Opinions & Analysis

It was a case of another month, another flaw revelation this week. Although we have seen zero-days in 2015 primarily affecting Adobe's Flash software, this week a story picked up from the great threats of 2014 with 2015's FREAK. The “Factoring attack on RSA-EXPORT Keys” flaw uses an encryption protocol from the early 1990s to intercept vulnerable clients and servers, and force them to use ‘export-grade’ cryptography, which can then be decrypted. Matthew Green, cryptographer and...

In our recent article about endpoint security “getting its sexy back”, one point that Neil Campbell, general manager for security at Dimension Data made, which I decided not to include, was about the future of SIEM. He said: “At the moment, security incident and event management (SIEM) technology is about reporting and not control, and it needs to expand to control and remediation or the point players will disappear as they are looking for security...

In the second and final day here at the Trust in the Digital World conference in Madrid, I have attended a panel debate on the subject of E-Health. With speakers from SAP, ATOS and hospitals in Spain, the concept was mostly on sharing anonymised data for the benefit of research and action, whilst keeping the patient data private. Chair Volkmar Lutz, head of applied research at SAP, said that the view of the sector is that...

For the first of this series of blogs, I want to focus on the timely concept of trust. Timely for the timing of my travelling from the conference Trust in the Digital World, timely as last week saw the announcement of research that CEOs see cyber security as a third priority, whilst news breaks that some laptop models contained suspicious software that some said was spying on users, and whilst NSA whistle blower Edward Snowden...

It’s no secret that the data centre industry is evolving rapidly. Large scale, inflexible and expensive physical hosting solutions are no longer common thanks to virtualisation and we’ve all bought into cloud – so today’s forward thinkers are now looking to the Software Defined Data Centre (SDDC) to further transform the way they utilise data resources. This change presents its own interesting challenges for security and SDDC, users need to be aware of the virtues,...

Following their discussion yesterday on managing a security team and infrastructure on a shoestring, the second part of the discussion focused more on the spending by Sony Pictures.   Inspired by the story that Sony Pictures plans to spend $15 million on better cyber security after major attacks hit it in both 2011 and 2014, where attackers made off with personal details in both attacks, I tasked two security professionals to discuss this.   After...

Following the publication of a recent article regarding Sony spending $15 million on cyber security defences, I got into a conversation with two professionals on securing a business on a much smaller budget.   That conversation initially took place on Twitter, and I tasked the two men involved, Coalfire European managing director Andrew Barratt and Gary Smith, a senior security professional within financial services, to discuss this.   I began by asking them if it...

It’s been just a few weeks since Anthem held its hands up and confirmed it had fallen victim to a cyber attack. According to reports, the incident is the largest data breach ever to hit the US health care sector, with as many as 80 million current and former Anthem customer records affected. As reported by IT Security Guru earlier this week, investigators now believe the hackers somehow compromised the credentials of five different tech...

News emerged this morning from Sony that it plans to spend $15 million on cyber security defences, only months after suffering a devastating cyber attack.   The financial statement says that Sony Pictures has a forecast of 890 billion yen ($7.6 billion) in total sales, suggesting that the $15 million outlay on defences against an attack that closed the company down and forced employees to use pen and paper and off corporate networks, is a...

Today marks the ninth annual Data Privacy Day; the purpose of which is to raise public awareness and advocate data protection and privacy best practices. Over the last year we’ve seen many high profile breaches, which involved eBay, JPMorgan, and most recently Sony Pictures Entertainment - so it is very clear that now more than ever that both individuals and companies need to be incredibly aware of the dangers that come as a result of...