I often get asked by my friends and family how to stay safe online so I have decided to put something together. There is always friction between convenience and security – as a rule of thumb, the more secure something is the less convenient it is. There are obvious exceptions though. Here are some tips…
Category: Cybersecurity
Ransomware ecosystems
Ransomware has been with us for a while and initially was mostly focused on encrypting individual devices. In 2013, CryptoLocker, a ransomware attack by the GameOverZeus organised crime group, combined strong public key encryption with cryptocurrency payments, making it a profitable business model. Attackers began to target large organisations instead of small businesses or individuals,…
Who doesn’t want to write secure code?
Software engineers typically make hundreds of decisions every day and in my experience no one sets out to write insecure code, so everyone is well meaning however in those decisions some have a bearing on security outcomes and some don’t. It is vital that developers spot security-relevant decisions as they are encountered, and have a clear…
Transport Layer Security
Transport Layer Security(TLS), is a commonly used security protocol designed to facilitate secure communications over the internet. A typical use case of TLS is encrypting the communication between web applications and servers so the communication between your favourite browser and your favourite website online. Key Security Considerations: Only support strong protocols. The handshake protocol is an area…
Detecting data breaches
On average how long does it take for a business to detect a data breach? In an IBM study in 2019 which looked at 507 companies and interviewed 3211 individuals in companies that had experienced a data breach in the last year, it identified that the average time to identify a breach in 2019 was…