Fresh Security Blog
Fresh Thoughts #31: The State of Cyber Insurance - September 2022
In March we made predictions about the cyber insurance industry. Were we right?
Fresh Thoughts #30: Spring/Summer Directory 2022
With 29 issues of Fresh Thoughts under our belts, it's time to pause and reflect. Here are the themes we have touched on over the last 6-months.
Fresh Thoughts #29: Security Should Be Shaker, Not Silk
The minimal elegance of Shaker furniture doesn't always come to mind when thinking of security... but when security is done right, it should.
Fresh Thoughts #28: Resilience: What Are My Options?
There should never be a budget for unnecessary. But when spending gets tight - resilience can start to look increasingly unnecessary.
Fresh Thoughts #27: Resilience: Keeping the Lights On and the Business Moving
"Never say - redundant. It implies unnecessary. And there's no budget for unnecessary." I was told this 3 days into my cybersecurity career.
Fresh Thoughts #26: How to Right-Size Accountability
Being held accountable but having no control. It's one of the worst feelings I know. Powerlessness. Unfortunately, it's all too common in cybersecurity...
Fresh Thoughts #25: The Revolutionary Advance of Three Random Words
Passwords have always been a problem. But in 2016, the NCSC rejected the legacy password rules and published a new, revolutionary idea...
Fresh Thoughts #24: The Evolution of Cybersecurity: Antivirus
"Cybersecurity tech is constantly changing". Erm… not in my experience. Most of the cybersecurity tech is evolutionary.
Fresh Thoughts #23: The Time a Teenage Girl Broke Her Back
In Incident Response, “doing anything” can sometimes make things much, much worse. And it always burns time. Did I ever tell you about the time when doing nothing meant a 13-year-old girl wasn’t paralysed for life?
Fresh Thoughts #22: Incident Response: What Most Companies Do & How To Respond
Once the shock of a data breach or ransomware attack subsides, everyone starts asking the question… What do most companies do in this position?
Fresh Thoughts #21: The "I've got a policy you can use..." Insult
Cybersecurity policies have a bad reputation. It's well deserved, but it doesn't have to be this way.
Fresh Thoughts #20: Brown M&Ms & Trusting Your Team
Van Halen's rider famously contained a clause requiring a bowl of M&Ms... but no brown ones. While easily dismissed as rockstars being picky - it was anything but.
Fresh Thoughts #19: Tiny Changes, Significant Impact & Board Briefing Packs
At Fresh Security, we help our customers make small, tiny changes to the way they work. But those tiny changes create significant impacts.
Fresh Thoughts #18: Policies, Plans and Bad Weather
In business, there's a plan. But unlike a boat with a rudder and propulsion, there isn't a mechanical way to translate the plan into action. In business, we use policies.
Fresh Thoughts #17: Foundations and First Principles
Cybersecurity doesn't need to be complicated. Here are 2 models to ask questions and find gaps.
Fresh Thoughts #16: Risk Is Part of Business & Why Certification Is Not the Goal
Here are the 4 ways to deal with the risk of business and everyday life... And why security certifications are a goal....
Fresh Thoughts #15: Vulnerability Zero Is A Terrible Idea & Consistent Secure Configuration
Vulnerability Zero is the idea that you should fix every vulnerability. Vulnerability Zero is a terrible idea. Here are seven reasons why...
Fresh Thoughts #14: The Emotional Rollercoaster of a Vulnerability Scan
Where else in life would you ask for a list of perceived flaws in excruciating detail? But that's precisely what a vulnerability scan is designed to do...
Fresh Thoughts #13: Communicating With Certifications & Fingerprinting Vulnerabilities
Some servers are like football supporters on a Saturday afternoon... And security certificates communicate information... quickly.
Fresh Thoughts #12: Lies. Statistics. Risk Transfer & Cyber Insurance.
Are you a hacker - by mistake? And watching an insurance underwriter decide if they will take on risk reminded me recently of being a new manager...
Fresh Thoughts #11: Risk Assessment Mistakes & Do You Need More Security?
The biggest mistake I made on my first risk assessment? It was too detailed. I documented every possible way...
Fresh Thoughts #10: Risk is Not Unique & A Rotten Analogy
For some reason, cybersecurity folks seem to think they have a unique view of risk. But any business owner, investor or accountant knows - there are many types of risks we see in everyday life.
Fresh Thoughts #9: Keeping on Top of Common Threats & Wasted Training?
Why use security awareness training when 90% is forgotten within 1 week? Security awareness training is about creating triggers. To cause people to "feel something isn't quite right".
Fresh Thoughts #8: Seeing Signals & Why Some Bugs are Unpatchable
Security awareness training teaches your team how to spot the signals used in scams. Once they see it...
Fresh Thoughts #7: The State of Cybersecurity Sales in 2022
Cybersecurity conferences are feeling nostalgic. Like it's 2010... but for some reason, no one is talking about the solution to ransomware. So we are...
Fresh Thoughts #6.5: Trust is Earned (Sometimes)
Trust should be simple. Trust is doing what you say you will - over time. Unless you're in cybersecurity, then...
Fresh Thoughts #6: Please. No More Security Soundbites
When you distil an idea too much, all meaning is lost. Security soundbites are contradictory and confusing. Time for a new project...
Fresh Thoughts #5: Password Managers Are Becoming Collateral Damage
Password managers are fundamental to better security practices. But since Christmas, LastPass and Chrome have been working to block each other. Why?
Fresh Thoughts #4: The Price of Cyber Insurance & Know Your Perimeter
The eye-watering price of cyber insurance renewals may be coming as a surprise... Let's have a look at why it's happening.
Fresh Thoughts #3: When Cyber Threats Are “Imminent” What Do You Do?
Doom! Doom! I say. What should you actually do when a cyber attack is imminent?
Fresh Thoughts #2: Zero Trust & Leading Indicators
Zero Trust is everywhere... but is it just another buzzword? And the trouble with looking at the wrong indicators.
Fresh Thoughts #1: Trouble Ahead for Cyber Essentials?
Are the new Cyber Essentials v3 cloud requirements possible for small & mid-sized businesses? Let's discuss.
Why is IT Asset Inventory Management Critical?
IT asset inventory management is one of the foremost security control measures. It increases the company's accountability and protects its assets.
Why it’s important to track what hardware you use?
You need to know what to protect before you can start creating cybersecurity processes and procedures.
How To Stop Hackers Getting In Your Business
Over the last two months, four businesses have approached me for support in managing their security breaches...
Top 10 Cyber Security Frameworks
An overview of the Top 10 cyber security frameworks - covering the UK's Cyber Essentials, CIS Security framework, ISO27001, NIST's Cybersecurity Framework and more.
It’s 2021 and We Still Don’t Know How to Give Password Advice
It’s 2021 and we still don’t know how to give password advice. If you look for password advice in 2021, you will get 2 very different sets of guidance.
Say What We're Not...
This Fresh Security Founder Friday we explore that sometimes it is easier to define what Fresh Security is not than what we are...
When Hackers Leak Data: Trik Spam Botnet, 2018
In June 2018, a threat intelligence analyst from Vertek Corporation unearthed a huge database. It contained 43 million email addresses. The analyst discovered the leak on a server of what’s known as the Trik spam botnet.
Account Takeovers Follow LinkedIn Data Breach, 2012 & 2016
On June 6th, 2012, LinkedIn responded to a seemingly harmless data breach that had occurred the day before...
Hacker Brags About Data Breach: Canva (2019)
On the 24th of May 2019, the Australian design platform Canva intercepted an attack as it was happening, but 139 million accounts were breached. Strangely, the hackers "gnosticplayers" bragged to the media and claimed responsibility within hours of being intercepted. But why?
Top cybersecurity threats and challenges of 2021 - Tonya Hall Show
Fresh Security CEO - Jason Hart - stopped by the Tonya Hall Show for an end-of-year review and to share some ideas for 2021...
Cyber security is a cost of doing business
Is security strategic or just a cost of doing business? While many talk about "investing in security", the reality is...
Is it marketing or a data leak?
Your company's data is all over the internet... is that marketing? Or is it a data leak? Jason Hart shares his opinion.
Where Do Data Companies Draw The Line? Verifications.io Data Breach, 2019
On 25 February 2019 security consultant Bob Diachenko discovered an enormous database of emails and other personal information. Diachenko found that it contained 763 million records...
When Your Contact’s Address Book Gets Hacked: Covve (db8151dd) Data Breach, 2020
For near on 5 months, it was a complete mystery. 23 million email addresses and other personal details were leaked online. Then, in May 2020, Covve, a contacts app, discovered that the security on their platform had been compromised.
Fresh Security Monthly Update - October 2020
For Fresh Security update for October 2020. We had the idea for Fresh Security almost exactly 12 months ago...
Are You At Risk of An Account Takeover? Onliner Spambot
Could highly visible people in your company have fallen victim to a spambot? Given that spambots have targeted billions over the years...
Is Our Digital Footprint in Safe Hands? Part 2: Apollo Breach 2018
Continuing from our last blog, we're looking at another huge data breach of a data enrichment company, this time dating back to May 2018...
Is Our Digital Footprint in Safe Hands? Part I: People Data Labs (PDL) Breach 2019
Businesses that collect and sell data are, unsurprisingly, extremely juicy targets for phishing scammers and identity thieves...
How Do Hackers Hack?
How Do Hackers Hack? In 3 simple steps. Find out as much information about you as possible. Find a weakness. Exploit the vulnerability and get in. Nothing has changed...
Keeping Grandma Out of Trouble With GDPR - Tonya Hall Show
Fresh Security CEO Jason Hart stopped in to chat with Tonya Hall about GDPR on her show, The Tonya Hall Show.
Another Month, Another Way to Make Life Easier…
One of the greatest things we receive from the Fresh Security community is feedback. Lists of problems...
Customer Story: Clifton High School
Clifton High School was an early Fresh Security customer. In this customer story, James Webber explains how the school uses Fresh Security. As curriculum lead for digital learning...
Fresh Security is Moving Faster 🏃
March 2020 update: At Fresh Security, we are a remote-first company, so we have felt little impact. But we are seeing many of our customers and friends adapting...
Prepare to be Shocked - Behind the Repairer Podcast - Episode 2
When Fresh Security's customer Fix Auto told us they were launching a new podcast, we jumped at the chance to help them out. Hear what Jason Hart - Fresh Security CEO - spoke about...
#FridayFeedback: 2 Things I Didn't Know on Monday
With the soft launch of Fresh Security on Wednesday, this week has been focussed on marketing and communicating our values...
Customer Story: Fix Auto
Fresh Security customer reference and case study by Fix Auto UK. Covering why they chose to use Fresh Security...
Our community is awesome!
The Fresh Security community are awesome and has referred 100 businesses. More details in the Fresh Security January 2020 newsletter.
Don't call me "user"
Have you noticed that the only people who call their customers ‘users’ are drug dealers and people who work in IT?
Time to Cut the Jargon
Communication is what the listener understands. At Fresh Security we believe that using jargon is dumb.