Jess Figueras

Encountered quite a convincing scam tonight.

Nice Geordie lady called, apparently from my credit card company - flagging suspicious activity and asking me about transactions and logins that sounded off. Nice and detailed, professional tone. She read me the last 4 digits of my card number.

As if it's an official source which can be held accountable

Hell yeah!

Nice

I mean maybe the policy is about preparing kids to read increasingly miserable news headlines with equanimity. We could all do with a bit of that. Stiffen the upper lip as we pick up the morning Guardian or Telegraph.

If you see this, quote with the energy you bring to Bluesky

EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis EU data protection authorities find that the consent popups that plagued Europeans for years are illegal. All data collected through them must be deleted. This decision impacts Google’s, Amazon’s and ...

Big news this evening

This EU ruling has been 7 years in the making

www.iccl.ie/digital-data...

A large number of security alerts

A really emotional and inspiring story of burnout and recovery from Andrew Barber. Jobs which look like this 👇 24x7 take a serious toll on cyber professionals. Our digital first responders should not need to be heroes and organisations must take care of them

#whitehallgovsec

Data Security and Protection Toolkit (DSPT) for Care Providers What it is: A self-assessment tool mandated for all NHS partners, including adult social care providers. The ASC version is tailored to care provider's operational conditions and regulatory requirements. It is accompanied by the Better Security, Better Care programme

Cyber security of the social care sector was immature and unsophisticated until recently, says Michelle Corrigan. But the DSPT has changed that

#whitehallgovsec

Panel speakers listen to questions from the audience

Question from the audience: our CEO wants to know when cyber security will stop being a top red risk, given all our efforts to reduce the risk score. What do I say?

Answer: it will always be a top red risk. Tell your CEO to accept the new reality.

#whitehallgovsec

As M&S approaches a month offline, business continuity is on everyone’s mind. David Leech says you need to define your MVP: Minimum Viable Company

#whitehallgovsec

(Have just committed the conference chair’s cardinal sin by wrongly announcing lunch 1 hour early. The last morning speakers are now under extreme pressure to be even more compelling than lunch.)

#whitehallgovsec

The threat to government security National Audit Office • The size, age and diversity of government's digital estate makes it challenging to be cyber resilient • The threat is rapidly evolving and is the most sophisticated it has ever been • Cyber attacks routinely target government organisations and can have devastating effects on public services and people's lives

A pithy summary of the problem for government from Jonathan Pownall

#whitehallgovsec

You’ve got to get your board on board, says Richard Pilkington. YES!!! This is the cyber governance structure at Clatterbridge Cancer Centre NHS trust.

#whitehallgovsec

Picture of Andrew Dillon

More on risk prioritisation: Andrew Dillon says we shouldn’t treat users as alike when it comes to human risk. Different groups have different skills, roles, permissions etc.

Food for thought as most organisations roll out universal cyber awareness training!

#whitehallgovsec

Curious - how did the BBC verify that they were genuinely speaking with the criminal gang responsible?

Plus, I would not be making confident statements about someone’s English language proficiency based on a text conversation !

Reporting on stories like this is a minefield, IMHO

The Problem: Most organisations cannot accurately identify which suppliers pose the greatest risk and traditional assessments focus on tier-1 suppliers and procurement value. IDENTIFY The Solution: • A multi-dimensional risk profiling approach that considers: • Access to sensitive systems/data • Integration depth and privileges • Substitutability and concentration risk • Geographical/jurisdictional factors How to begin? Start by mapping your suppliers against these four dimensions.

We should require higher levels of security assurance from higher risk suppliers, points out Andy Simpson. Unfortunately, procurement teams define high risk as ‘large contract size’ rather than looking at what the supplier is actually doing!

#whitehallgovsec

Slide reads: “NORMALISATION OF DEVIANCE. Permeates into the organisation becoming acceptable to simply accept risk without knowing even what it is let alone effectively managing it”

Chairing #whitehallgovsec again today. Stuart Frost observes that organisations’ lack of action on supply chain security means we’ve accepted the risk without even knowing anything about it

Lol

Embrace it. It’s a socially sanctioned way for us to say that people who are older or younger than us are dreadful

See you there!

Get off social media and do more of this sort of thing. The world would be a better place if we did

Yes. The weekend FT is also reaching new levels of silly. I suppose it’s all cope for the geopolitically-terrified.

I guess George Osborne’s experience with the ‘pasty tax’ put politicians off … but I’m surprised by enduring lack of action on alcohol. Given public awareness of harms is growing, feels like the right time to tackle it

Movie you’ve watched more than six times using gifs. (“Hard mode” no Star Wars, Star Trek, or LOTR).

Ohhh yes. I am still awaiting my opportunity to say “forgot to give you something…” to someone awful

Best film EVER

The best thing I've seen all week

Sounds like a cheery read

A three part cartoon. In the first part it shows a sad engineer looking at a big rubbish pile of tech complexity in the way of building apps In the second part it has the title "What people think AI will do" with a Happy Non-Engineer on the left, a bubble with "AI!" then a rubbish pile titles "Hidden pile of complexity that no longer matters", then the Apps on the right again. In the final part, titled "What is actually going to happen" is a sad engineer on the left. A new rubbish pile of complexity (AI pipelines, templates etc), then the AI bubble, then the old pile of complexity with two sadder engineers looking over it, then the apps on the far right

By @forrestbrazeal.bsky.social