Blog Post

CuK8hv7WgAI68IH
,

Alien Eye in the Sky

A lot went down – some stories in the video and a ton of interesting links below. Enjoy!

 

Stories in Video

Tesco Bank Hacked

Adult Friend Finder hack

Facebook buyingstolen passwords

IP Bill set to becomelaw

Other interesting stories  

Cyber Security Challenge UK crowns youngest ever champion

GCHQ wants internet providers to rewrite systems to block hackers

Researchers’ Belkin Home Automation Hacks Show IoT Risks

UK halts Facebook’s WhatsApp data dip

Data Cleanliness and patch verification

A Cybercrime Report Template

Smart Light bulb worm hops from lamp to lamp

CwKJ6ykXgAAkb0y.jpg-large

Podcasts!

As if blogging and making videos wasn’t enough. I’ve wanted to stretch my creative legs for a while and dip a toe into the world of podcasting.

So, I jumped at the opportunity when there was the chance to start a new podcast at AlienVault. The AlienVault Security Perspectives is out, with the first episode featuring special guest Wendy Nather – who also happens to be one of my favourite people in the world.

I’d be interested in your feedback and opinion.

Click here to go to the podcast and download it on iTunes. 

Screen Shot 2016-10-14 at 14.49.45

How to protect your business from a security attack

Recently, I caught up with Priority One IT Support to provide advice to business owners on how they can protect their business from a security attack.

A glance at the media will show that attacks are not only on the rise, but the types of companies under attack are also varied. Whereas previously only the largest of companies and financial institutes came under attack, these days, companies of all sizes and industries are targeted.

 

Protecting your business

From a fundamental perspective it’s almost impossible to prevent 100% of all attacks, but you can reduce the impact that they have by:

  1. Understanding your key data elements and focus on your security controls around these.
  2. Put in place controls that can isolate and closely monitor those critical systems.
  3. Understand where you may be vulnerable. This will vary depending on your business e.g. if you are on a ground floor it is riskier leaving a window open compared to someone 10 floors up.

Common pitfalls

The most common pitfall is lack of user education and awareness. For example, if a member of staff receives an email informing them they have won the lottery, they should know how to ignore it. The basics of user behaviour and education often let a business down.

The second, often overlooked issue is the lack of robust monitoring controls. Many companies often only discover they have been hacked many months later once it makes the news.

What to do in the event of an attack

A business should have a plan in place before an attack takes place.

  1. Formulate a plan that includes steps to inform internal staff, stakeholders, partners, and customers.
  2. Know how to isolate systems to limit the damage and assess the impact.
  3. Have backups in place from which services can be resumed as quickly as possible.

 

jm hearted
,

Things I hearted – no more

Things I hearted has been probably one of the most regular series of posts I’ve done in recent times. At the same time, I was doing a weekly roundup over at my AlienVault blog. So, in the interest of saving time, energy, and preserving my youthful good looks; I decided to not only combine both into one weekly roundup – but also add a video element to it.

It ends up being all the same links you love – just a new home and a new format. I’ll still be listing out all the links and stories I found interesting during the week from the world of security and beyond. But this time with added video commentary.
Let me know what you think of the newish format.

jm hearted

Things I hearted Last Week

For the week ending 25th September 2016

 

On one hand vendors want users to patch their systems and keep them secure. On the other hand, actions like this causes people to not want to apply official updates.

 

North Korea just accidentally turned on global zone transfers for their top level domains, archive of the data here.

 

My good friend James McQuiggan attended (ISC)2 congress where he not only MC’d the leadership awards, but also won the Presidents Award for a volunteer who has contributed to advancing the security profession. He wrote a nice writeup of the event.

 

The war Microsoft should have won.

 

Over 60k vulnerabilitie went unassigned by MITRE’s CVE project in 2015. Good research on the issues with CVE and what needs to be fixed.

 

Building Spring Cloud Microservices That Strangle Legacy Systems A good post on legacy systems, handing data etc. Worth bookmarking this one.

 

Well-written piece on how terrorists use encryption.

 

2016 best WiFi hacking and Defending Android application.