Ransomware – it’s like robbing banks

Have you noticed that nobody seems to rob banks anymore? That is because the criminal gangs have realised that it is easier to stay at home in their pyjamas and do ransomware raids and steal money that way. While this remains a profitable exercise it will continue. And it will get worse! Increasingly their tactics are more malign: they exfiltrate your data, then lock it, … Continue reading Ransomware – it’s like robbing banks

Ransomware is coming to get us. Prepare. Beware.

There are increasing numbers of ransomware attacks on municipalities and governmental organisations in the US, with headlines like this. And Australia will not be immune to these attacks. Towns Across Texas Hit in Coordinated Ransomware Attack The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 23 different towns statewide.  https://www.darkreading.com/attacks-breaches/towns-across-texas-hit-in-coordinated-ransomware-attack/d/d-id/1335567 As Lawrence Abrams noted in Bleeping … Continue reading Ransomware is coming to get us. Prepare. Beware.

Thoughts on digital forensics

I’m studying cyber security and investigations at the moment and the current course is digital forensics. It is fascinating learning about how folks try to hide their digital tracks, and it is also mildly terrifying to realise how much data can be recovered. I’m deep in hex viewers, write blockers, and various tools for analysing data. It is quite a shock to find that the … Continue reading Thoughts on digital forensics

Info sec, AI and ethics – some thoughts #codemesh

I’m heading off to speak at the CodeMesh Conference in London shortly and I’ve been thinking about the emerging boundaries between information security, AI and ethics. I will post some thoughts as they evolve. Developers (and others) and ethical approaches We need to help everyone, from coders through info sec professionals to senior organisational leaders, to understand that information security, AI and ethics are part … Continue reading Info sec, AI and ethics – some thoughts #codemesh

Data governance and cybersecurity

The connection between data governance and cybersecurity might not be immediately apparent. But if one considers the ‘5 knows of cyber’, it becomes obvious that cybersecurity is all about data, and data is all about information, and we want information to be secure. I use the ‘5 knows’ as the foundation of our data governance framework, because it really helps people to understand why data … Continue reading Data governance and cybersecurity