Security Made Simple
Whaling When people launching spear phishing attacks against senior members of staff, this is known as whaling (because they’re after the big fish). That’s the only real difference in the terms, though the types of attack may differ slightly. Whales are more likely to be the target for mandate fraud, where an email purporting to … Continue reading W is for …
Tailgating Tailgating is very easy to spot. It’s when you follow someone through a barrier without swiping your entry card, adding your pin number etc. You might have seen someone do this in a car park or elsewhere, following another vehicle in without paying: it’s the same principle. Trojan Taking its name from the Trojan … Continue reading T is for …
Red Team Just as penetration testers try to get access to an organisation electronically, red teams try to get physical access to the organisation. They use a combination of Open Source Intelligence gathering and social engineering to get access. These teams are typically engaged by senior management to test processes such as visitor registration, tailgating, signing in, … Continue reading R is for …
This story appeared on the BBC website the other day. Basically the town’s borough council was hit with ransomware and their systems were brought to their knees. It’s not unusual for one or two devices in an organisation to be infected with Ransomware. Typically those devices are isolated from the network and all other machines … Continue reading Town dusts off typewriters after cyber-attack
MacOS This is the Operating System used by Apple Macintosh desktop computers, not to be confused with that used by their smartphone and tablet devices which is iOS. Man in the middle (MITM) As the name suggests, this is a form of hacking where network traffic or messages are intercepted by someone sitting between the … Continue reading M is for …
Hacking I’m pretty sure that you’ve all heard the term “hacking”, and you probably know that it has negative connotations. But what exactly is it? Put simply, it’s trying to get access to a computer or network using vulnerabilities in the security of the target. Note that I don’t necessarily say software: people can be … Continue reading H is for…
Through discussions with various clients and perspective clients, at conferences, events and forums, it is very apparent that a lot of companies know that they need to do “something about cyber” but many, particularly in the Small and Medium Enterprise (SME) arena, are unsure of what that something should be. My response to them is … Continue reading 10 Steps to Cyber Security – Part 1 of 2
I published this article on LinkedIn on Monday 3rd July 2017, and I’ve copied it here for you. If you don’t know what you have, how can you measure it? We read a lot these days about equipment and training to help combat cyber attacks and reduce risks, but I don’t see much about today’s … Continue reading How does your security measure up?
Just thought I’d share this piece from the Hoax-Slayer website (great site to visit often, in my opinion) which basically confirms everything I said in my previous article on here. It’s good to know I wasn’t giving you false information! Other things to look out for, which I hadn’t mentioned previously are: the sensationalist videos, … Continue reading I told you so…
I’m sure that if you’ve been watching the news recently, you’ll have heard the phrase DDoS, which stands for Distributed Denial of Service. It sounds fancy and complicated, but it’s actually pretty straightforward. Let’s start at the beginning. A website is typically nothing more than one (or several, perhaps up into hundreds for some big … Continue reading DDoS – what’s that?
Easy Cyber 