Archive for the SIR Category

Tell a friend…

Posted in Cyber Security, Fraud, Security, SIR, UK on 4 Nov 2011 by Stuart Aston

GSO FriendSo, in our latest SIR report we note that about 50% of attacks we see require some form of user interaction, more and more criminals are using confidence tricks either online or the telephone to target “us” and get our money.  

The reality is that the best defence to these type of attacks is personal awareness that the problem exists; sure IE9 and other modern browser can help protect you as can AV, having a strong password and staying current on all your software and keeping them updated all help, but, all those defences are not present when a criminal phones you up claiming to be from reputable company offering you support, just to be clear we will not phone you and nor will any of our partners offering support for a fee.

If you are a consumer and you think you have a security problem use this link:

https://consumersecuritysupport.microsoft.com/default.aspx?locale=en-gb&st=1&wfxredirect=1

or to contact us more generally look here:

http://support.microsoft.com/contactus/cu_sc_selector_telephone?ws=support

cut and paste them into your browser. 

Next week is Get Safe Online week, it’s about promoting awareness of these issues, helping people, and business be “safer online”. Be aware, tell a friend and get them to go and read www.getsafeonline.org , who knows if we can get our friends to be safe online maybe we can get our businesses to be safe as well…

SEC == Security

Posted in Cyber Security, Government, Security, SIR on 23 Oct 2011 by Stuart Aston

 

CF Disclosure Guidance: Topic No. 2 – Cybersecurity

600px-US-SecuritiesAndExchangeCommission-Seal_svg_-325x325I would have completely missed this if it wasn’t for a colleague who spotted it; she described it as “This is the single largest announcement in cyber security in 10 years”…

And she is right to do so; this fundamentally changes the behaviour of companies in relationship to security.

By getting companies to report incidents and assert a value associated with the loss it puts Cyber Security on the agenda of the board, which is where it should have been for the last decade at least.

It enables investors to make choices based upon reported incidents, and determine if a company is a wise investment as a result in comparison to it’s peers. 

Well done SEC… now maybe the customers will do security updates in a timely fashion, and take user education about security seriously as an investment in investor confidence. 

sir_infographic_poster_MM_v11_updateIt will be interesting to see how they report and what mitigations they start to take; in our latest Security Intelligence Report we note that of the most common attacks we see most do not use an 0-day and can be mitigated with simple maintenance and that just under half require some level of user interaction, hopefully this will put both of patch management and user training on the board agenda of all publically traded companies. 

%d bloggers like this: