Category Archives: General

Beyond compliance: How GDPR can give hackers the upper hand

Published:

Since the implementation of the EU’s General Data Protection Regulation (GDPR) in May, media reports of data breaches have skyrocketed. British Airways, Facebook, Ticketmaster, and Cathay Pacific are all organisations that have made headlines over the last months showing the breadth of sectors affected worldwide by data compromises.

Compliance-driven pieces have been a relatively common occurrence in the media since the application of GDPR. We however aim to look in this blog post at GDPR from a threat actors’ perspective. With GDPR bringing in major changes on the management and transfer of data, threat actors are likely to find innovative ways to exploit and benefit from these changes.

Continue reading

EVENT: The 5th Annual Financial Services Cyber Security Forum

Published:

Security Alliance is pleased to announce that Rob Dartnall our Director of Intelligence will be chairing the 5th Annual Financial Services Cyber Security Forum in London.

Date: 13th September 2018

Location: Grange Tower Bridge Hotel 45 Prescot Street, London, E1 8GP

With global cybercrime costs potentially reaching £5 trillion by 2021, the financial services industry remains the main target for cyber security criminals all over the world and especially in the UK, the leading international financial centre. Figures from the Financial Conduct Authority show that reported data hacking attacks against financial services companies quadrupled in 2017. The National Cyber Security Centre recorded over 1,100 reported attacks, with 590 regarded as significant last year. Thirty of these incidents required action by government bodies, a large number of which were targeted at financial sector organisations.

Continue reading

Bank Reconnaissance, A Hacker’s Guide

Published:

For much of the time, cybersecurity researchers can find themselves limited to informed speculation and assessment about the sort of activity that cybercriminals perform, prior to launching a large cyber-theft operation. We believe that they will be performing reconnaissance on employees at the bank, particularly those in privileged positions linked to the payment and IT platforms, but some of the more precise details are limited. However, every now and again, information will be leaked which can provide some unique insight into the activities of cybercriminal groups and what they look for in a victim.

Continue reading

Politics aside, what we can learn from the DOJ’s indictment of 12 Russian officers

Published:

On the 16th July, the Department of Justice indicted 12 Russian nationals for their role in the cyber operations against the Democratic Congressional Campaign Committee (DCCC) and the Democratic National Committee (DNC). It was the latest in a series of private sector and government publications that provide proof tying Russian hackers to the breaches of Democrat Party institutions and the theft of confidential information.

Continue reading
Digital sovereignty in the age of connectivity: RuNet 2020

Digital sovereignty in the age of connectivity: RuNet 2020

Published:

The Russian Federation is currently pursuing a radical transformation to internet connectivity within the country. RuNet 2020 is an ambitious project to establish a national government-controlled network which is intended to function in an insulated environment from the broader internet in the event of a crisis.

Continue reading

Rob Dartnall speaking at The Hong Kong Institute of Bankers Cybersecurity Solutions Day 2018

Published:

Security Alliance is a proud sponsor of the  The Hong Kong Institute of Bankers Cybersecurity Solutions Day 2018.

The Cybersecurity Solutions Day aims to gather decision makers from the financial sector and serves as a platform for direct networking between industry experts, solution providers and practitioners. Our mission is to bring insights on the latest issues and trends in cybersecurity, and food for thoughts on how to mitigate the risk of cyberattack.

  • Date: 7th March 2018
  • Location: N101, Hong Kong Convention and Exhibition Centre, 1 Expo Drive, Wanchai, Hong Kong
Continue reading

Regional Conflict and the Establishment of Cyber Warfare Testing Grounds

Published:

Regional conflict almost invariably brings with it consequences beyond its initial cause. The surrounding countries and regions suffer in a multitude of ways – from the massive and immediate human misery to ongoing political, economic and civil instability, and more long term diplomatic tensions and wounds that take time to heal.

Continue reading

Horizon Scanning: Hacktivism

Published:

Our historical understanding of protest as a means of political upheaval tends to be rooted in the idea of direct conflict between two clearly defined agendas or ideologies – between grassroots activism and state apparatus, for instance. We imagine crowds marching and holding placards, voicing their dissent in unison.

However, as we become increasingly interconnected and conduct more of our lives online, technology is changing our conceptions of protest and direct action altogether.

Continue reading

Friends or foes? Sino-American relations in Cyberspace

Published:

It may seem to some that China and America are experiencing a rapprochement of sorts in the cyber realm. Compared to previous years, today there are are markedly fewer headlines about breaches of American public and private institutions by the hands of Chinese hackers. Overall, there are fewer indictments being thrown at members of the People’s Liberation Army (PLA) and the level of political and economic sanctions being prepared against Chinese organisations and individuals has fallen since 2014/2015.

Continue reading

The Stacked Vulnerabilities Behind Mega-breaches

Published:

On the 23rd October 2015, it became public knowledge that 156,959 TalkTalk customers had their personal data exposed due to the insecure retention of customer records.

The breach dealt a major reputational blow to the telecommunications provider, and for many, the company has joined a growing list of brands that are now synonymous with a major breach of personal data.

Continue reading