Category Archives: News

Smashing Security podcast #383: The Godfather club, and AirTags to the rescue

Read Time:23 Second

There’s a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.

Plus – don’t miss our featured interview with Maya Irvine of Sysdig.

All this, and a very bad Cockney accent, in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and Carole Theriault.

Read More

Cybersecurity in a Cycle: Balancing Repair and Replacement for Optimal Security

Read Time:4 Minute, 9 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Regularly updating your policies, software, and systems is crucial to your long-term cybersecurity efforts. However, failing to properly plan these updates can undermine your continuity plans and impede your business’s productivity and profitability.

As a cybersecurity specialist, you can balance repairs and replacements by creating a dynamic, adaptive strategy that accounts for industry trends and responds to emerging threats without causing unnecessary expenses to the company.

This approach will help your firm save on replacement costs when repairs are more cost-effective. This is key, as regularly updating aging devices can extend the hardware and software lifecycle without putting your firm at any undue risk.

Replacing vs. Repair

If you work in a firm that utilizes a large network of digital assets, you’ll need to regularly reassess whether the tech you use is still up to standard. Regular replacements and repairs are essential to keeping the IT network working, making proper cost analysis worthwhile. When making asset management decisions, consider:

Regulation: You must be current with legal changes in your industry or risk significant fines and legal action.
Asset Performance: Unnecessarily slow, old devices aren’t just bad for business — they put your firm at risk as outdated hardware is more vulnerable to attacks.
Operational Continuity: Taking a key asset offline may help you make repairs, but how will it impact the total productivity of the business? If repair costs are too high, you’ll likely want to explore replacements.

Generally, it’s best to repair new assets that are still well within their lifespan and warranty. If labor costs are low and parts are readily available, deciding to fix a broken screen or a burnt-out processor can save you plenty of time and money.

However, if repairs are costly and time-consuming, you’ll almost certainly want to replace them. There’s no point continuing with a device approaching the end of its lifecycle and at risk of becoming obsolete. Continuing to use devices unsupported by the manufacturer presents a security risk, too, as they won’t receive the necessary updates that more recent releases will get.

This same approach applies to digital assets like documents. Digital files have lifecycles, just like hardware. You must have a clear plan in place for old documents that you plan to delete. Rather than seeing the “delete” button as a permanent solution, increase your security by erasing FAT, NFTS, Ext, and HFS+ documents.

Iterative Planning

Repairing and replacing devices requires a team-wide effort to track, manage, and maintain the company’s many assets. Doing so requires a collaborative effort over the course of weeks, months, and years. As such, you’ll want to adopt an iterative approach to planning repairs and replacements. Iterative planning models for project teams include:

Treat projects as “chapters” in a broader business “story”l (i.e., pushing a password update is part of a more comprehensive security story).
Give stakeholders clear roles within the story.
Encourage feedback from all parties involved in every iteration of the plan.
Use regular meetings at the beginning and end of each iterative chapter to improve collaboration.

Using iterative planning to balance repairs and replacements can help you prioritize the most critical cybersecurity tasks and ensure that people are accountable for their obligations. Creating a clear iteration schedule also helps you plan ahead while still offering improved operational agility. For example, if you host weekly iteration meetings to discuss repair progress, you can raise issues and pivot towards new strategies in the face of emergent challenges.

Proactive Testing

Replacing and repairing your assets can protect your firm from malicious actors. However, you can’t ensure your repairs have worked if you fail to properly test the changes you’ve made. When rolling out changes, get ahead of malware and hackers by conducting proactive cybersecurity testing. These tests should include:

AI-lead attacks that quickly test vulnerabilities within your IoT and cloud network;
Data reports from machine learning algorithms designed to assess emerging threats;
Security awareness tests designed to expose flaws in employee training.

For example, if you’ve recently rolled out a series of updates to your IoT and now require multifactor authentication for employees to access IoT data, you can test the effectiveness with penetration testing led by external auditors. This will assess engagement with your new policies and help emphasize the importance of following best practices should an employee fall foul of a simulated attack.

Conclusion

Utilizing iterative testing and maintenance can help you create a cyclical cybersecurity plan that keeps your business safe. An iterative approach can aid your efforts to assess whether an asset should be repaired or replaced. Replacing faulty or outdated devices can increase your firm’s resilience in the face of an attack and keep you ahead of regulations.

Read More

The AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smells

Read Time:36 Second

In episode 14 of “The AI Fix”, Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working copy of the computer game Doom.

Graham learns how to escape from a police sniffer elephant, an AI-generates a smell with no odour, and Mark explains why the world’s best LLMs think there are two Rs in “strawberry”.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Read More