Paraphrasing the key conclusions of Organised Crime in the Digital Age , a study into digital crimes by BAE Systems Detica and the John Grieve Centre for Policing and Community Safety: Digital crimes are superceding drug crimes. 80% of digital crime is conducted by organised groups rather than lone criminals. Group structures vary (clustered, hierarchical etc). Two thirds of organized digital criminals are over 25. The median size of groups is 6 members, while one quarter are 11+.  However, even small groups can inflict significant damage. A quarter of active groups are new (in operation less than 6 months). Traditional criminals are increasingly using digital tools/techniques  There are implications for governments and the police, naturally, but also perhaps for the potential targets/victims of organised e-crimes and those whose services are being used by them - particularly social media and financial services.  However, it's far from obvious (from the summary report any...

Offices are where most knowledge workers do our thing – it’s where we hang out, creating our stuff, pushing papers, processing information.  We mostly take our space for granted but have a quick look around at your own workspace.  Is your cubicle a paragon of security?  Everything neat and tidy, all sensitive information safely locked away while not actually in use?  Or is it more like mine - a mess, a dumping ground for all manner of paperwork, computer equipment and media?  Do you eat lunch “al desko”, dropping crumbs in the keyboard?  How many times have you spilt coffee and gummed-up your mouse?  Or is it just me? Rather than inhabiting the rat-run that is the average corporate office block, maybe you are one of the growing band of road-warriors and home workers.  Your office may be a spare room, an Internet café or airport departure lounge, or a lapt...

Here's a neat illustration of the different elements or phases of business continuity management in action. When the standby generators failed during a power cut, surgeons in a Canadian hospital completed an operation by flashlight , M*A*S*H-style. The power grid is designed for, and in fact generally achieves extremely high levels of, resilience. As a whole, it is a well-engineered high availability system and a massive investment for Canada. The first standby generator is a recovery mechanism for the hospital.  It takes over when the grid fails. The second standby generator is a further recovery mechanism.  It's not entirely clear from the article whether the second generator is run in parallel wth the first, sharing the load, or a full-capacity system available as a backup if the first fails.  The flashlights located around the hospital, along with the willingness of employees to remain focused on getting the job done and do whatever it took, despite the adverse circum...

A short item on the Symantec blog introduces a 'honey stick'-type experiment with smartphones .  The project, part of the honeystick initiative, abandoned 50 phones in public places in US and Canadian cities and tracked their use (using 'phone home' type dummy apps and GPS) to see what happened when they were found.  Although half of the finders made some attempt to return them (good on yer!), nearly all finders snooped around on the phones.  Some finders might have been simply trying to establish ownership, others seem to have been exploring for sensitive information.  A few might have gone beyond simple curiosity. Blogger Kevin Haley recommends three controls: Use the screen lock feature ...  Use security software ... Make sure that the mobile devices remain nearby and are never left unattended ... Fair enough though somewhat banale, but Kevin hints at another useful control in saying "It is also a good idea to make sure that they can differentiate their d...

Provided you are not expecting detailed guidance on how to raise security awareness, this book gives reasonable introductory-level coverage of network/ICT security including a few aspects that are barely mentioned in some similar texts. While the cover blurb refers to providing "a high-level overview of how to protect your company's physical and intangible assets ... [that] explains the best ways to enlist the assistance of your employees as the first line of defense in safeguarding company assets and mitigating security risks", the book is primarily concerned with network/ICT security: human factors and security awareness are covered but not in much depth. The level of detail varies between and within chapters. "Diplomacy", "Interdepartmental security", "Physical security" and "Computer and network forensics" are not universally covered by network/ICT security books, making these chapters welcome additions. Emphasizing the human as...

Malware has been around since the Creeper virus of the early 1970’s and the Morris Worm of 1988.  Journalists refer to all types of malware (malicious software) as “viruses” but we prefer to distinguish actual viruses from worms, Trojans, spyware and other privacy-compromising software, logic bombs, ransomware, backdoors and trapdoors, rootkits and exploit kits.  For those not already familiar with malware, that’s a bewildering list of nasties: through this month’s information security awareness materials (including a 5-page hyperlinked glossary), we patiently explain the nature of the malware threat and encourage employees to help the organization by reducing malware vulnerabilities.