Hafnium and SolarWinds shake up attitudes to supply chain risk management

Posted by:

Who do you trust?

That’s the big question facing companies around the world in recent months. In the wake of a wave of epic vulnerabilities, and equally massive compromises, affecting businesses and government institutions across the US and pretty much everywhere else, the reliability of our suppliers and providers has come into sharp focus.

Everyone wants to avoid the all-too-common inefficiency of “reinventing the wheel”, building things in-house rather than buying them in. Even the ...

Read More →
0

2020 Holiday Infosecurity advice for the people in your life

Posted by:

Sure, if you are reading this post, it’s pretty likely that you are into information security. Perhaps you even do it as a job. And if that is the case, there is something we all have in common – helping out family members, friends and neighbors with their computer, device and internet dramas.

And now, we find ourselves in early December, and that means we have important holidays just around the corner:  Christmas, Hanukkah, New Year’s eve….

And ...

Read More →
0

Making Vendor Risk Management Part of Your Security Strategy

Posted by:

When we think of Vendor Risk Management (VRM), there’s usually a policy or a procedure, possibly even a process to follow – and for good reason. The consistent approach that effective VRM gives you should lead to lower financial and strategic risks, increased admin efficiencies, reduced costs and quicker onboarding of suppliers.

A painful lessons this year has taught businesses is that they are only as resilient as the vendors they rely on. A promise is only ...

Read More →
0

How the pandemic changed everything and nothing

Posted by:

This is a quick look back over the last six months or so: what’s changed in the world of work and cybersecurity and how businesses have responded. I wasn’t sure how to title this post. I don’t think words like ‘review’, ‘lessons learned’ or ‘takeaways’ really do the scale of the situation, but ‘What the …. just happened?’ seems a bit strong.

That being said, from my research and conversations with people in the companies that have ...

Read More →
0

TBG Data Breaches Part 2: It’s not (necessarily) your fault

Posted by:

Last time I discussed the ‘Did they really do that?!’ kind of data breach, the one where you can’t quite see how an organization could manage to have that much data exposed that openly for that long. We all laugh, but as the news clearly demonstrates, it could happen to any company of any size with seemingly any budget.

Malicious actors, however, aren’t just sitting around waiting for the latest instance of an accidental data splurge. They’re ...

Read More →
0

Why bother hacking when firms keep leaving the doors wide open?

Posted by:

If your company suffered a data breach, wouldn’t it be at least a bit comforting if you knew it was because an army of criminal geniuses had spent months trying to penetrate your fortress-like defences?

Imagine the effort they must have gone through. They’ve tried every form of phishing, spearphishing, smishing, vishing and whaling. They’ve sent fake printer and HVAC engineers to try to penetrate the data centers. They’ve tried to get their spies recruited to ...

Read More →
0

Recognizing and Beating the Coronavirus Scammers

Posted by:

If the internet is to be believed, up to 10% of the world’s population are in quarantine, or at least in lockdown, to prevent the spread of the coronavirus.  That’s a few hundred in the US, the same in Europe, a few thousand in a ship off the coast of Japan, oh and about 760 million people in China!

On the face of it, that’s quite scary. ...

Read More →
0

(Internet of) Things Change, and Not Always for the Better

Posted by:

I was chatting with one of my IT Admin friends the other day. Let’s call him Gary to spare him blushes. He has been working in offices for years, and I asked him what little things annoy him these days. Not the Big Stuff like ransomware and corporate spying, I just wanted to know about the day-to-day frustrations.

He said:

 “When I started out as ‘The IT Guy’ in the office, people would come and ask ...

Read More →
2

The current state of privacy laws in the USA 2020: what you need to know

Posted by:

After the introduction of the CCPA in 2018 a whole slew of states got on board the data privacy bandwagon, and it looked like there was real momentum in the direction of increased rights for citizens over their own data.  By the middle of 2019 more than a dozen states had introduced some kind of privacy bill, either from scratch or as an amendment to existing privacy laws.

So how has that turned out?

Well, if you’re an advocate for increased user ...

Read More →
0

How to avoid nasty flies in your bug bounty program

Posted by:

Bug bounties are increasing in popularity, but are there any steps to consider to ensure you keep any annoying flies at bay? Let’s take a quick look.  

Late last week, Google told security researchers that they have upped the bug bounty reward, making it significantly more attractive for researchers to invest in bug hunting.

Media reports cite that Google has received more than 8,500 security bug reports since the launch of its Chrome Vulnerability Rewards ...

Read More →
0
Page 1 of 6 12345...»
})
SEC Cybersecurity Exams