Author Archives: Ross Dyer

What CISOs Can Learn from the Sony Pictures Attack

by Ross Dyer

One of the things you’ll hear some CISOs grumble about from time to time is how tricky it can be sometimes persuading the business to release more funds. The skill of the good security chief, of course, is in translating highly technical concepts into a language the board will understand. But even so, it can be a tough sell when the end result of thousands of pounds of investment is … precisely nothing. With cyber security you’re effectively buying insurance against a damaging breach.

So it was interesting last week to see Sony declare that it spent a whopping $15 million on investigation and remediation after major cyber attack last year. It gives just a small insight into the potential financial impact of failing to adequately ‘insure’ your organisation against attack. Continue reading

What we Can Learn from Yet Another Government Data Breach

by Ross Dyer

One of the curious side effects of working in the information security industry for any length of time is that, after a while, the same stories start coming round again and again. So it was last week when the government admitted that two discs full of data related to three highly sensitive police inquiries had got lost in the post. For those with long memories, the echoes of 2007 – when the personal details of 25 million Britons went missing in similar circumstances – are telling. So let’s remind ourselves again of the importance of good data handling practice and what we should all be doing to minimise the risk of a damaging breach. Continue reading

Destructive Malware: Is it Time for CISOs to Panic?

by Ross Dyer

Many UK organisations are only now coming to terms with the fact that APTs and targeted attacks are a real and present danger to the corporate crown jewels: sensitive IP and customer data. It’s taken a while for the threats to filter down from government agencies and high profile multi-nationals. But the truth is that, with the means to launch such attacks now widely available on underground forums, any company could realistically be targeted today.

The bad news, as we’ve seen over the past fortnight, is that the game is changing again. Enter the destructive malware attack. Continue reading