As in many industries, work in a fast-growing cyber-security firm can blur the lines, with conference calls at 10pm, proposal writing at midnight and 3am incidents a pretty common occurrence – traded against late morning starts and quiet days. Shortly before the arrival of my first child a year ago, I was worried about how …
What’s in a Name? The Unspoken Arms Race of the Cyber Security Industry
The 2016 US Government report detailing Russian malicious cyber activity named 40 separate Russian state-aligned cyber threats, drawn from security vendor marketing and research. Indeed, the advisory came with its own monicker ‘Grizzly Steppe’, bringing the names involved to 41 (plus suspected civilian groups). Despite this apparent proliferation, Russian state-aligned cyber activity is suspected to …
From Breach to Bankruptcy – How the Terminal Impact of Cyber Attacks is Accelerating
The time it takes for firms to go out of business due to cyber attack is decreasing. In 2000 it took ten years, in 2017 it took just eight months. In fact, since 2010 the cyber attack ‘time to Terminal Impact’ (bankruptcy) has pretty much halved every two years in a twisted inversion of Moore’s …
5 reasons why innovative security teams are creating genuine return for the business
Is it ever possible for security to be more than just an insurance policy? Every so often a security firm will have a go at trying to change perceptions – to convince its C-level target market that security can actually be more than just a cost-centre. For security to actually be an enabler – and …
Things I Learned from Crowdfunding my MBA
Crowdfunding my MBA was one of the best decisions I ever made – I learned as almost as much from the process as I did from the course itself. Here I’ll give you a quick view on how I did it, what I learned from it, and what you might also take from it. In …
Why is the Cyber Security Industry Addicted to Marketing?
The world’s largest cyber security firms spent startling amounts on sales and marketing last year, allocating 41% of revenue to their commercial activities. Indeed, some companies exceeded 50% and even 60%. When compared against other B2B tech firms such as Cisco, (19%) or Microsoft (17%), it’s clear that the cyber security industry is somewhat different …
White House ‘Cost of Cyber Report’ is misleading
Has the White House has got it wrong with its ‘Cost of Malicious Cyber Activity to the US Economy’ report? It estimates damages of up to $109 billion per year – which is a nice media-friendly figure, but anyone actually reading the report is likely to dismiss it because the way in which these damages …
Cyber-Security Predictions for 2018
My 2017 in cyber; 12 months in detection and response, and predictions for 2018. Supply Chain Attacks The big trend of 2017 was supply chain attacks. Your attack surface extends out beyond your firewall, and compromising your key suppliers, partners, even customers represents a trusted route straight into your organisation and we saw exponential growth …
APT1 – What Happened Next?
This is a story of global geopolitics, economics, and of nation-state sponsored cyber-attacks where the targets – then world leading firms – went out of business faster than the average tenure of a CEO. This is the story of APT1, three years on. Who were APT1? For those unfamiliar, APT1 (Advanced Persistent Threat) were a …
Why the Security Industry Needs to Let Go of GDPR
The cyber security industry has always been a hotbed of misinformation and falsehoods and it’s time to lift the lid on another of these – the incoming GDPR data protection legislation, coming into force in May 2018. As an industry we have been selective to the point of deceit with referencing GDPR, clamouring ‘if you …