Trust but Verify

“66% [of companies] say privileged users access sensitive or confidential data because of curiosity”1. Maybe I’m naive, but I find this quite shocking – two thirds of users with privileged access have looked at confidential data just because they can! And it’s not only insiders deliberately doing bad things, it can be simple error – I’ve come across a case where an IT admin was supposed to block an incoming email address, and accidentally BCCed the CEO’s incoming email to that address! For three days. Just pause on that for a second. The potential damage does not bear thinking about.

Continue reading

Blog: Why the big MTTD?

“197 days: The average length of time it takes for organisations to identify a data breach”1

This statistic – meantimeto-detection (MTTD) comes up every year.  197 days is the 2018 figure, but it’s always quite big. It is marginally up on the previous year, up from 191 days. This begs two questions: why does it take so long to identify breaches, and are we even identifying all of them? 

Continue reading

Phishing your MuFA

I wrote in a recent blog that multi-factor authentication (MFA) is not a panacea to ensure security of your accounts.  It’s a useful tool – although many customers complain about the manageability and usability of such solutions – but more and more, MFA is being defeated. On the one hand, that’s just business as usual – ‘twas ever thus in the security arms race, since the first lock-and-key was invented 6000 years ago. On the other hand, MFA deployments give both users and security teams a sense of security which is increasingly false.

Continue reading

BEC – why the fuss?

BEC is perhaps the latest, or maybe hottest, security scare acronym – Business Email Compromise. It’s a catchall term which reflects the fact that ‘email is still the number one threat vector facing organisations1.  And that’s for two reasons: it’s constantly used for broad sharing of information within and outside of the business, and it’s also your digital identity – if I can access your email, I can be you. But… this has all been true for decades. So what’s new?

Continue reading

Meet the IDECSI team as we will be exhibiting at the FIC 2019 – the international cybersecurity forum, a platform aiming at promoting a pan-european vision of cybersecurity as well as to strengthen the fight against cybercrime, which will take place in Lille Grand Palais, on January 22-23, 2019. Meet us at the show stand #A7-28 and schedule a 1:1 meeting with our cyber security experts today!

Continue reading

Pin It on Pinterest