I’m Robin, founder of Cydea, the positive cyber security consultancy, and previously lead BAE Systems’ Security Advisory & Technical Services business, recognised by Forrester as one of the leading information security consultancies.
I help businesses defend themselves from cyber crime and thrive in the digital world and has over fifteen years experience including advising numerous boards on how to manage crises resulting from cyber-attack.
If you’re interested in improving how you manage your cyber risk, or need help governing information security at the board level, then get in touch with me via Cydea, or connect on LinkedIn or Twitter.
Vol. 3 Iss. 30 26/07/2020, last updated 02/08/2020 Robin Oldham
This week Garmin ‘ran somewhere’ Fitness enthusiasts around the world have been unable to prove their achievements on social media this week after GPS tracking company Garmin suffered a ransomware attack. The company’s website and all customer services, including phone lines, online chat and email are down, though in a statement they claim that no personal data is believed to have been compromised. They are believed to be victims of the WastedLocker ransomware, operated by a group called ‘Evil Corp.Read more… ( ~7 Min.)
Vol. 3 Iss. 29 19/07/2020, last updated 26/07/2020 Robin Oldham
This week The battle for tech and data dominance Tech and data are becoming increasingly politicised as nations seek ‘digital dominance.’ A few big cyber and data stories this week that tie into the geopolitical themes of Digital Balkanisation / Divide, critical infrastructure protection and national interest. This is a massive, and fascinating, area that warrants more time than I can devote to a single Sunday. That said, seeing all these interesting stories break I didn’t want to miss the chance to take a look at them more ‘in the round,’ rather than individually.Read more… ( ~10 Min.)
Vol. 3 Iss. 28 12/07/2020, last updated 19/07/2020 Robin Oldham
This week Hong Kong national security law increases security risk for region China opened a national security office in Hong Kong as part of new legislation for the special administrative region (BBC). It changes the web dramatically for Hong Kong’s citizens and essentially brings them inside the ‘Great Firewall.’ Hong Kong police can now censor content, track citizens online and require sites to take content down. On Monday Facebook, Twitter, Google, Microsoft, Zoom, and WhatsApp all pledged to refuse requests coming from Hong Kong authorities.Read more… ( ~5 Min.)
Vol. 3 Iss. 27 05/07/2020, last updated 12/07/2020 Robin Oldham
This week Encrochat and evolving law enforcement tactics prove there is a different want to encryption backdoors Details of the pan-European law enforcement operation that took down an encrypted phone service (vol. 3, iss. 25, 26) came to light this week. French authorities infiltrated the EncroChat mobile network operated popular among organised criminal gangs. Over 60,000 people used the service, that cost €1,000 for a customised Android handset with the microphone and GPS disabled, and then €1,500 for a six-month subscription.Read more… ( ~7 Min.)
Vol. 3 Iss. 26 28/06/2020, last updated 05/07/2020 Robin Oldham
This week Maersk, me & NotPetya Saturday 27th marked three years since the NotPetya attack on Ukraine that went on to cripple computer systems around the world. MeDoc, a tax accountancy software package used by 90% of domestic Ukrainian companies, had been compromised and its auto-update mechanism had been used to deploy malware. Intelligence agencies would go on to attribute the attack to Russia’s foreign military intelligence agency, the GRU.Read more… ( ~9 Min.)
Vol. 3 Iss. 25 21/06/2020, last updated 28/06/2020 Robin Oldham
This week marks the second birthday of Robin’s Newsletter! There are a few things I’m hoping to be able to share with you soon, but that aren’t quite ready yet. So in a showing of great self-restraint, I’m going to put off any massive celebrations just yet, other than to say THANK YOU SO MUCH for being a subscriber. It’s always lovely to hear your feedback and a privilege to have you on this journey.Read more… ( ~8 Min.)
Vol. 3 Iss. 24 14/06/2020, last updated 21/06/2020 Robin Oldham
It’s the Open Security Summit this week and I’ll be presenting on the CISO and Risk Management and Threat Modelling tracks, along with Phil Huggins: Threat Personas and Application Vulnerability Scoring (Mon @ 11:00am) Open Information Security Risk Universe (Thu @ 2:00pm) No surprises, it’s virtual, and is not too late to get a ticket for the whole week (£50, or FREE for students, charities and Ladies Hacking Society members!Read more… ( ~9 Min.)
Vol. 3 Iss. 23 07/06/2020, last updated 14/06/2020 Robin Oldham
You will, no doubt, have seen some of the horrific coverage of violence used against protesters this week that is indicative of what is suffered by many every week. You may feel detached or removed from events however the issues are systemic and pervasive even in a ‘modern’ field like cyber security. Whitelist/blacklists. Master/slave. The language we use is a powerful thing and it is an area where you can make a change.Read more… ( ~7 Min.)
Vol. 3 Iss. 22 31/05/2020, last updated 07/06/2020 Robin Oldham
This week Cybercrime is (often) boring New research from the University of Cambridge’s Cybercrime Centre this week that takes a look at the workings behind the cybercrime economy. Far from the ‘romanticised’ notions of rockstar hackers and zero-day exploits, they argue that with the rise of cybercrime-as-a-service business models, cybercrime is a volume business “with boring, tedious maintenance and infrastructure jobs outsourced to lowly paid contractors.” That would fit with some of the statical evidence, for example, last week’s DBIR report (vol.Read more… ( ~7 Min.)
Vol. 3 Iss. 21 24/05/2020, last updated 31/05/2020 Robin Oldham
This week This week is interesting stats again: it’s DBIR time! Now in its 13th year, Verizon’s Data Breach Investigations Report (DBIR) has become an annual fixture of the infosec calendar. The report, which now has over eighty organisations contributing to it, provides useful intelligence into the state of security. In total, over 157,000 incidents were analysed, though only 32,000 met quality requirements. Just under 4,000 were publicly disclosed data breaches.Read more… ( ~8 Min.)