Maersk Incident Response

Maersk Incident Response

Updated May 2022 Fire drills are commonplace. We test the alarms, the evacuation procedures and the fire marshals get to practice their roles. In a cyber attack there can be just as much chaos as with a fire, perhaps even more so. This is why incident response is such...
Are all Insider Threats bad apples?

Are all Insider Threats bad apples?

The “bad apples” argument for insider threats is simply too reductionist. Here is why:  When an intentional insider threat manifests it is a product of a hugely complex and escalating set of circumstances. The argument that they are “just bad people...
Your New Ransomware Business Partner   

Your New Ransomware Business Partner  

2020 and 2021 have seen some pretty epic ransoms being paid by companies that at one point in time you would have assumed would never pay. Ransomware groups have undertaken a rebranding of sorts. They have their business model pretty well tuned and their...
Rebuilding after a cyber attack

Rebuilding after a cyber attack

We talk a lot about handling the initial car crash of a breach. What to do first, the comms that need to go out and the reporting to regulators. This all happens within the first few hours or days of a breach being discovered. What about after that? Last week I ran...
The Gold-Silver-Bronze Command Structure

The Gold-Silver-Bronze Command Structure

The Gold-Silver-Bronze or ‘GSB’ command structure was rooted in and developed heavily by the UK emergency services. It was designed to establish a clear hierarchical framework and operational clarity for the command of major incidents or disasters. It is now used by...
Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case (Khatilov)

Tesla Insider Threat Case Study   According to the official Filing, Tesla is suing a former employee and software engineer named Alex Khatilov alleging trade secret theft and breach of contract. What actually happened? Khatilov was hired by Tesla in to work on...