Posts relating to keeping computers and networks secure against (mostly) attacks over networks. If you want to know about how to respond when such attacks succeed, or nearly so, try “Incident Response”
The recent rash of ransomware incidents has been linked to the availability of crypto-currencies – as a way that victims can pay ransoms to anonymous attackers – so Trend Micro reviewed the economic models for ransomware and, among many other aspects, whether changes in the crypto-currency world might have knock-on effects. Their conclusions are mixed: […]
One of the major causes of disruption on the Internet is Distributed Denial of Service (DDoS) attacks. Unlike “hacking”, these don’t require there to be any security weakness in the target system: they simply aim to overload it with more traffic than it (or its network connection) can handle. Often such attacks are launched from […]
The Proposal for a Regulation on Cybersecurity Requirements, recently published by the European Commission, significantly raises the profile of software vulnerabilities and processes for dealing with them after a product is delivered. The Regulation on Digital Resilience in the Financial Sector (DORA), proposed in 2020 and likely to become law shortly, does require organisations to […]
A few weeks ago I was invited to contribute to Team Cymru’s Future of Cyber Risk podcast. As I hope is apparent from the resulting recording, it was a fun conversation about working with regulators and how apparently different risks often turn out to be the same after all.
Sophos have recently released a tool that uses Machine Learning to propose simple rules that can be used to identify malware. The output from YaraML has many potential uses, but here I’m considering it as an example of how automation might help end devices identify hostile files in storage (a use-case described by Sophos) and […]
I’m hoping my generic model of a security automat (Levers, Data, Malice, Controls, Signals) will help me think about how tools can contribute to network security and operations. It produces the ideas I’d expect when applied to areas that I already know about, but the acid test is what happens when I use it to […]
A couple of recent discussions have mentioned “trade-offs” between risks. But I wonder whether that might sometimes be a misleading phrase: concealing dangers and perhaps even hiding opportunities? “Trade-off” makes me think of a see-saw – one end down, other up – which has a couple of implications. First, the two ends are in opposition; […]
Victoria Baines closed the FIRST conference with a challenge to improve our image (video). Try searching for “cyber security” and you’ll see why: lots of ones, zeroes, padlocks, and faceless figures in hoodies. Some of the latter look a lot like the grim reaper, which makes the task seem hopeless: in fact, cyber badguys can […]
The theme of this year’s FIRST conference is “Strength Together”. Since I first attended the conference in 1999, we’ve always said the basis for working together was “trust”. However that’s a notoriously slippery word – lawyers, computer scientists and psychologists mean very different things from common language – and I wonder whether security and incident […]
Wendy Nather’s keynote at the FIRST conference (video) considered the security poverty line, and why it should concern those above it at least as much as those below. To secure our systems and data requires resources (tools and people); expertise to apply those effectively; and capability, including sufficient influence to overcome blocking situations or logistics. […]