Cyber Security Cluster - April 2016

The North Wales Cyber Security Cluster is meeting on 21 April at Solvings Ltd, in Mold, Flintshire. Solvings provide a great location and the cluster is a wonderful opportunity to learn about cyber security. Access to cluster meetings is free and everyone is welcome. No prior knowledge is needed. There really are no stupid questions! Clusters […]

Read More

Ransomware: Don’t panic – deal with it

Ransomware bites hard but good security controls are effective

Since Cryptolocker appeared in late 2013, it seems hardly a day can go by without some ransomware attack hitting the news. The variations all have entertaining names like Teslacrypt, Locky, PayCrypt (etc). The impact on the victims can be monumental. Tracking sites show new versions appearing several times a day – much faster than most […]

Read More

Incident Response – 5 key stakeholder groups

Incident Response - Your team cant function in a vacuum.

Incident response is a vital component of every organisations security. It provides the safety net for when the inevitable happens and other controls fail. A good incident response team will also have subject matter experts who can guide your entire organisation’s security strategy. If you take security even slightly seriously, you will have an incident […]

Read More

Supplier Security – A lesson for T-Mobile

Supplier security problems result in this notice from the CEO of T-Mobile

Supplier security is something most organisations are at least aware of, and lots actually realise they need to do something about it. However, most of the time, “doing something” about it involves a quick chat with the supplier, possibly a generic check-list and a review that the contract at least mentions security. The problem is thinking […]

Read More

Finphishing – 8 steps to criminal profits

FinPhishing - short and succinct message, simple to generate but potentially deadly to the victim.

FinPhishing – or financial spear phishing – is a form of social engineering attack which is becoming massively profitable for the criminal enterprises involved. Unfortunately for the victims it is very cheap to deploy and nearly always gets past technological security controls such as spam filtering and malware detection. As a result of this, businesses […]

Read More

Security breaches – do you know what to do next?

Anonymous - often linked to security breaches

One sad fact about security is that no matter what controls you put in place, you will suffer breaches and if you are on the internet it is likely to happen sooner rather than later. People sometimes hold to a “physical world” security model which has a clearly defined threat actor (e.g. a burglar) casing […]

Read More

Security Patches – Internet Explorer – Act Fast

Security Patches - IT Plasters

For lots of enterprises, security patches are a pain to test, a pain to deploy and frequently frustrating when they require downtime for the inevitable system reboots. However, security patches are also a significantly important mechanism for protecting your environment against attacks. They really are. This month, Microsoft have announced 13 security patches – three of which are […]

Read More

Phishing attacks continue to evolve and spread malware

Phishing Email - note the detail attempting to give it an air of legitimacy.

As most internet users know, phishing attacks are very common. The term itself dates back to 1995 (e.g. AOHell) and social engineering (which is basically what phishing is) goes back as long as we have had societies. At a basic level, phishing is an attempt by a malicious party to get the recipient (victim) to […]

Read More