Opinions & Analysis

Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely.   Here’s ten reasons why:   1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect, in other words it reads to me like an English speaker pretending to be bad at writing English.   2. The fact that the code was written on a...

I can tell how long I have been covering security when anniversaries come round of things I recall writing in preparation for.   In the case of the current story, it is the National Cyber Security Strategy, which was originally released in 2011 and came more than a year after Prime Minister David Cameron rated as one of the key focus areas for national security with an £860 million fighting fund.   Three years on,...

On a recent afternoon, I took a stroll down memory lane and visited my Friends Reunited account.   Now say what you want about password management, but I was successful in logging in and reading my last update from 2006. Having not logged on in over eight years, I decided to make the call to cancel my account and this led me to wonder, how many other “live” accounts do I actually have, giving me...

On top of trying to get employees back to work, battling with hackers leaking films online and gigabytes of data being released to the internet, some shocking news has emerged about internal security at Sony Pictures.   According to Gizmodo the data includes a file directory named “password” which includes 139 Word documents, Excel spreadsheets, zip files, and PDF's containing thousands of passwords to Sony Pictures internal computers, social media accounts, and web services accounts....

The international information security standard, ISO27001 is the only security standard that takes an integrated approach to information security by addressing people, processes and technology.   According to Alan Calder, founder and executive chairman of IT Governance, all too often companies focus primarily on technology while neglecting the role people and processes play in ensuring the confidentiality, integrity and availability of their organisation’s information.   “ISO27001 can help streamline the information security management process and...

Following the recent news of the highly-sophisticated Regin malware being discovered, there has been some talk of this being the most advanced malware ever seen. I contacted computer scientist, and anti-virus guru, Fred Cohen to ask what he thought of Regin, which he simply responded to by saying: “I don't think of it.” I asked him if this is the greatest designed piece of attack material or something mirroring other efforts. Cohen said: “Or is...

Following numerous Amazon ads shadowing my moves around the internet since Monday, Black Friday is finally here.   But who could have predicted the frenzy it would generate! Police in Manchester even took to Twitter, pleading “Keep Calm People!”   With fisticuffs at dawn, quite literally, in the brick and mortar stores, virtually it’s equally frantic. An online tool, powered by web services company Postcode Anywhere, that tracks spending at 9,000 online retailers such as...

There was an interesting piece of research released this week by Digital Guardian, which made a number of key points, the first being about the lack of a strategic view within many security functions.   I see this on a daily basis; the issue is exasperated by a number of issues and some unique to security, others are age old business issues that are never going to go away.   Let’s address the obvious first,...

It’s now almost a year since Target admitted the loss of customer data following an extremely sophisticated hack.   Involving one of Target’s suppliers, a number of point of sale devices and a large number of customer records, the breach was one of the largest in recent history. Target bounced back and dealt with the damage astonishingly quickly but still incurred high damages. Furthermore, although spending on security has risen by 7.9 per cent in...

With the holiday retail “freeze” underway, any security upgrades or technology additions are put on hold until after the busy holiday shopping season and only critical security patches get installed.   The holiday season is retailers’ busiest time of year, with an estimated one-fifth of the year’s shopping taking place between November and December in the UK and over half of online retailers expecting to achieve 20 per cent growth according to IMRG. But during...