Recent Posts
The elusive USB drive attack
Stories of hackers attacking companies by dropping malware infected USB flash drives in the firm’s parking lot are a standard infosec cautionary tale – don’t…
Securing the real perimeter – part 2
In my last post, I went on about how the real perimeter of your network is at your users’ workstations. The actions that humans take…
Securing the real perimeter – part 1
I was thinking about the way that the concept of a “perimeter” has changed in the time I have been in information security. (Obviously, I…
The biggest cloud threat? Us!
Another cloud security issue caused not by the cloud, but by how people use the cloud. Security firm Sophos has been taking a look at…
We’re number 1!
Something for those of us who have to continue to remind our executives how important it is to continually increase our cybersecurity budgets… Global insurer…
Living off the land – EFS Ransomware
Attackers have responded to improved security against malware in Windows environments by “living off the land” (LOTL) – using the tools already present in the…
Recognizing and dealing with insider risk
I came across an interesting white paper from the deep mists of the past (2011) which is as relevant today as it was back when…
Aging reports – new ammo for attackers
Another reminder that attackers are getting more sophisticated and taking the time to learn about their victims and their business processes before launching their phishing…
Boredom and security
We security management types would like to think that every task we give our minions is exciting and engaging. However, there are lots of security…
Can experience be a hindrance in making security decisions?
Some interesting insight from the Harvard Business Review’s January 2020 IdeaWatch section: A study looked at how people react to information which indicates that a…
