Author Archives: Steve

Contrarisk Security Podcast #0046: Governance and compliance

Information security is often an afterthought in an organisation’s planning and spending. And as a subset of that, Governance, Risk and Compliance (GRC) struggles to get the high-level attention it needs. In part this stems from the fact that GRC activities have traditionally been spread around various departments and functions within the organisation, with no overall control or strategy. There… Read more »

Contrarisk Security Podcast #0045: The threat to healthcare data

Healthcare organisations globally are facing the same issues. Data breaches are increasing whether through the accidental loss of data or as a result of cyber-attacks. Health organisations are responsible for the care of large amounts of personally identifiable information (PII), and data doesn’t get much more personal that when it involves medical records. To complicate matters, medical practices of all… Read more »

Exhibition: L’Esprit Insolite

      No Comments on Exhibition: L’Esprit Insolite

My life isn’t all about cybercrime, ransomware and firewall configurations, I’m glad to say. It just so happens that I’m also a photographer (in fact, that’s what my degree is in), and so I beg your indulgence if I take a slight detour here. I have an exhibition coming up in the delightful Normandy town of Bagnoles de l’Orne. It’s… Read more »

Contrarisk Security Podcast #0044: Blockchain

If your image of blockchain technology is entirely linked to crypto-currencies like Bitcoin, think again. Patrick Hubbard of SolarWinds explains that the distributed ledger approach of blockchain has applications far beyond payments and financial services. The assurance provided by a shared record, cryptographically certified, is that it offers a high level of trust and authentication without requiring a central authority…. Read more »

Contrarisk Security Podcast #0043: Threat hunting

Do you worry that there are bad people accessing your networks? If you think your systems have already been compromised you’re going to want to know how and by how much. In this interview, Peter Cohen at MWR Countercept explains the art of threat hunting – a proactive rather than reactive approach that doesn’t rely on the attacker tripping alarms…. Read more »

The UK Government’s security delusion

Well, here we go again. A ‘terrorist’ incident occurs and, right on cue, some clueless government minister is trotted out to moan about encryption in popular apps. This time it’s Amber Rudd, Home Secretary, who has been given the job of displaying just how ignorant politicians are on these matters. The incident, of course, was the attack by Khalid Masood in… Read more »

Contrarisk Security Podcast #0042: Securing SMEs

Do too many small and medium-size enterprises (SMEs) believe that security is something only big firms need to worry about? In this interview, Colin Tankard, managing director of Digital Pathways, explains that, indeed, many firms believe themselves to be too small and uninteresting to attract the attention of hackers. This is in spite of endless headlines about breaches and warning… Read more »

Contrarisk Security Podcast #0041: The battle for privacy

Privacy in the digital realm has become a hot topic. There has always been a debate about the degree to which law enforcement and intelligence agencies should be allowed to snoop on what many of us would consider private communications. But that discussion became supercharged following the leaks by Edward Snowden and now seem to be coming to a head, not… Read more »

Contrarisk Security Podcast #0040: Exploiting security data

Organisations have lots of security these days – but do they have the right  security? Is the technology being deployed in the most effective way? Traditionally, the approach has always been one of defence in depth. This has led to organisations investing in a long list of point solutions. There’s always a concern that it’s the wrong technology, or that… Read more »

Contrarisk Security Podcast #0039: Open source security

Open source code – in the form of libraries and frameworks – plays an important role in much of today’s software development. But it’s not without its risks. Many people assume that the open nature of the code means that it is heavily scrutinised and that , according to Linus’ Law, “given enough eyeballs, all bugs are shallow”. But open source… Read more »