Recent Blog Posts

As someone who first encountered ransomware during the last millennium – thankfully at second-hand – and has been writing about it for almost as long, I sometimes find myself amazed by the high ...

Several years ago, around the time that ransomware attacks started making the front pages of mainstream newspapers, not just in the IT press, I took part in a number of webcasts on the topic. The ...

As IoT devices, smart MFPs are susceptible to the growing threat of attempts to implant malware, recruit to botnets (to help perpetrate DDoS attacks), as well as potentially providing an open ...

With eight days until the UK's scheduled exit from the European Union, a prime minister who has lost control, a paralysed political system, and Britain reduced to a laughing stock on the world ...

Oracle Open World 2018 seems a world away. Especially, when you have had a few days’ furlough in between. Mark Hurd’s second keynote at OOW convoked a common room of former spies from the US and UK ...

The UK government has condemned Russia’s military intelligence service for a variety of cyber attacks in its routinely stern way, but at this point, we might as well be told about this kind of ...

Among the findings of the Committee of Inquiry (COI) that looked into the massive SingHealth data breach was the startling fact that a non-IT staff was tasked with managing the server which was ...

On 20 July, the Singapore government revealed that the non-medical personal details of about 1.5 million patients who had visited SingHealth’s specialist outpatient clinics and polyclinics between ...

Passwords have been the mainstay for securing applications, devices and the data they hold, pretty much ever since IT was invented. It’s an approach that has always had weaknesses though, mostly ...

IT is often two-faced and never more so than when it comes to the financial health of the industry. Speak to one set and they'll tell you how tight it is, scrapping for every penny of profit, and ...

Like - I suspect - many people, I spend far too large a percentage of my one and only life on various 'net conferences, using a variety of platforms. Most of them are truly loathsome. So it was ...

Young people will start disconnecting from connected world as risks outweigh benefits

Pishing is when you get fed plenty of booze and then start mouthing-off, reveal a few secrets, passwords and PIN

As cybercrime becomes ever more widespread and the actors involved diversify, targeted organisations must become more sophisticated and timely in their ability to detect and respond.

The position of Chief Information Security Officer (CISO) has become well established in recent years, but where is it heading next? For many it is often perceived as an inward directed role more ...

Of course, the retail and consumer markets in general have been analysis bonkers for decades, but what about IT security, cyber or otherwise? It's not a case of collecting info from a single ...

Reviews of organisational security can be viewed in many positive ways, but all too often with trepidation or resignation. The rise of phishing, where spoof, but increasingly credible, messages try ...

In this guest post, Prakash Sadagopan, director of field systems engineering at F5 Networks Asia-Pacific, discusses mobile security issues and what enterprises can do to stay secure. The boom of ...

IT is overloaded with slick marketing terms that have little or no substance behind them – the classic “solution searching for a problem” scenario but… just occasionally the complete opposite prevails

Some 20 teams of cyber security industry professionals and tertiary students in Singapore pitted their skills against one another in a competition aimed at plugging the cyber security skills gap in ...

Much of the rhetoric about the EU-GDPR, which comes into force in May 2018, relates to the danger of data breaches and the huge fines that may be imposed when they occur. What is the reality?

HP continues to shine a spotlight on print security with the recent announcement of embedded print security features that aim to mitigate the threat of malware. So how vulnerable are printers to ...

Asia-Pacific led the world in ransomware threats during the first half of 2017, with 35.7% of all ransomware detected globally targeted at companies in the region. Following the heels of APAC was ...

Reviewing progress in moving from talk to action in the rapid, cost effective development of world class security skills.

Calamitous alt-right website Breitbart has been tricked into an email exchange with a prankster posing as Donald Trump’s recently dumped adviser Steve Bannon. Under the guise of Bannon, back in the ...

Bangladesh and Pakistan have the highest malware encounter rates around the world, followed by two other countries in the ASEAN region – Cambodia and Indonesia, according to Microsoft’s ...

As the edge of network disappears, it is time to look for alternative approaches than those such as firewalls. It is time to look at securing data at the point of creation through managing ...

It has emerged we may have spent more than the past decade creating complicated, unmemorable passwords and changing them every few months for absolutely no reason. Bill Burr, the author of the ...

The UK ICO hardly ever issues fines for data leaks and when it does, the fine involved is rarely anywhere near the maximum it could be.

On July 11th Quocirca will be presenting new analysis of recent fines imposed by the ICO under the UK Data Protection Act. There will also be advice on how to help avoid future penalties from ...

The fear of your children being tracked by pederasts using snapchat Spyware is overtaking "Tory Cuts" as a topic of Parent-Teacher conversation.

When one is confronted by a criminal or terrorist demanding a ransom in exchange for a loved one who has been held hostage, the general rule of thumb is not to pay up and go to the police. That’s ...

The impact that bad-bots are having on financial services organisations and how they can be mitigated is covered in Quocirca’s latest e-book in its Cyber-Security Threat Series.

When StarHub’s residential fibre network went down in October 2016, the Singapore telco initially pinned the blame on distributed denial of service (DDoS) attacks brought on by internet of things ...

The lack of a major cyber security event is seen as one of the reasons for the indifference towards cyber security in many organisations. That event took place recently, with the WannaCry ...

This year was the 10th anniversary of the annual Eskenzi PR IT Analyst and CISO forum. The latest event took place in the immediate aftermath of the WannaCry ransomware outbreak. Proceedings were ...

Data availability and integrity based on robust authentication and encryption over resilient networks are more important than privacy.

The cyber attack on the computer networks of the National University of Singapore (NUS) and Nanyang Technological University (NTU) last week has once again cast the state of Singapore’s cyber ...

The current ransomware scare should be used to change the priorities of GCHQ and the NCSC so as the make good use of the powers they have just acquired.

The involvement of GCHQ in the NHS ransomware incidence marks a turning point in the first against cybercrime

The EU General Data Protection Regulation (GDPR), which takes effect on 25th May 2018, could prove to be a catalyst to change the existing haphazard approach to print security. Networked printers ...

Keeping anything safe and secure involves multiple considerations. Avoid putting yourself in danger, put up a protective ‘shield’, detect when that is compromised, take mitigating action. When it ...

An online training initiative promises to make information security accessible and understandable to journalists, confidential sources and whistleblowers.

Bad-bots are being used by cybercriminals to automate many time-consuming activities to perpetrate their crimes. Payment card fraud is an area of particular concern as large data bases of stolen ...

We should build our Post-Brexit industrial strategy round making good use of the digital talent of the other half of the population.

We need to train our own, not rely on imported talent, in a post Brexit world

Healthcare systems host valuable data and are consequently a target for cyber-crime. The problem of bad-bots (automate threats), which help hackers gain entry to systems, can be mitigated.

Digital rights management (DRM) capabilities are often embedded in third party software products via partnerships agreements. One DRM supplier, Seclore, has made such OEM relationships its main ...

Just who and what have you got connected to the network? If it was just a matter of regular IT products and employees, that would be hard enough. Now all manner of smart devices and itinerant ...

Amidst the proliferation of Internet of Things (IoT) endpoints, the cybersecurity threat landscape has expanded to every mobile, smart and cloud-enabled device on the network. This threatens the ...

UK-based identity and access management (IAM) vendor ProofID has revamped and renamed it ARMS product. Now called ProofID IGA (Identity Governance and Admin) its prime use case is to aid the ...

The theft of the email addresses and other account details of 500 million Yahoo users is a golden opportunity for cyber-criminals working with bad-bots.

In July we learned that 10% of the UK population have been the victims of e-Crime - albeit nearly always reimbursed, having "only" suffered the hassle of a refused card and a couple of days ...

I was struck by a recent bleat that Whitehall is not "cool" enough to attract top cybersecurity talent. There is no pool of "top cyber security talent". There are ten vacancies for every candidate. ...

The BBC has reported that the University of Bournemouth was attacked 21 times by ransomware. the observant report notes, that this occurred in spite of the university having its own cybersecurity ...

Smart deployment of IoT applications using a hub and spoke approach makes sense for optimal use of network resources and, combined with PKI, for security

For commercial, legal and moral reasons the EU GDPR, or something that mimics it, will apply in the UK following Brexit.

The press release  for the Culture Media and Sport Select Committee Cybersecurity report  headlines the recommendation to jail abusers not just fine their employers.  The change of reporting ...

As the use of drones for commercial and recreational purposes increase consideration needs to be given to privacy and information security.

We need a London Cyber Security Skills Partnership to reduce on-line fraud and improve customer confidence in organisations which base their global operations and/or governance here, regardless of ...

The putative benefits or risks claimed by those lobbying for your vote next week are less than organised crime in looting from Londoners and London-based businesses, let alone the losses from the ...

Symantec's June 2016 announcement that it intends to buy Blue Coat mirrors Trend Micro's acquisition of Tipping Point in 2015. Both moves underline that there is an appetite for integrated ...

Finnish cybersecurity firm F-secure is all about explaining how the dark web works, classifying malware and providing technical validation for how cybercrime, cyber-espionage and other ...

Finnish security firm F-secure kicked off its 2016 European labs tour this week with an unusual free gift. A bottle of ‘glitter’ nail polish was handed over to all, boys and girls alike. For all ...

Effective pan-EU co-operation to redress the balance and build confidence in safer, more secure on-line world could have a bigger impact on our wallets than the putative benefits or costs of Brexit ...

The collapse of confidence in the on-line world predicted in 2001 is now happening. Trust will only be rebuild when the banks, telcos and ISPs work together to take security and privacy seriously ...

I’ve had some interesting conversations recently with Professor Fred Piper regarding risk probability. The discussion started because I was concerned about assessments of risk probability, as one ...

Security focused software application developers like to drop this favourite one-liner to remind us just how insecure we all are… “There are only two types of companies: those that have been ...

One of the first lines of defence an organisation should have in its battle against cyber-crime is up to date software. There are challenges in achieving this, but they can be surmounted.

The Vodafone Big Data survey reveals a crisis of trust which Internet Service Providers continue to ignore at their peril.

Wi-Fi started out as way to make local area networks easier to deploy. Now, coupled with cellular networks, the rise ubiquitous mobility and the IoT, wireless is changing the world.

DevOps firm SourceClear wants to give DevOps engineers (now that we all agree that this is a real job title) more tools to help find vulnerabilities in open-source code. The firm’s eponymously ...

Why the UK needs the Mayor of London to take a lead in making the UK a safer place to go on-line, with effective reporting, investigation and prosecution based on partnership policing before ...

Wolfgang Kandek, CTO at Qualys has spoken to the Computer Weekly Open Source Insider blog this week to present his reaction and thoughts to Black Duck’s open source security report: The State of ...

The April 2016 Eskenzi IT Security Analyst and CISO Forum show-cased 10 offerings to help prevent and block cyber-attacks. The more effective organisations are in doing this, the less likely they ...