Imagine that a business wanted to outsource a particular business function, but no one on the Board of Directors had sufficient tech expertise to grasp why this might cause security issues.Investing in an upgraded network with a centralised administrator responsible for granting permission levels would resolve the problem, but the Board is reluctant to invest
Does your board need a technical expert? Read More »
Ransomware has been a recognised issue for some time, however to date, perhaps only one or two systems in a company might have become infected by the wayward clicks of a bored receptionist. Ransomware has rarely been a business-critical issue. Wanna Cry changed that. Not only did it infect single machines, as classic ransomware does,
Wanna Cry. Our analysis. Read More »
Google users appear to have been the latest victims of the most recent phishing attack, this time through their file sharing Google Docs service. Victims were sent a sinister email disguised as a fraudulent invitation to edit a Google Doc that appears to come from one of their contacts. The subject line reads “[Contact name]
Remember that $100 million whaling scam? Read More »
Last month, the papers reported that two major US technology firms were deceived by Evaldas Rimasauskas, a Lithuanian criminal, into sending him $100 million through an email whaling scam. It has just been confirmed that Google and Facebook were the two companies that were the victims of this scam. The two companies did not confirm
$100 million whaling scam: A “wake up call” for even the most sophisticated firms. Read More »
The latest Government report on UK business cyber security has landed, and it does not make pleasant reading. The Cyber Breaches Survey is part of the Government’s five-year National Cyber Security Strategy to transform the UK’s cyber security and to protect businesses online. The depressing bit… The report reveals that almost half of UK firms (46%)
Almost half of UK firms hit by cyber breach or attack in the past year Read More »
On March 7th, WikiLeaks published a catalogue of documents containing details of secret hacking tools used by the CIA. They called this information “Vault 7” and have promised the leak is just a small part of a much bigger cache of data, which they will release shortly. The documents date from 2013 to 2016 and
The Vault 7 leak – am I a CIA target? Read More »
Resilience is a buzz word in board rooms in the UK at the moment; but for a VERY good reason. Control Risks, the heavyweight global business risk consultancy, recently published a survey on the “The State of Enterprise Resilience” for 2016-17. [The State of Enterprise Resilience Survey 2016/7 – https://www.controlrisks.com/en/services/security-risk/the-state-of-enterprise-resilience-survey-2016-2017] They explain business resilience as “an organisation
How to increase your business resilience Read More »
We sometimes suffer from deja-vu here in the 2-sec office. Whilst rifling through dusty filing cabinets in our annual spring clean, we rediscovered an article from the last quarter of 2016. The article was headlined with the title, “UK SMEs have a False Sense of Cyber Security”. We had to re-examine the story to check
How will GDPR affect small business owners? Read More »
Cyber risk. Overlooked? Ignored? Under-appreciated? Well, that’s exactly how most information security professionals must feel when trying to raise funds to fix security holes. The challenge we face isn’t the business failing to grasp cyber risk, it’s addressing the communications gap between technical staff and business owners. In turn, business owners don’t like spending
Cyber Risks across increasingly digital businesses Read More »
