DataSecurityExpert.co.uk - All Things Graeme Batsman

Service Offerings

Cyber security training
Product reviews
Blog or article writing
SME & UHNWI cyber security

View more details here or email me.

Chapter Author

"Chpt. 4: How to Defend"

Contact Graeme

Journalists, students or potential clients:
graeme@datasecurityexpert.co.uk

Something private to say?
PGP public key

No AI Used Here

Cyber security buzzwords: we will be bulletproof if we buy this shiny new box (insert words: AI, ML, Cloud, SIEM, Next-Gen, Blockchain, Zero Trust, Quantum, Disruptive, EDR, EPP, MDR, Threat Intel & APT to make it even better!)

Details: Category: Cyber Security (Personal); Published: 01 November 2019

Go to Infosecurity Europe in London every year and there is a craze on the above words in brackets. This begs a thought or question, with tens of established and new vendors claiming to have invented the next best thing, do and can they really work? Salesmen/women are there to well, sell and hit targets and do not necessarily know the deeper technical details of the product/service they sell.

This article covers two things:

Do these products even work?
If they do work, will/do people even bother or know how to configure them to the maximum?

Over the years and still to this date I have seen examples of both. Before I go into the personal examples, let’s talk about two massive buzzwords this year, AI (artificial intelligence) and ML (machine learning). I am not here to say they do not work but these are newish technologies and they are still in their infancy thus time will improve them.

What website security headers are and why you cannot see mine

Details: Category: Cyber Security (Personal); Published: 10 October 2019

Last month I moved my website to a new server and rebuilt it from scratch along with: double username/passwords, double ninja firewalling, restricted TLS configuration, security headers, two factor authentication and a SaaS WAF (website application firewall), and more of course.

Many of us technical folk have seen and used SSL Labs by Qualys which gives me a “A” rating though it states I still have TLS 1.0 available which is incorrect. SSL Security Test by ImmuniWeb gives me a “A+” (if only I got this during school GCSE’s!) and states only TLS 1.2 + 1.3. Odd Qualys gets it wrong.

The technical security controls listed in paragraph one are known apart from security headers which are less known about and used. Headers are sent/set by: WAF, load balancer, web application, web server and other devices, and they are sent from the website to the end users’ browser.

Cyber Attacks - Most of them are not as high-tech as you'd think

Details: Category: Cyber Security (Personal)

Hackers have a reputation for using complex technical means to gain unauthorised access to digital systems. However, low-tech (or even ‘no-tech’) attacks are far more common. In this article we explore the low-tech cyber security risks, and how individuals and companies can protect themselves.

Spam, ransomware, phishing, spear phishing and SQL injection are all known attacks which can, and do, breach company and individual security. However QA finds many people do not think about the physical element (what can be physically seen and heard). Firewalls, antimalware, two factor and authentication do not protect against someone over-hearing a conversation, or seeing a screen. It is often said “people are the weakest link”.

Loose lips sink ships
A QA cyber expert was on a flight from a London airport to another location in the United Kingdom, and observed someone unlock their phone, from three rows back on the plane. This was the pattern: