There’s not been much to celebrate in cybersecurity recently. The shadow of the Equifax breach still hangs over the industry as a cautionary tale of what can happen if security processes and execution aren’t 100% watertight. In fact, Europol last week reported stats claiming over two billion records on European citizens have been leaked over the past 12 months. While there’s clearly lots to do, it was heartening to see the UK’s National Cyber Security Centre (NCSC) this week reporting a successful first year in operation.
The GCHQ offshoot claimed to have dealt with 590 “significant” cyber threats reported over the 12-month period. While we’re 100% behind its work, it’s obvious the scale of the problem and the determination of online attackers continues to rise. That means organisations must also take matters into their own hands with best practice, layered cybersecurity. Continue reading →
No organisation is breach-proof: we all know that the odds are stacked too high in the attackers’ favour. However, by following industry best practices we can make it as difficult as possible for hackers, and discourage all but the most determined and well resourced. That’s why it will dismay many in the industry to learn that Equifax knew about the vulnerability that it claims led to a massive breach at the firm this year, all the way back in March. However, it was apparently only fully patched months later once the damage had been done.
Given the scale of the breach, and the fact the firm could have been hit with fines of over $60m under the forthcoming GDPR regime, this should serve as yet another cautionary tale to IT leaders. Best practice security, including effective patch management, is called “best practice” for a reason. Continue reading →
Any IT security professional expecting a quiet summer this year will have been bitterly disappointed. From the global destruction wreaked by NotPetya in June to revelations of a dangerously widespread flaw in the IoT ecosystem the following month, there’s been plenty keep the white hat community busy. Most recently, WikiLeaks has publicised yet another CIA attack tool, this time one designed to capture video from connected cameras. The sheer volume of threats discovered on an almost weekly basis can be mind-boggling. Continue reading →
Security experts have for years been urging organisations to adopt a data breach posture of “not if but when”, and to develop and test incident response plans accordingly. With sweeping new EU regulations coming into force early next year, those plans have never been more important. For those CISOs looking for a real-world example of what can happen when things go awry, look no further than the cautionary tale of automobile giant the AA. Continue reading →