CarePartners Will Now be Made to Pay. Somehow…

CarePartners didn’t seem to care about a hacking group who stole their patients’ sensitive records in exchange for a ransom payment, but now a certain cybercriminal has decided to put the breached record up for sale on the underground market. Two months ago, CarePartners, an Ontario-based home care service provider publicly disclosed that it had…

Equifax: The Breach That Keeps On Hurting

I am not one to beat a horse when it’s already dead but, at the same time, I find it hard to resist the temptation of using this possibly overstated security breach to reinforce the importance of putting your security house in order. Your business needs you and the reverse is true. Don’t wait to…

Meltdown And Spectre Flaws: Time to Activate Panic Mode?

What do you call what’s worse than (a) BEAST? The biggest cyber security news for 2018 has surfaced and so much has been said about the Meltdown and Spectre vulnerabilities already. The most complete non-technical article I’ve read about this yet is available here Like the BEAST (SSL) vulnerability, these flaws have widespread applicability and…

Cyber (In)security: How Fine is the Line Between Apathy and FUD?

Computer security is difficult (maybe even impossible), but imagine for a moment that we’ve achieved it. Strong cryptography where required; secure protocols are doing whatever needs to be done. The hardware is secure; the software is secure. Even the network is secure. It’s a miracle. Unfortunately, this isn’t enough. For this miraculous computer system to…

The Cyber Security Talent Gap – Myth or Reality?

Mind the gap. If you’ve ever travelled on the London underground, you will be familiar with the line: “Please mind the gap between the train and the platform. Mind the gap”. This audible phrase reminds (or warns) passengers to be mindful of the spatial gap between the station platform and the train door. The first…

To Cloud or Not to Cloud?

“Old age is like a plane flying through a storm. Once you’re aboard there’s nothing you can do.” – Golda Meir Let’s set the context to begin with: the “cloud” is your infrastructure and data in someone else’s data center. Most components of this infrastructure have IP addresses and so are hackable. Worse still, your…

Travails of the Cyber Security Practitioner

As a security practitioner, if you have, at some point in your career, had to answer the question: “why should security always impose difficulty on legitimate business users?”, you’re not alone. A lot of business users struggle to see the values that security adds to the business. It’s neither their fault not their responsibility to figure it…