Opinions & Analysis

The 2012 audits conducted by the Office for Civil Rights (OCR), the governing body that enforces HIPAA regulations, revealed an egregious lack of compliance across the healthcare industry. With the next round of audits scheduled to begin soon, it’s hard to say how forgiving the OCR will be. One thing is for sure: The OCR expects healthcare organisations to monitor themselves. Even so, many companies have yet to initiate a thorough internal audit of their...

Recent research by AKJ Associates found that of 500 UK adults, 76 per cent were concerned about the security of data in a call centre. Of those surveyed, 35.8 per cent said that they were ‘very concerned’ about how personal and credit card information might be protected at call centres from hackers and rogue staff. The research apparently came in the wake of warnings from security researchers that fraudsters are preying on contact centres, using...

Google has called the dumping of user credentials “one of the unfortunate realities of the Internet today”   In a blog post by Borbala Benko, Elie Bursztein, Tadek Pietraszek and Mark Risher at the Google Spam and Abuse Team, it acknowledged a dumping of data, but said that fewer than two per cent of the username and password combinations might have worked, and those would have mostly been blocked by its automated anti-hijacking systems.  ...

At the end of the first day of the Gartner Security and Risk Management summit in London, I had the opportunity to catch one of the distinguished analysts looking at the state of security in terms of the top ten technologies. Presenting in the final session at the event, Neil McDonald, vice president, distinguished analyst and Gartner Fellow in Gartner Research presented on the “top ten technologies for information security”, where Gartner's 60 security analysts from around the world...

Throughout the conversations I have had this year, there has been one recurring theme – automation.   Hardly a new concept; I was writing about the benefits of automation over the past few years, but it seems that 2014 has brought this back to the forefront.   Look at the examples: Oxford University’s Sadie Creese said that we as humans “are good as spotting shapes and patterns”, but we automate as much as possible so...

Last night security blogger Brian Krebs reported that US retailer Home Depot had suffered a major breach of credit and debit card data that may stretch back to late April or early May of this year.   Alerted by banks, after a massive new batch of stolen credit and debit cards went on sale on the dark web, a Home Depot spokesperson Paula Drake confirmed that the company is investigating. Krebs said that there are signs that the perpetrators of...

Fresh from the industry hitting sunny Las Vegas last month, London will once again be the centre of the information security industry next week.   At the centre of other shows in the capital will be 44CON, returning for its fourth year and in a new venue. Along with other hacker conferences, 44CON has firmly established itself on the international stage with visitors and speaking attending from around the world.   I spoke to organisers...

It’s been the social media sensation of 2014, and it seems that our own National Crime Agency (NCA) is as aware of Buzzfeed as the many millions who view it.   Live as of today is the NCA’s first entry to gif heaven. The NCA’s ten amusing clips is hopefully going to drive some awareness into what is assumedly a younger audience than it usually manages to attract.   A spokesperson for the NCA told...

The past 24 hours has seen three major announcements in the security acquisition space.   Possibly the biggest in terms of value was Gemalto’s acquisition of SafetNet for around $890 million. The definitive agreement was signed on Friday and will see the smart chip manufacturer acquire the firewall, encryption and authentication giant from private equity firm Vector Capital.   Elsewhere, IBM has acquired the business operations of cloud security services provider Lighthouse Security Group. Lighthouse Security...

Anyone who has seen that video, or read any of the interview articles conducted with him will know that John McAfee is more than just “a character”.   Having working in information security since 2008, my brushes with him have been minimal, and until the video was published, I was not really aware of him much. However this week I have been in Las Vegas for the Black Hat, Def Con and BSides Las Vegas...