Europol has recently released its 2017 report on organized (SOCTA) crime in the EU. In this report they identify 5 key threats to Europe from organized crime groups. In addition to cybercrime itself, the report pulls forward illicit drugs crimes, migrant smuggling, organized property crime and labor market crime. Cybercriminal activities are often integral to… Continue reading Cybercrime one of 5 top organized crime threats to Europe according to EUROPOL
Automation is a part of social media today. They can help locate, aggregate and share interesting content. They can also be used to spread spam and malicious links. Try any popular hashtag and it is quite likely a bot will retweet you. Some of these bots have lots of followers - potentially reaching a lot… Continue reading Hashtag bots spreading spam and malicious links
Most organizations have password policies that require users to change their passwords every XX days, and that they use a minimum (or sometimes fixed!) length, and a combination of capital and small letters, numbers and special symbols. But what exactly makes a password "strong" or difficult to guess? https://www.youtube.com/watch?v=LAvndaB65PE&feature=youtu.be Entropy can be used to measure… Continue reading Is complexity better than length when it comes to passwords?
In CISO circles the term "shadow IT" is commonly used for when employees use private accounts, devices and networks to conduct work outside of the company's IT policies. People often do this because they feel they don't have the freedom to get the job done within the rules. This is not only for low-level clerks… Continue reading Top of the iceberg: politicians’ private email accounts and shadow IT
Phishing e-mails is the most common way for a hacker to breach the initial attack surface. Filters and blacklisting technologies have been less than effective in stopping such threats, and it is up to the cybersecurity training and awareness of the user to ensure safe choices are made. Now phishermen have new ideas about making… Continue reading Hijacking existing email threads: taking phishing to a new level
A few days ago I wrote a post on the lack of cybersecurity skills in corporate boards, and how to fix that. This became one of the most popular posts on the blog. That's why I created this short summary video - that you can easily share with your top management and board members. https://www.youtube.com/watch?v=HQF9G2lUDPM… Continue reading Cybersecurity for boards – the short story
When performing the risk and vulnerability assessment required by the new IEC 61511 standard, make sure the level of detail is just right for your application. Normally the system integrator is operating at the architectural level, meaning signal validation in software components should probably already have been dealt with. On the other hand, upgrading and… Continue reading IEC 61511 Security – getting the right detail level