When managing risk it’s easy to dismiss certain events from happening because they seem too far removed from our perceived reality. The reality is however that our perception of what we think is far from reality can be vastly skewed. Humans tend to underestimate the likelihood of certain events occurring. For example, the risk of…
Read more
It seems to me that ransomware is everywhere. More often than not, it’s particularly undignified and highly newsworthy, but it’s always there: headquarters and subsidiaries, major organisations and SMEs, charities and financial services, logistics, aviation, ransomware is our old friend. When ransomware hits a company without good security, as far as I know, none of the phone…
Read more
Sun Tzu, wrote in the Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in…
Read more
We all know about some social engineering techniques. Phishing for example is a technique that most people have heard of – but there are many others. For example, there is a pricing gimmick that attempts to persuade buyers that a product is not that expensive. The gimmick is to present the cost of the product…
Read more
When pitching for consultancy work, many of our clients are [initially] surprised we at Fox Red Risk do not price any of our services based on a daily rate model. It seems the majority of consulting organisations, small and large, price their jobs based on some form of time-based billing. This billing approach may be…
Read more
According to the 2020/21 ICO annual report, around half of the [46% of ~40k] complaints the regulator receives are related to subject access. Fulfilling DSARs is clearly an area where Data Controllers are facing challenges with data subject satisfaction. In a previous article, I wrote about coping with DSAR volumes, suggesting methods to bring such high numbers…
Read more
No doubt, if you’re following the news, you may have seen an uptick in the number of ransomware attacks doing the rounds. There have been quite a few. In particular, the Colonial Pipeline attack. It’s beginning to seem a lot like Groundhog Day! You would think, after seeing how the ransomware attack in January 2020 crippled…
Read more
Every time there is a major incident, whether it be a global pandemic or a natural disaster. Whether it be an IT Outage or a bout of unseasonably hot or cold weather, the rallying cry of those trying to defend the paucity of their response to the unfolding events is now cliche: “We never thought…
Read more
Single points of failure (SPOF) creep into many business processes. Often unintentionally. Some exist from the outset but were simply not assessed, or were assessed and deemed low risk. That legacy server running a critical piece of code wasn’t legacy at the beginning. That retiring SME, the one who wrote the code, had just started.…
Read more
It’s Monday morning and I have already been up for a while. I have had a few cups of tea. I have answered a few emails. I have written and submitted a proposal for a new piece of work. It’s a great client too. When I submitted the proposal I had a sense of relief…
Read more
