I think we have all recentrly received one (and probably more) of these wonderful mails stating "we have your data, if you want us to keep talking to you let us know". In case you were wondering, this is a side effect of GDPR; and in my opinion an excellent one. Yet many people - including some respected and high profile GDPR experts and "experts" - take the opportunity to attack the senders. But I think this is the wrong reaction.
Some major breaches have seen the light of day lately, and everybody agrees that they will keep coming. I don't believe you will find any security professional respecting himself to tell you that this will stop. The reasons are many, but the most important one is the (lack of) security design. Systems, processes and services have been moving to production without security design for years. And unfortunately in many cases they still do.
In our (security) profession it is becoming common to jump on each other's throat; and the result is the public blaming of the CISO involved - like leaving them alone to take some hard steps in the middle of no man's land.
I'm invited in the Geneva Information Security Day 2018 to participate in a panel in which we will discuss myths and reality around artificial intelligence and machine learning. You may request to join us if you are interested in either this subject, or GDPR or GRC strategy on a IOT and Cloud era. Respected colleagues will share their knowledge and experience and I personally cannot wait to discuss and engage in open discussions around all these topics.
More than a year ago I wrote an article about how you should stop remembering passwords. A few smart people figured out that was I was suggesting, was equivalent to using a password manager. Without the hassle of using one and without the risk of your password manager being compromised. Smart, right?
As everybody probably knows by now, CCleaner was compromised and malicious individuals added multi-stage malware payload on it. A typical case of compromised software if you ask me, pretty much like the one with the Ukrainian tax software that spread Not-Petya. But there is a different aspect to why compromised software is very dangerous, and it actually uses (believe it or not) social engineering in a more advanced way.
Recently I stumbled upon A CyberSecurity story called Deep Thought from ideas42. It is a book dealing with human behavior and how it affects cyber security.