I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.
I help businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.
Vol. 3 Iss. 26 28/06/2020, last updated 05/07/2020 Robin Oldham
This week Maersk, me & NotPetya Saturday 27th marked three years since the NotPetya attack on Ukraine that went on to cripple computer systems around the world. MeDoc, a tax accountancy software package used by 90% of domestic Ukrainian companies, had been compromised and its auto-update mechanism had been used to deploy malware. Intelligence agencies would go on to attribute the attack to Russia’s foreign military intelligence agency, the GRU.Read more… ( ~9 Min.)
Vol. 3 Iss. 25 21/06/2020, last updated 28/06/2020 Robin Oldham
This week marks the second birthday of Robin’s Newsletter! There are a few things I’m hoping to be able to share with you soon, but that aren’t quite ready yet. So in a showing of great self-restraint, I’m going to put off any massive celebrations just yet, other than to say THANK YOU SO MUCH for being a subscriber. It’s always lovely to hear your feedback and a privilege to have you on this journey.Read more… ( ~8 Min.)
Vol. 3 Iss. 24 14/06/2020, last updated 21/06/2020 Robin Oldham
It’s the Open Security Summit this week and I’ll be presenting on the CISO and Risk Management and Threat Modelling tracks, along with Phil Huggins: Threat Personas and Application Vulnerability Scoring (Mon @ 11:00am) Open Information Security Risk Universe (Thu @ 2:00pm) No surprises, it’s virtual, and is not too late to get a ticket for the whole week (£50, or FREE for students, charities and Ladies Hacking Society members!Read more… ( ~9 Min.)
Vol. 3 Iss. 23 07/06/2020, last updated 14/06/2020 Robin Oldham
You will, no doubt, have seen some of the horrific coverage of violence used against protesters this week that is indicative of what is suffered by many every week. You may feel detached or removed from events however the issues are systemic and pervasive even in a ‘modern’ field like cyber security. Whitelist/blacklists. Master/slave. The language we use is a powerful thing and it is an area where you can make a change.Read more… ( ~7 Min.)
Vol. 3 Iss. 22 31/05/2020, last updated 07/06/2020 Robin Oldham
This week Cybercrime is (often) boring New research from the University of Cambridge’s Cybercrime Centre this week that takes a look at the workings behind the cybercrime economy. Far from the ‘romanticised’ notions of rockstar hackers and zero-day exploits, they argue that with the rise of cybercrime-as-a-service business models, cybercrime is a volume business “with boring, tedious maintenance and infrastructure jobs outsourced to lowly paid contractors.” That would fit with some of the statical evidence, for example, last week’s DBIR report (vol.Read more… ( ~7 Min.)
Vol. 3 Iss. 21 24/05/2020, last updated 31/05/2020 Robin Oldham
This week This week is interesting stats again: it’s DBIR time! Now in its 13th year, Verizon’s Data Breach Investigations Report (DBIR) has become an annual fixture of the infosec calendar. The report, which now has over eighty organisations contributing to it, provides useful intelligence into the state of security. In total, over 157,000 incidents were analysed, though only 32,000 met quality requirements. Just under 4,000 were publicly disclosed data breaches.Read more… ( ~8 Min.)
24/05/2020, last updated 24/05/2020 Robin Oldham
I had a chat with Naveen Vasudeva from CyberTalks this week. We covered a lot of ground, from EasyJet and the need to ‘stop, look, listen’ during breaches to what we can all learn from athletes like Roger Federer and Lewis Hamilton. You can check out the recording of the live stream on linkedin.com.Read more… ( ~1 Min.)
Vol. 3 Iss. 20 17/05/2020, last updated 24/05/2020 Robin Oldham
This week Assessing cyber risk from external information An interesting post on the LawFare blog on assessing cyber risk from external information. Particularly the idea of hedging cyber risk and market pricing. In a similar vein, there is an interesting data set (vol. 1, iss. 13; vol. 3, iss. 2) that analyses the relative market performance of public companies that suffered a data breach. The headline is share prices fall an average of 7.Read more… ( ~6 Min.)
Vol. 3 Iss. 19 10/05/2020, last updated 17/05/2020 Robin Oldham
This week Privacy concerns over contact tracing app These issues have been bubbling away (vol. 3, iss. 16, 18) for the last few weeks and have come to a head in the UK following the launch of a trial on the Isle of Wight. NCSC’s Technical Director, Dr Ian Levy, has posted a breakdown of the ‘small part’ that NCSC has played in the design of the app and the decisions that have been made, for example favouring a centralised rather than decentralised approach.Read more… ( ~8 Min.)
Vol. 3 Iss. 18 03/05/2020, last updated 10/05/2020 Robin Oldham
This week Mobile Device Management software used to deploy Android malware Check Point is reporting a security incident where attackers managed to infect over 75% of a ‘multinational conglomerates’ Android smartphones and tablets with the Cerberus malware. It’s interesting because it’s the first time I’ve heard of attackers using an organisations Mobile Device Management (MDM) platform to deploy malware. MDM solutions are intended to manage the installation of apps and configuration of company-owned and staff Bring Your Own Device (BYOD) smartphones and tablets.Read more… ( ~6 Min.)