Latest posts from Cyber security updates Join us on LinkedIn PwC UK YouTube channel Subscribe to our RSS feed Join us on Facebook Follow PwC on Twitter

24 October 2014

Secure your bases to lower the risk of mistakes, misuse and malicious activity

By Richard Mardling ‘So, what keeps you awake at night?’ was the innocent question to a CEO recently. Without seeming to think about this for very long ‘Cyber security!’ was the answer. This is a broad subject, so the next question was ‘What do you mean by Cyber Security?’ ‘Oh,...

20 October 2014

OrcaRAT - A whale of a tale

By Dan Kelly and Tom Lancaster It’s every malware analyst’s dream to be handed a sample which is, so far, unnamed by the AV community - especially when the malware in question may have links to a well-known APT group. In my line of work I analyse several ‘unknown’ malware...

17 October 2014

Seven steps to great access governance

By Richard Mardling It is no longer acceptable to not know who has access to what. With ever-changing security boundaries, increasing collaboration, a widening variety of devices and the continued growth of cloud services, it is paramount that only the right people have approved access to your applications and data....

14 October 2014

The IoT or the internet of things that can be broken into?

By Colin Slater Having moved back to Scotland from the relatively balmy climes of New Zealand my thoughts turned to heating and heating efficiency as I loaded the 10th barrow of fallen leaves into the composting heap signalling Autumn was here. Like most people we have a gas combi boiler...

09 October 2014

Phresh phishing against government, defence and energy

By Chris Doman Earlier this year I came to work and checked our monitoring systems that had run overnight. One of them had identified that two new domains had been pointed at a server PwC’s Threat Intelligence team had previously associated with malware known as “Sofacy”. The group using Sofacy...

27 September 2014

How can you deal with Shellshock?

By James Rashleigh The vulnerability, known as “Shellshock,” takes advantage of a bug discovered within the GNU Bourne-Again Shell (BASH) which allows malicious users to remotely execute commands, regardless of restrictions placed on the environment. This vulnerability could be leveraged to take full control of the system, obtain sensitive information,...

24 September 2014

New era of corporate privacy transparency beginning?

By Stewart Room Two stories that caught my eye last week concerned, once again, the principal corporate doyens of the current privacy debate, Google and Facebook. Apparently, Google has constituted a series of Councils involving opinion formers, regulators, academics, lawyers and the public, which will travel around Europe to discuss...

19 September 2014

Malware microevolution

By Tom Lancaster Earlier this September, our friends at FireEye blogged[1] about how malware authors often change their tactics in response to the work of those investigating them. However, most of the time, this evolution isn’t a wholesale change as was the case with APT12. Just as in nature, it’s...

16 September 2014

Are you a woman in the security industry?

By Jane Wainwright Only last week, Elizabeth France, Chairman of the Security Industry Authority spoke of the need to improve gender equality within the security world, with women representing less than 9% of the industry. Our vision for the Women’s Security Society was to create a supportive and welcoming multidisciplinary...

08 September 2014

Data protection – entering the ‘post-regulatory’ age

By Stewart Room The status of the proposed EU General Data Protection Regulation is still up in the air at the moment, but there is a greater sense of optimism around that the reform agenda will complete fairly soon, i.e., in the medium term, say by the end of 2015....