I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.
I help businesses defend themselves from cyber crime and thrive in the digital world and have over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.
Vol. 3 Iss. 42 18/10/2020 Robin Oldham
This week ICO issue British Airways with £20M fine The ICO has issued British Airways (BA) a £20 million fine for lax security practices that allowed a MageCart card-skimming group to steal the personal information of 400,000 customers (vol. 1, iss. 12). The fine comes after two years of investigation and an ‘intention to fine’ notice of £183 million (vol. 2, iss. 28) fifteen months ago. The final penalty is therefore just under 11% of the original notice and less than the £22 million that BA set aside in its most recent financial statements (vol.Read more… ( ~7 Min.)
Vol. 3 Iss. 41 11/10/2020, last updated 18/10/2020 Robin Oldham
## This week Integrity: test & trace One of the main stories in the UK this week was that an ‘IT error’ in the COVID-19 Test & Trace programme had cause 15,841 cases to go unreported and not been passed to contact tracing teams. The missing data accumulated over eight days, much longer than the 48-hour ‘ideal time limit’ for contacting tracing following a positive test result, and potentially contributing to the continuing ‘second wave’ of cases.Read more… ( ~8 Min.)
Vol. 3 Iss. 40 04/10/2020, last updated 18/10/2020 Robin Oldham
This week US Treasury sets out stance on ransomware payments and sanctions The Office of Foreign Assets Control (OFAC), part of the US Treasury, issued an advisory this week on the payment of ransom demands to individuals, groups or regions that are subject to US sanctions. It comes in the wake of Garmin’s ransomware demands from the EvilCorp group (vol. 3, iss. 31) and increased scrutiny of companies paying up to avoid their data being released in ‘breach-and-leak’ ransomware campaigns.Read more… ( ~7 Min.)
Vol. 3 Iss. 39 27/09/2020, last updated 04/10/2020 Robin Oldham
This week YOLOsec, FOMOse, business value and reducing the cost of control A great read from Kelly Shortridge this week on #YOLOsec (careless disregard for future security issues) and #FOMOsec (the need to perfectly protect everything). There are plenty of astute observations about infosec as a profession* (and that personally frustrate me when I come across them!) Ultimately both are presented as either end of a spectrum, where neither contributes successfully to business strategy.Read more… ( ~7 Min.)
Vol. 3 Iss. 38 20/09/2020, last updated 27/09/2020 Robin Oldham
This week ZeroLogon: Domain admin for everyone! If you’re reading this with your cuppa on Monday morning and are responsible for your companies IT or Security: stop reading this right now and check you’ve applied the Windows Server updates from August. Despite CVE-2020-1472 scoring a ‘perfect 10.0’ on the CVSS scale it got little reporting at release. Now, new details of ZeroLogon (as it is dubbed by researchers at Secura that discovered it) have been published.Read more… ( ~6 Min.)
Vol. 3 Iss. 37 13/09/2020, last updated 20/09/2020 Robin Oldham
This week China’s data security initiative China has published details of a ‘Global Initiative on Data Security’. The plans were unveiled by Wang Yi, a state councillor (equivalent to a cabinet-level position) at an International Seminar on Global Digital Governance event. It’s a move by China to influence cyber-norms and combat Western restrictions on telecoms companies Huawei and ZTE and the US President’s looming bans on social media companies Tik Tok and WeChat.Read more… ( ~6 Min.)
Vol. 3 Iss. 36 06/09/2020, last updated 13/09/2020 Robin Oldham
This week Hiscox Cyber Readiness Report 2020 Hiscox’s Cyber Readiness Report 2020, released recently, marks the fourth edition and provides some interesting insights that may help organisations assess and benchmark their security posture. Over 5,500 respondents participated in this year’s report. Spending on cyber security increased by 39% in the last twelve months across respondents, with UK firms reporting 12%, and US firms 14%, of IT budget being spent on cyber security.Read more… ( ~7 Min.)
Vol. 3 Iss. 35 30/08/2020, last updated 13/09/2020 Robin Oldham
This week Ransomware gang allegedly offered $1M to employee to install malware Increasingly ‘professional’ operations are targeting Remote Desktop and VPN servers with weak or compromised passwords to gain access to the networks of large organisations. Increasingly they are also taking copies of the data they encrypt, demanding two ransoms: one to unlock computer systems, the other to not leak the data they have stolen. The advice continues to be ‘not to pay’ and that capitulating to demands does not guarantee the return of your systems or data.Read more… ( ~6 Min.)
Vol. 3 Iss. 34 23/08/2020, last updated 13/09/2020 Robin Oldham
Bletchley Park announced that a third of their staff are at risk of redundancy following a fall in visits due to Coronavirus. The site was at the centre of code-breaking operations, played a crucial part in shortening World War II and is also home to the National Museum of Computing. Please consider becoming a friend, making a donation or sponsoring a brick so they can continue to inspire tens-of-thousands of school children and care for 450,000 items in their collection.Read more… ( ~7 Min.)
Vol. 3 Iss. 33 16/08/2020, last updated 26/08/2020 Robin Oldham
This week Algorithms and accuracy in A-Level results This week saw students in the UK receive their A-Level (qualifications between compulsory and university education) exam results. Due to social distancing and stay-at-home orders from Coronavirus individual exams were not possible. Instead, the results have been controversial because grades were assigned using an algorithm devised by Ofqual, the UK’s qualifications and examinations regulator. There has been significant media coverage of students that have been downgraded from their teacher’s predicted grades and calls for these to be used instead.Read more… ( ~8 Min.)