This month marks 20 years since the ILOVEYOU virus hit computer networks. For me, it represented a milestone in my security career. Up until that point security was a technical challenge, solving challenges associate with the global distribution of public keys for secure email exchange. (Aside, I’ve blogged on this many times, it is a challenge still not resolved in a usable way today).
My first exposure to ILOVEYOU is when the Nexor CEO came into our office confessing he may have clicked something, and his computer was now behaving strangely. The remedy was fairly easy, disconnect from the network and rebuild the PC. To be honest, as a technologist, it was quite exciting at the time, seeing a real live virus in action.
The learning was more important. Security was about far more than technology. It’s also about people and process.
I could go on about how the CEO should not have clicked the link, but the last 20 years have shown those links will still be clicked no matter how much education we try. Don’t get me wrong. Education is still vital and will reduce the number of incidents, but incidents will still happen.
The more interesting part of the 20 year old incident, was the learning around incident response. We were able to contain the incident, be we (sort of) knew what were doing and took no risks – we went for a rebuild, despite the inconvenience to the CEO. What we had unwittingly created was an early example of an “incident response plan”. This was about process and relatively simple technical steps (rebuild a PC) and some post event briefings. It was not long after that I started to understand where emerging standards like BS7799, which became ISO 27001, fitted in the over all security story.
This month, 20 years later, I’ve just briefed on of my team who is creating an incident response plan for a customer. Who would have thought such a simple incident would have direct relevance 20 years later!
Having been on a customer site all day, I returned home to scan my email.
Over half the emails were festive greetings, with all sorts of creative content: embedded images, attached animated images, links to sites with festive messages and attached files with seasonal offers.
What could possibly go wrong? Continue reading “Bah-Humbug”
The Culture, Media and Sport Committee, appointed by the House of Commons, has produced a report on “Cyber Security: Protection of Personal Data Online”
Recommendation 3 states “To ensure this issue [cyber security] receives sufficient CEO attention before a crisis strikes, a portion of CEO compensation should be linked to effective cyber security”
Continue reading “CEOs: How to avoid a cyber pay-cut”
In the address bar of THIS blog, you should see a little padlock… Continue reading “What can you learn from a Padlock?”
To see if a web site is secure, we have been trained to look for the padlock in the browser. Sadly, not all padlocks are the same… Continue reading “Is that Web Site Secure?”
Dear Virgin Media
I recently decided it was time to change my password on my NTLWorld email account (managed by Virgin Media). I entered a new password only to be told “Password too long”. How long was my password? 11 characters. 10 characters are OK apparently. Continue reading “Why is my Password Too Long?”
As 2016 approaches, I thought it would be nice to look back on 2015 and share with you the Top 10 most viewed blog posts here on this blog. Let the countdown begin … Continue reading “Top 10 posts from 2015”
How do you evaluate an Information Exchange Gateway solution? I’ve blogged previously on Cyber Matters about how Information Exchange Gateways (IEGs) need to be built in a flexible manner to meet a variety of customer requirements. The other big question from potential customers is how do they know that they can trust a solution? Continue reading “How do you evaluate an Information Exchange Gateway solution?”
A recent project at Nexor required us to look at the challenges of providing access to the DNS from a secure environment. It reminded me of the issues related to DNS tunnelling.
Continue reading “DNS Tunnelling”