We are going to see improvements in the exploration of generative AI and large language models by criminals in phishing, sms, and various social engineering attacks. These technologies will allow attackers to increase the scale of their operations which leaves victims talking to bots. We are likely to see automated phishing Campaigns – AI can…
Author: Farayi Dzichauya
Key Strategies to Enhance Your Online Security
In the digital age, securing your online presence is paramount. The internet, while a hub of information and connectivity, can also be a playground for cyber threats. This guide explores twelve key strategies to fortify your digital life against potential vulnerabilities, offering a blend of convenience without compromising security. Understanding the Importance of Online Security…
How to protect yourself from cybersecurity attacks.
I often get asked by my friends and family how to stay safe online so I have decided to put something together. There is always friction between convenience and security – as a rule of thumb, the more secure something is the less convenient it is. There are obvious exceptions though. Here are some tips…
Ransomware ecosystems
Ransomware has been with us for a while and initially was mostly focused on encrypting individual devices. In 2013, CryptoLocker, a ransomware attack by the GameOverZeus organised crime group, combined strong public key encryption with cryptocurrency payments, making it a profitable business model. Attackers began to target large organisations instead of small businesses or individuals,…
Principle based assurance in Cybersecurity
Principle-based assurance (PBA) is an approach to cybersecurity assurance that focuses on the underlying principles of a system or process, rather than on specific controls or procedures. This approach is based on the idea that if the underlying principles of a system or process are sound, then the system or process is likely to be…
Who doesn’t want to write secure code?
Software engineers typically make hundreds of decisions every day and in my experience no one sets out to write insecure code, so everyone is well meaning however in those decisions some have a bearing on security outcomes and some don’t. It is vital that developers spot security-relevant decisions as they are encountered, and have a clear…
Transport Layer Security
Transport Layer Security(TLS), is a commonly used security protocol designed to facilitate secure communications over the internet. A typical use case of TLS is encrypting the communication between web applications and servers so the communication between your favourite browser and your favourite website online. Key Security Considerations: Only support strong protocols. The handshake protocol is an area…
Detecting data breaches
On average how long does it take for a business to detect a data breach? In an IBM study in 2019 which looked at 507 companies and interviewed 3211 individuals in companies that had experienced a data breach in the last year, it identified that the average time to identify a breach in 2019 was…
Effective security monitoring
This week, I stumbled across the NCSC blog post on how to keep your security monitoring effective. This is a topic that is definitely worth revisiting on a regular basis. Far too often I come across instances where security activities sound good but are implemented in a way that causes them to lack the effectiveness…
The Internet and its building blocks
This weekend I was working on a project with my children who wanted to understand how the internet started and I thought would post part of the answers on here as well. The Internet protocol suite resulted from research and development conducted by the Defense Advanced Research Projects Agency (DARPA) in the late 1960s. It’s…