AT&T To Acquire Alienault
I've covered and speculated, and even advised on security M&A over the years, but it's the first time I've been working in a technology company that has been acquired. It's exciting times, and glad to be part of the journey.
- AT&T to Acquire AlienVault | AlienVault
In other M&A news,
- Mimecast announced it acquired Ataata Inc - a cybersecurity training and awareness provider.
- Bomgar acquired Avecto to augments its identity and access management capabilities.
- and the biggie, as Broadcom agree to buy CA technologies for $19billion (yes, with a B)
Cybersecurity - Why You're Doing It All Wrong
A thought-provoking opinion piece by Ed Tuckeron why a lot of security controls in companies don't work. There are some broad generalisations - but it's worth it.
"For too long, security teams have lived the lie that what they have delivered has been effective, but so often they approach it from a viewpoint divorced from the customers they affect. To be fair to most security teams, they are generally blissfully unaware of the inefficiencies of their controls – or ignorant."
- Cybersecurity - why you're doing it all wrong | Computer Weekly
Timehop Shows How Incident Response Is Done
On July 4th Timehop announced a breach. A breach itself isn't really big news these days - often it's just the cost of doing business online.
However, the response from Timehop has been nothing short of stellar! It has published perhaps one of the most detailed updates on the incident I've ever seen - that includes internal breach notifications. They've also provided a technical timeline and even broken down the total number of records and which ones of them are under GDPR.
The company may have shown us all how seriously they take security, not in the fact that they got breached, but in the manner with which they have responded.
Seriously, I think every company should look at their internal processes and ask, if they were breached today, could they produce something similar within a week?
Facebook Fined £500K Ffrom UK Data Watchdog
These were some of the findings of the UK's Information Commissioner's Office – the nation's privacy watchdog – which this morning issued a set of reports detailing the progress made on its 18-month investigation into data analytics and political campaigning in the country.
Although the headlines have focused on the fact the regulator is poised to slap a £500,000 fine on Facebook (the most it can dish out, since the Cambridge Analytica scandal happened before GDPR), there's plenty more dirt to dig.
- Facebook faces £500,000 fine from UK data watchdog | BBC
UK Implements EU Cybersecurity Rules
The UK recently adopted the EU Cybersecurity Directive into UK law, called the Network and Information Systems Regulations 2018 (the NIS regime), which are now in force and can be found here.
- UK Implements EU Cybersecurity Rules | Cordery Compliance
Physcial Attacks For Cryptocoin
23 physical attacks targeted against crypto currency owners catalogued so far. It looks like a worrying trend that is on the rise.
- Known physical bitcoin attacks | GitHub
Fitness App Polar Exposed Locations Of Spies And Military Personnel
A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services.
The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user's fitness activities over several years -- simply by modifying the browser's web address.
- Fitness app Polar exposed locations of spies and military personnel | ZDNet
- After Strava, Polar is Revealing the Homes of Soldiers and Spies | Bellingcat
A few other stories I enjoyed reading recently.