The recent hack on British Airways is alarming to say the least, and it’s not just because roughly 380,000 payment cards were compromised. British Airways is a huge company earning millions each year. These sorts of companies are heavily regulated and are required to be Level 1 PCI complaint (the highest level of compliance).
A company’s first few years can often give an indication of where it’s going, allowing us to make assumptions about its future. Bulletproof is still in its early phases, being just a couple of years old, but having been privy to the first official quarterly update, it’s clear that the business has a great deal of potential.
Recently, when discussing Chrome’s current push to get everyone onto HTTPS, we touched upon the TLS handshake, mentioning that the latest version of TLS was version 1.2. Since then, TLS version 1.3 has been made available for use, successfully dating our literature that was previously held with such high esteem. Of course, TLS v1.3 still has to be adopted and implemented by the Internet in general, so for the most part 1.2 will still be the most prominently used version for a while yet.
A Data Protection Officer (DPO) is a lot like a little angel on your shoulders, except instead of a little harp, they have a complete understanding of GDPR and other data protection laws. Their job is to make sure you don’t listen to the devil on your other shoulder encouraging you to do all sorts of non-compliant things, like process data unlawfully or without permission.
Last month, Google Chrome started marking all non-HTTPS sites as not secure. The main reason for this is because all non-HTTPS sites are insecure, so there is some logic to it. It was part of a plan announced way back in 2016 that sought to improve security across the Net. The first stage of this was to mark all HTTP sites that collect passwords or credit card details (and the like) as being insecure.
Despite living in a world where the internet is becoming ever-more fundamental to everyday life, there is currently a world-wide shortage of cyber security professionals who are able to keep it all secure. Within four years this shortage is expected to reach 1.8 million. According to a recent study, only 35% of the enterprises involved felt they were adequately staffed to deal with cyber-attacks. 35% is not a good percentage.
An ominous flashing red light on a blacked-out computer screen means the promise of a threat. It was 21:26 on a Sunday night and an Intrusion Prevention System (IPS) alert shot across one of our screens. A security analyst usually has just minutes to respond, carry out an investigation on behalf of the organisation under threat and make a critical decision.
Cyber security is a big deal these days. A very big deal. A deal worth £3.5billion to be precise. The threats are varied and numerous, with attackers constantly shifting their methods and approach to circumvent security. No matter how good cyber security gets and how thorough your processes are, the threat will always remain. What’s interesting here is that a large portion of this threat comes from within your own walls.
Last year we exhibited at a major information security trade show in London, during the preparation for this we received our exhibitor passes as “print yourself” PDF files. We immediately noticed that there are two forms of barcode here and, interestingly, the QR Code seems quite dense given that all it should be storing is a delegate ID number. Being the inquisitive sort of people that we are, we started up a QR scanner and had a look at its contents.
If many of the recent threat reports are to be believed, we can assume that, on the whole, businesses are not improving when it comes to detecting a network breach. In those isolated cases where improvement can be seen, the improvement is small. The Mandiant M-Trends 2018 report states that the median global dwell time sat at 101 days (in 2017). I can believe that.
