"Hacked Again" by Scott N Schober - Book Review

I have just finished reading the book "Hacked Again" by US CyberSecurity Expert Scott Schober. Along with covering and explaining several recent major hacks, the book provides excellent advice and tips for staying safe from cyber crime. 

What I found particularly interesting was Scott's own account on how he was hacked. As CEO of his own successful Wireless Security company and a popular Cyber Security TV pundit, I imagine Scott's natural instinct would be to not disclose his "been hacked" experience with the world. Scott disregards any potential embarrassment to himself and chooses to explain what exactly happened to him and why, passing on valuable lessons learnt to help others, a brave and noble undertaking I applaud.

What "Hacked Again" is, is a potent reminder that no one is ever safe from the clutches of persistent cyber criminals. But this doesn't mean we should give up trying to be secure, on the contrary, as following the practical advice given in the book significantly reduces your chances of becoming a victim of cybercrime.

Hacked Again is available from Amazon as a Hardback, Paperback, Kindle or an Audiobook.

Stay Safe from Cyber Crime - Top Ten Tips InfoGraphic

Given I am regularly asked to explain cyber attacks and then advise on how to protect against them, particularly to home users of late, I thought I would try my hand at creating a simple InfoGraphic to help. It was a challenge to create due to the limitation to the amount of space for text, which means you can't cover everything and you can't go into much detail. However concise messaging is kind of the point of infographics, especially when using them as awareness tools. 

This InfoGraphic is squarely aimed at the average "home user", it highlights what the bad guys are after, their most popular and most successful attack methods, and then provides 10 tips to help avoid and detect home user cyber attacks, simples.

If this InfoGraphic proves popular I'll create some more, starting with one covering home IoT Security advice, another subject I'm regularly asked about at the moment.

Download full version here

Why a Cyber Attack can cost a Law Firm an Arm and a Leg

Law firms collect, process and store vast amounts of extremely sensitive data about their clients, this when combined with a poor 'people security' culture and a general lack of digital security know-how, is a recipe that leaves legal companies highly vulnerable to cyber attacks. Given the typical large scope and sensitivity of data held by law firms, cyber attacks in the legal industry can be particularly costly affairs to recover from. Often you will read about regulators imposing considerable data breach fines on companies that have been the subject of a cyber attack. Yet the hidden cost of a data breach recovery in using crisis management services, disruption of critical business operations, contractual penalties, bringing in forensic investigators, and engaging a legal counsel, ironic I know, and the loss of client trust often exceeds the financial penalty figures plastered across the headlines.

Emphasising the legal profession's vulnerability to cyber attacks, Logikcull, a provider of automated data discovery and management to the legal sector, have compiled an InfoGraphic of data breach statistics to highlight the issue, and tips to help safeguard data and prevent cyber attacks from being successful.


Via logikcull

Cyber Security Roundup for October 2016

Cyber security experts have long predicted that thousands of vulnerable Internet of Things (IoT) devices such as internet-connected CCTV systems would be hacked on mass and directed to perform huge DDoS attacks. That’s exactly what happened on 21^st October when 152,000 IoT devices infected with malware were remote controlled by hackers and then used to orchestrate a 1Tb DDoS attack, the largest in history. A tsunami of network traffic was directed at a company called Dyn, a major domain name registrar, and it impacted their client’s web services, including Twitter, Yammer, PayPal, Starbucks, The Guardian, PlayStation, Wix, CNN, Spotify, Github, Weebly and Reddit.

Those IoT developers may want to read up on my IoT guidance on the IBM developersWorks website - Combating IoT cyber threats Top security best practices for IoT applications

The UK National Cyber Security Centre HQ went operational, which is part of the UK government's 5 year £1.9 billion cyber defence strategy,  a much-needed investment to help safeguard the UK's digital economy from cyber attacks during these uncertain economic times for the country.

Ransomware continues to cause problems, especially within NHS, but on the flipside the https://www.nomoreransom.org/ website continues to be supported, with site providing excellent advice to both home users and businesses.  I have even added a separate Ransomware Help section on my own website - https://itsecurityexpert.co.uk/en/securityhelp/ransomware-help

A couple of surveys show UK businesses are still struggling to understand what they need to do in order to comply with new strict General Data Protection Regulation (GDPR), which comes into force in May 2018 despite brexit. I plan to do a blog post providing business help the GDPR in the coming weeks.

News

• World Biggest DDoS attack blows away Dyn, impacting Twitter, Yammer, and others
• UK National Cyber Security Centre HQ Operational
• NHS Attacked by Ransomware 'Dozens' of Times
• 'Hackable' Apple watches banned from UK Government Cabinet meetings
• Hackers steal 43 million credentials from Weebly
• In wake of Massive Data Breach, Verizon reassessing price for Yahoo Acquisition
• Student discovers security flaw in Virgin Media Recruitment System
• MasterCard plans to authenticate transactions using Selfies
• European Ransomware initiative gains 13 new Member Countries
• Over £1 Billion Lost by UK businesses to Online Crime in the Last Year
• UK Banks not Reporting Cyber-Attacks
• Hackers hiding Stolen Credit Card Details in Images
• Forged Rail Tickets sold on 'Dark Web', BBC investigation reveals
• Microsoft bundles Security Updates - no more pick and choose
• Microsoft release 7 Critical Patches for Windows, Edge, IE, Office & Flash Player
• Throw your Backdoored D-Link DWR-932B Router in the bin, urges Security Researcher

Awareness, Education and Intelligence

• BAE releases online Cyber-Risk Tool Assessor
• Top Five Email Phishing Attack Lures Revealed and How to Prevent Them

Reports

• EU GDPR - Nine out of Ten Don't Understand it
• Thales Survey: 84% of Brits reconsider Brands affected by Data Breaches
• PCI SSC: The UK Business CyberSecurity Threat
• Mobile is the New Playground for Thieves: How to Protect against Mobile Malware
• 73% of organisations across the globe have suffered a DDoS attack – Neustar Study
• 82% of Global and IT business Pros are concerned about GDPR compliance
• Network Security Playbook Guide