Monthly Archive: May 2020

When security controls become theatre

If you go to the supermarket today, it’s highly likely that you’ll find yourself in a line, two metres apart leading up to a person with a counter that looks like they’d literally be anywhere else than stood at the door counting people in and out of the store. Once you’ve made it past this Gandalf-like character shouting you shall not pass! It’s straight into a labrynth of one way arrows, black and yellow tape, and people who look like they’ve been searching for the arrow that’ll take them to the checkouts since the end of March. Welcome to the…
Read more

Share

Making sense of the Easyjet breach

Upon seeing the news earlier today that the budget airline Easyjet had been breached, my reactions (in order) were “Woah”, followed by “Bloody hell”, and finally “Not this **** again!” 9 million affected users, of which over 2200 may have had their credit card credentials compromised. Obviously Easyjet have apologised; informed the ICO and police; and are in the process of contacting customers. To my mind, this sounds eerily familiar to the MageCart attack that compromised British Airways back in 2018, leading to the breach of up to 380,000 customer’s data including payment card details. Unfortunately for BA, just 22…
Read more

Share

An introduction to risk

I started this as a brief introduction, but in making sure I explained the fundamentals, I ended up writing pretty much a chapter of a book on Information Security. If you read this and you are saying “but you’re telling my stuff I already know”, lucky you! Risk management is one of the very first things I teach my junior analysts at the start of their careers; and it’s something you should ensure your stakeholders understand. By giving them an appreciation of risk and its management, you’re much more likely to be able to deliver your security messages effectively. You…
Read more

Share

Do you still own your perimeter?

Designing a company network to be secure isn’t that difficult: A firewall here; a DMZ there; some next-generation technologies liberally sprinkled around; and a set of policies to ensure that systems are built securely and operated securely. At which point, you kick back in your chair, and bask in the sea of green that are your security dashboards. Sorry, you’re not allowed to have it that easy, so here’s a pandemic for you to deal with; and by the way, all your staff will now be working from home for the foreseeable future. If your company issues all its staff…
Read more

Share

Why we need policy, even in a crisis

As the scale of the Covid-19 epidemic became clear in the opening months of 2020, governments around the world began considering draconian restrictions on everyday life in order to contain the spread of the virus and ultimately limit the death rate as a result of it. However, in countries with a mature and functioning democracy, this wasn’t just a knee jerk reaction, rather a legislative instrument that balanced the need to protect society with the need to protect individual freedoms. In the main, most western countries appear to have struck an appropriate balance. But what does this look like at…
Read more

Share