Author Archives: Andrew Smith

About Andrew Smith

Andrew is a senior systems-engineer with over 20 years experience in corporate and small business environments. This includes consulting for large ICT service providers. He has supported systems at every level in the organization, including infrastructure, operating systems, applications, and perimeter protection. He also collaborates with software development teams on web, database, and infrastructure security. Andrew has co-founded multiple ICT businesses, where he advises on cybersecurity strategies and policies. Andrew has a 3-year National Diploma in Electronics (light current).

NIST focuses on IoT in new proposals

18 August 2017 – A new draft of the Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations has been proposed by the US National Institute of Standards and Technology (NIST). The publication focuses on privacy and addresses current issues of the Internet of things and...

HBO hacked: “Game of Thrones” episodes stolen

Late July 2017, HBO confirmed that it had been hacked. At the time, they were not commenting on what might have been stolen. In an email to employees they are quoted as saying “… there has been a cyber incident directed at the company which has resulted in some stolen...

IoT: The Internet of Trouble?

Back in the latter half of 2016, the website of a security advisor, Brian Krebbs, came under an extreme DDoS (distributed denial of service) attack. His website was was subsequently taken offline after receiving 620-665Gbps (Gigabits per second) of malicious traffic. This was, at the time, the largest attack ever...

Smarter Users, Better Defence

Users can be a weak link in an organization’s overall cybersecurity defence effort, but they are a vital part of the business ecosystem. As cybersecurity professionals, it has long been our job to recognise the traps and pitfalls that litter the Internet. However, many users remain unaware of the risks....

Petya: behind the mask

Tuesday, June 26, 2017 started out like any other day except for the fact that another ransomware infection started spreading around the world. Initially it looked like Petya, a ransomware worm that purported to encrypt data at a hard disk level. This, however, was not the case – in more...

Workplace Cybersecurity Awareness

Whether it be an email from your IT department asking you to log into the new mail portal, or an email from the Finance Director telling you that a supplier’s details have changed, one of the weakest links in any organization’s cybersecurity infrastructure is uninformed employees. Phishing attacks are a...

Vulnerability in WINS won’t be fixed

By now, admins running Microsoft Windows servers in their environments should already have removed the use of WINS, but if they haven’t, now is the perfect time to give it the bullet for once and for all. According to Fortinet’s Honggang Ren, a vulnerability exists in the proprietary Microsoft Windows...

Why was “Wannacry” so successful?

In May 2017, “Wannacry” marched across the world virtually unchecked for several days, infecting over 230 000 computers in at least 150 countries, reminiscent of Sasser and Morris. In hindsight, these infections were mostly preventable. The hardest hit systems were running Windows 7 and Windows Server 2008, the backbone of...