Opinions & Analysis

In the last blog I wrote for 2014, I looked at some of the common prediction trends that the various vendors and analysts had sent to me.   In that article, I identified 15 trends for information security, ranging from identity management changes to connected devices to better collaboration between the dark and light sides of the industry.   On Tuesday 6th January, analyst Richard Stiennon and researcher Tom Cross will join me in an...

Over the past couple of months, my inbox has filled up with predictions from vendors, analysts and security thinkers on what they think will create havoc or solve our problems in 2015.   Before I get on to that, I think it is important to understand what was predicted for 2014. Some were correct – we saw a lot more activity around Internet of Things/Everything, the arrival of version 1.0 of the FIDO Alliance standard...

Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely.   Here’s ten reasons why:   1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect, in other words it reads to me like an English speaker pretending to be bad at writing English.   2. The fact that the code was written on a...

I can tell how long I have been covering security when anniversaries come round of things I recall writing in preparation for.   In the case of the current story, it is the National Cyber Security Strategy, which was originally released in 2011 and came more than a year after Prime Minister David Cameron rated as one of the key focus areas for national security with an £860 million fighting fund.   Three years on,...

On a recent afternoon, I took a stroll down memory lane and visited my Friends Reunited account.   Now say what you want about password management, but I was successful in logging in and reading my last update from 2006. Having not logged on in over eight years, I decided to make the call to cancel my account and this led me to wonder, how many other “live” accounts do I actually have, giving me...

On top of trying to get employees back to work, battling with hackers leaking films online and gigabytes of data being released to the internet, some shocking news has emerged about internal security at Sony Pictures.   According to Gizmodo the data includes a file directory named “password” which includes 139 Word documents, Excel spreadsheets, zip files, and PDF's containing thousands of passwords to Sony Pictures internal computers, social media accounts, and web services accounts....

The international information security standard, ISO27001 is the only security standard that takes an integrated approach to information security by addressing people, processes and technology.   According to Alan Calder, founder and executive chairman of IT Governance, all too often companies focus primarily on technology while neglecting the role people and processes play in ensuring the confidentiality, integrity and availability of their organisation’s information.   “ISO27001 can help streamline the information security management process and...

Following the recent news of the highly-sophisticated Regin malware being discovered, there has been some talk of this being the most advanced malware ever seen. I contacted computer scientist, and anti-virus guru, Fred Cohen to ask what he thought of Regin, which he simply responded to by saying: “I don't think of it.” I asked him if this is the greatest designed piece of attack material or something mirroring other efforts. Cohen said: “Or is...

Following numerous Amazon ads shadowing my moves around the internet since Monday, Black Friday is finally here.   But who could have predicted the frenzy it would generate! Police in Manchester even took to Twitter, pleading “Keep Calm People!”   With fisticuffs at dawn, quite literally, in the brick and mortar stores, virtually it’s equally frantic. An online tool, powered by web services company Postcode Anywhere, that tracks spending at 9,000 online retailers such as...

There was an interesting piece of research released this week by Digital Guardian, which made a number of key points, the first being about the lack of a strategic view within many security functions.   I see this on a daily basis; the issue is exasperated by a number of issues and some unique to security, others are age old business issues that are never going to go away.   Let’s address the obvious first,...