DataSecurityExpert.Co.Uk - All Things Graeme Batsman

Chapter Author

Contact Graeme

Journalists, students, potential clients or anyone else email.......
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

Goodbye Black Hat Europe 2019!

Details: Category: Blog; Published: 06 December 2019

Wed and Thu this week was strangely my first visit despite going to InfoSecurity Europe a few times in London. Normally I shred everything with my name on and never post where I am or have been but this time I cannot hide.

Why not controlling your business data is a bad idea, part two - five years later things have not changed drastically

Details: Category: Cyber Security; Published: 02 December 2019

In June 2014 I published https://www.datasecurityexpert.co.uk/articles/personal-articles/81-why-not-controlling-your-business-data-is-a-bad-idea.html when cyber security was less known about or “sexy”. A few articles ago in https://www.datasecurityexpert.co.uk/articles/personal-articles/331-cyber-security-the-gap-between-rich-good-security-and-poor-not-good-security.html. I said in the article, very early in my career I worked at a large firm whose security was incredible for the time. Still I stand by my comment that company x beats many companies today I see.

It is all good securing the corporate issued laptop, if you do at all, and then pay little attention to remote services like OWA (Outlook Web Access), Office365 (<), OneDrive (cloud file storage) or the web based DMS (document management system). It is likely your laptop will have FDE (full disc encryption) and maybe, just maybe USB storage devices blocked which makes it a little harder to leak data by mistake or on-purpose.

Post 2010 the concept of the four walls of a company or the boundaries of its physical firewall have slowly (or now rapidly) been degrading. In the old days all we used was a Outlook client and a shared folder which meant you needed to be on-site or with a VPN-laptop to get to your data. The days of client software are reducing and everything now is browser based, more specifically cloud based which is hosted in someone else’s data centre.

Cyber security buzzwords: we will be bulletproof if we buy this shiny new box (insert words: AI, ML, Cloud, SIEM, Next-Gen, Blockchain, Zero Trust, Quantum, Disruptive, EDR, EPP, MDR, Threat Intel & APT to make it even better!)

Details: Category: Cyber Security; Published: 01 November 2019

Go to Infosecurity Europe in London every year and there is a craze on the above words in brackets. This begs a thought or question, with tens of established and new vendors claiming to have invented the next best thing, do and can they really work? Salesmen/women are there to well, sell and hit targets and do not necessarily know the deeper technical details of the product/service they sell.

This article covers two things:

Do these products even work?
If they do work, will/do people even bother or know how to configure them to the maximum?

Over the years and still to this date I have seen examples of both. Before I go into the personal examples, let’s talk about two massive buzzwords this year, AI (artificial intelligence) and ML (machine learning). I am not here to say they do not work but these are newish technologies and they are still in their infancy thus time will improve them.