Let’s take a step back…

2020 – what a year has it been so far… The world around has changed so much, so quickly. I wont touch here how serious the economical after effect is going to be, for everyone’s sake, including mine. 2020 and COVID-19 has already marked it’s place in the history. I still remember reading this article on 3rd of Jan 2020: Company shuts down because of ransomware, leaves 300 without jobs just before holidays. The actual company closure has been announced on 2nd  of Jan. To cut the story short – the company has been hit with a ransomware attack and they’ve decided to pay the ransom hoping to get keys to their data back. What has happened next? They got asked for payment again, and again, and they’ve kept paying. And this has resulted in 300 people entering 2020 without a job. It was a very unpleasant read to me personally. The beginning of 2020 was not all bad news: The new decade has begun relatively well, with a six-month low of only 61 disclosed cyber security incidents. (and only 1.5 billion records breached, source). It will be interesting to see how the 2020 is going to end in...

Continue reading

Cybersecurity approach – a game theory?

A while back I have come across a short but very interesting book ‘Finite and Infinite Games‘ by  James Carse. I’ve really enjoyed the read and thesis around looking at pretty much everything in life as a game, be it, for example, business outcomes, personal targets or career. In a nutshell, a finite game can be defined as: – players are known prior to the game commencement – fixed rules – agreed-upon objectives – chess, football, basketball – we declare the winner and the game is over And then, there is an infinite game: – players can be known and unknown – the rules and players are changeable – and the objective is to keep the game in play to perpetuate the game I personally really like this approach as it can be applied to many aspects of life and can be an interesting way of looking about everything we do – what our goals are and how we are approaching them. I think this resonates particularly well in regards to a cybersecurity strategy. Let’s take a very quick look at what’s been happening in the security industry over the recent years and what the trends have been like:...

Continue reading

Brief highlights of the Verizon 2018 Data Breach Report

The latest Verizon 2018 Data Breach Report (11th edition) has been published and it’s certainly a great read. This year the data comes from over 53,000 incidents and 2,216 confirmed data breaches. Based on the report, most of the data breaches are caused by outsiders (73%) with organised criminal groups accounting for 50% of the breaches. It should not come as a surprise that as much as 58% of victims are SMB’s. They are very often most resource constrained in their security efforts and this trend continues to carry on. The healthcare industry is also a popular target to hackers, especially in United States of America where the data coming from healtcare breaches is very valuable. Stolen credentials and phishing continue to be within top 5 action varieties in breaches. Unlike pretexting, which is financially motivated over 95% of the time, motives for phishing are split between financial (59%) and espionage (41%). This is a very brief post and I highly encourage everyone interested to read the full report, available as a free download here....