At some point, people will point to the last month and say

“This is when the cyberwar started”.

We are seeing an explosion of internet attacks. Organisations of all sectors – be it tech, non-tech, commercial, non-profit or whatever.

If you are on the internet, you are being attacked. If you can’t prove that they are not successful, chances are they might be. Checking your logs and IDS will show you that probes are hitting your perimeter all the time. This is not news, and has been going on a while. The difference now is a) the frequency of the attacks and b) the persistence and quality of the attacker. To coin a phrase, this ain’t your Mom’s Nmap scan.

It appears that the MoD are waking up to this as well, and are busily recruiting.

“The law of armed conflict, we believe, does apply to cyber-space,”
Foreign and Commonwealth Office cyber-policy director Tim Dowse told
the EastWest Institute Cyber Security Summit in London on

You need to rethink. Quickly. There are a lot of consultants out there that will promise you that a good information security management system (ISMS) is all you need. Ask them the following polite questions:

  1. If an ISMS guarantees security, why is it that companies who have implemented one are getting breached?
  2. Just supposing that my central mail server is breached right now, how will the ISMS detect it? How will it help in

Governance is important, and ISO27000 if implemented properly across the enterprise will assist you in finding the things you need to fix. But its not the whole picture.

And in other news, I can make a shrewd guess (from looking at our SIEM dashboard) what the next big company to get publically pwned will be.

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>