Categories
Articles

How (not) to respond to a data breach

With the number of data breaches still increasing, all organisations should be making plans for their response when, not if, it happens to them. At the FIRST conference, Jeff Kouns of Risk Based Security suggested learning from examples where the organisation’s response, or lack of it, had made the consequences of a breach much worse, […]

Categories
Consultations

Culture, Media and Sport Committee Enquiry into Cybersecurity

Shortly after the recent attacks on TalkTalk the Culture, Media and Sport Committee decided to hold an inquiry into the circumstances surrounding the data breach, but also the wider implications for telecoms and internet service providers. This raised a number of issues around the premature speculation around the causes of the incident, cybersecurity within the telecoms industry, and […]

Categories
Articles

Incident Response and Insurance: Opportunities to Collaborate?

At the FIRST conference, Eireann Leverett and Marie Moe discussed a number of areas where incident response teams and insurers could usefully collaborate. At present some cyber-insurance policies can seem expensive. One component of the cost is the contingency fund that insurers have to maintain in case their assessment of the likelihood and size of […]

Categories
Articles

Taking care of domain names

At the FIRST conference, James Pleger and William MacArthur from RiskIQ described a relatively new technique being used to create DNS domain names for use in phishing, spam, malware and other types of harmful Internet activity. Rather than registering their own domains, perpetrators obtain the usernames and passwords used by legitimate registrants to manage their […]

Categories
Articles

Information Sharing: Learning from Social Networks

Information sharing is something of a holy grail in computer security. The idea is simple enough: if we could only find out the sort of attacks our peers are experiencing, then we could use that information to protect ourselves. But, as Alexandre Sieira pointed out at the FIRST conference, this creates a trust paradox. Before […]

Categories
Closed Consultations

Draft Investigatory Powers Bill – evidence to committees

Last month the Government published a draft Investigatory Powers Bill for a period of pre-legislative scrutiny before a full Bill is introduced, expected to be in the Spring of 2016. Various Parliamentary committees are considering different aspects of the Bill. In our evidence to these committees, Jisc is focussing on the new powers the draft Bill […]

Categories
Articles

Validating Password Dumps

It’s relatively common for incident response teams, in scanning the web for information about threats to their constituencies, to come across dumps of usernames and passwords. Even if the team can work out which service these refer to [*], it’s seldom clear whether they are the result of current phishing campaigns, information left over from […]