Thursday 17 November 2016

"Hacked Again" by Scott N Schober - Book Review

I have just finished reading the book "Hacked Again" by US CyberSecurity Expert Scott Schober. Along with covering and explaining several recent major hacks, the book provides excellent advice and tips for staying safe from cyber crime. 

What I found particularly interesting was Scott's own account on how he was hacked. As CEO of his own successful Wireless Security company and a popular Cyber Security TV pundit, I imagine Scott's natural instinct would be to not disclose his "been hacked" experience with the world. Scott disregards any potential embarrassment to himself and chooses to explain what exactly happened to him and why, passing on valuable lessons learnt to help others, a brave and noble undertaking I applaud.
What "Hacked Again" is, is a potent reminder that no one is ever safe from the clutches of persistent cyber criminals. But this doesn't mean we should give up trying to be secure, on the contrary, as following the practical advice given in the book significantly reduces your chances of becoming a victim of cybercrime.

Hacked Again is available from Amazon as a Hardback, Paperback, Kindle or an Audiobook.

Tuesday 15 November 2016

Stay Safe from Cyber Crime - Top Ten Tips InfoGraphic

Given I am regularly asked to explain cyber attacks and then advise on how to protect against them, particularly to home users of late, I thought I would try my hand at creating a simple InfoGraphic to help. It was a challenge to create due to the limitation to the amount of space for text, which means you can't cover everything and you can't go into much detail. However concise messaging is kind of the point of infographics, especially when using them as awareness tools. 

This InfoGraphic is squarely aimed at the average "home user", it highlights what the bad guys are after, their most popular and most successful attack methods, and then provides 10 tips to help avoid and detect home user cyber attacks, simples.

If this InfoGraphic proves popular I'll create some more, starting with one covering home IoT Security advice, another subject I'm regularly asked about at the moment.


Download full version here

Monday 7 November 2016

Why a Cyber Attack can cost a Law Firm an Arm and a Leg

Law firms collect, process and store vast amounts of extremely sensitive data about their clients, this when combined with a poor 'people security' culture and a general lack of digital security know-how, is a recipe that leaves legal companies highly vulnerable to cyber attacks. Given the typical large scope and sensitivity of data held by law firms, cyber attacks in the legal industry can be particularly costly affairs to recover from. Often you will read about regulators imposing considerable data breach fines on companies that have been the subject of a cyber attack. Yet the hidden cost of a data breach recovery in using crisis management services, disruption of critical business operations, contractual penalties, bringing in forensic investigators, and engaging a legal counsel, ironic I know, and the loss of client trust often exceeds the financial penalty figures plastered across the headlines.

Emphasising the legal profession's vulnerability to cyber attacks, Logikcull, a provider of automated data discovery and management to the legal sector, have compiled an InfoGraphic of data breach statistics to highlight the issue, and tips to help safeguard data and prevent cyber attacks from being successful.

The Downright Terrifying Cost of Data Breach Infographic

Via logikcull

Tuesday 1 November 2016

Cyber Security Roundup for October 2016

Cyber security experts have long predicted that thousands of vulnerable Internet of Things (IoT) devices such as internet-connected CCTV systems would be hacked on mass and directed to perform huge DDoS attacks. That’s exactly what happened on 21st October when 152,000 IoT devices infected with malware were remote controlled by hackers and then used to orchestrate a 1Tb DDoS attack, the largest in history. A tsunami of network traffic was directed at a company called Dyn, a major domain name registrar, and it impacted their client’s web services, including Twitter, Yammer, PayPal, Starbucks, The Guardian, PlayStation, Wix, CNN, Spotify, Github, Weebly and Reddit.

Those IoT developers may want to read up on my IoT guidance on the IBM developersWorks website - Combating IoT cyber threats Top security best practices for IoT applications

The UK National Cyber Security Centre HQ went operational, which is part of the UK government's 5 year £1.9 billion cyber defence strategy,  a much-needed investment to help safeguard the UK's digital economy from cyber attacks during these uncertain economic times for the country.

Ransomware continues to cause problems, especially within NHS, but on the flipside the https://www.nomoreransom.org/ website continues to be supported, with site providing excellent advice to both home users and businesses.  I have even added a separate Ransomware Help section on my own website - https://itsecurityexpert.co.uk/en/securityhelp/ransomware-help

A couple of surveys show UK businesses are still struggling to understand what they need to do in order to comply with new strict General Data Protection Regulation (GDPR), which comes into force in May 2018 despite brexit. I plan to do a blog post providing business help the GDPR in the coming weeks.

News
Awareness, Education and Intelligence
Reports