When people use their work email addresses to register for external websites it causes a security risk because so many people reuse the same password for all their accounts. When an external account is breached and the password is disclosed it means that our internal systems could be at risk as well as other external…
DetailsWhat a year for cyber security in the news. It started with president Trump appointing ex New York Mayor Rudi Giuliani as US Cyber Security Czar. On one hand the appointment of a czar should please Trump’s Russian handlers. On the other hand, while Giuliani is well known for his expertise in locker room talk,…
DetailsWe’re struggling to manage cyber security risk. Partly it’s because attackers are more agile than defenders. But it’s also because we struggle to get accurate information to make good risk management decisions. To make good risk management decisions we need to understand who the threat actors are, their capabilities, how likely it is that we…
DetailsIt’s been a huge year for information security in the public eye. Security was constantly in the news and has popped up in ways we never expected. Who could have guessed that phishing attacks and a private email server would help derail a US presidential campaign? We had Apple vs the FBI. Much like the…
DetailsThere’s an on-going battle to influence public opinion about the balance between privacy and surveillance. Law enforcement officials tell us we’re in danger. Security experts offer commentary. A movie is coming out about Snowden. Some participants in the debate are trying to help inform the public. Others are polluting the debate by cynically exploiting people’s…
DetailsThis month I caught up with Lance Spitzner, Director of SANS Securing The Human. Lance has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honeynets, founded the Honeynet Project and has published three security books. Lance has worked and consulted in over 25 countries and helped more than 350 organizations plan, maintain…
DetailsThis month I caught up with Angela Sasse, Professor of Human-Centred Technology in the Department of Computer Science at University College London, UK. She has had a huge impact on the field of usable security having worked in this field since 1996. Her background in psychology has enabled her to look at human security problems…
DetailsThis month I caught up with Bernadette Palmer, Head of Head of Communications at The Security Company (International) which is a UK based security awareness agency. Bernadette has more than 18 years experience in communications focusing on behavioural change. How much do you think it has helped you in the security awareness field to have…
DetailsLiu Tienan didn’t start out taking millions of dollars in bribes. His first bribe in 2002 was for three thousand dollars. Over time the bribes escalated. When he was caught in 2013 it’s estimated that he accepted nearly six million dollars for abusing his position as Deputy Head of China’s National Development and Reform Commission (NDRC). The…
DetailsThere’s great news in the quest for improving security awareness. Help is at hand from a new joint publication from the Research Institute in Science of Cyber Security (RISCS), Hewlett Packard Enterprise (HPE) and CESG – the UK government’s National Technical Authority for Information Assurance. Awareness Is Only The First Step is a superb précis of best…
Details
