Opinions & Analysis

It’s now almost a year since Target admitted the loss of customer data following an extremely sophisticated hack.   Involving one of Target’s suppliers, a number of point of sale devices and a large number of customer records, the breach was one of the largest in recent history. Target bounced back and dealt with the damage astonishingly quickly but still incurred high damages. Furthermore, although spending on security has risen by 7.9 per cent in...

With the holiday retail “freeze” underway, any security upgrades or technology additions are put on hold until after the busy holiday shopping season and only critical security patches get installed.   The holiday season is retailers’ busiest time of year, with an estimated one-fifth of the year’s shopping taking place between November and December in the UK and over half of online retailers expecting to achieve 20 per cent growth according to IMRG. But during...

While privacy and freedom fighters have long covered their webcams with stickers and plasters, news emerged this morning that a Russia-based website broadcasts live feeds of webcams, CCTV systems and baby monitors. According to BBC News, the website contains thousands of live feeds from more than 250 countries and other territories. From the Uk there are at least 500 feeds, including an office in Warwickshire, a child's bedroom in Birmingham and a home's driveway in...

A large organisation usually comprises thousands of user accounts and computers. There can be users who don’t logon to the Active Directory directly instead, they logon indirectly through Exchange, Outlook Web Access, Remote Access, VoIP or another service-based account.   In addition, there can be a vast range of users with temporary accounts that would be expired after a specific period. Similarly, an organisation will also have temporary computers that were used for only few...

In general, it is not a good idea to for security to prevent functionality, without providing an alternative means by which the business can get their work done. As an example, under normal circumstances, the unavailability of a technology (or not providing a solution in the first place) by which to work when telecommuting or at home will likely lead to ‘shadow IT’ in the form of either utilising cloud based sharing solutions or personal...

Following four years worth of research, research emerged from Kaspersky Lab of an espionage campaign that stole sensitive data from selected corporate executives travelling abroad.   Named “Darkhotel”, it comprised both targeted attacks and botnet style operations and focused on C-level executives by hitting targets while they are staying in luxury hotels. It found that once connected to a hotel’s WiFi network, the attacker tricks the user into downloading a backdoor masquerading as legitimate software,...

Earlier this week I was involved in a conversation that questioned how hard it is to hack a public wifi.   The ‘security expert’ explained that, anyone with the right equipment, could easily sit in a public place and either offer a free wifi service packaged to look legitimate and steal the information that travelled across it, or just collect information from the devices in the location were offering in a bid to connect. Asked if a...

This week saw an unusual announcement from the Information Commissioner’s Office (ICO), where it warned organisations that they must make sure their websites are protected against SQL flaws, the “oldest hackers' trick in the book”.   In its advisory, it pointed a case where a hotel booking website was fined £7,500 due to a vulnerability on its website, which allowed attackers to access the full payment card details of 3,814 customers.   Of course the ICO warned that...

I don’t need to tell you about the Apple iCloud hack: the lurid details have been exhaustively documented elsewhere. However, I do want to tell you what your organisation should take away from it: it is critical to think about the security of your information at the file-level, rather than the device level. Data-centric protection is critically important, particularly in business, and particularly for files - whether they are selfies or strategy PowerPoints. With the...

A study announced today, by taxi app Hailo, claims that making calls on a Smartphone is now only the sixth most common use for a mobile phone. Which made me question - why it’s still called a phone! Sadly I fear it’s just a matter of time before we’re all carrying around ‘Smartscreens’ instead.   And that got me thinking – what else don’t we do anymore because of technology …   Who’s that knocking...