Gartner Blog Network

Jonathan Care
Research Director
1 years at Gartner
22 years IT Industry

Jonathan Care expertise includes payment systems, cybersecurity, fraud detection and prevention applications, authentication, identity proofing, identity theft, and insider threats. He also covers the PCI compliance program, tokenization and the security aspects of payment systems. Read Full Bio

After WannaCry 1.0 comes the WannaScammer

by Jonathan Care  |  May 18, 2017

I’ve received reports about scams like the one featured in this blog post. The scammers have cleverly reproduced the domain and email address, making it look like the email legitimately originates from BT. The result is a well crafted alert that could easily dupe a concerned business leader trying to understand the status of sensitive […]

Read more »

3 things to do immediately in the wake of WannaCry

by Jonathan Care  |  May 15, 2017

My colleagues in IT Security have had a busy weekend. Since its discovery on Friday afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over 10,000 organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new […]

Read more »

Thoughts from RSAC

by Jonathan Care  |  February 25, 2017

I may as well ‘fess up straight away. It was my first time at RSAC despite having attended many other events before. And I wasn’t quite prepared for an event that spanned not only three exhibition halls, but a number of the surrounding hotels as well! I was very interested to get a briefing from […]

Read more »

‘One Billion’ affected by the Yahoo hack

by Jonathan Care  |  December 15, 2016

As reported in the news, Yahoo have been not so much popped, as exploded. I think the key points here are: Passwords as an authentication technology are rapidly becoming obsolete. We’re seeing many more internet organisations using familiarity signals and behavioural biometrics to authenticate customers. The good-old-bad-old knowledge based authentication is flawed. For better or […]

Read more »

Mobile phone scams in the UK

by Jonathan Care  |  September 11, 2016

We’re all consumers. Normally I write about industry changes, but here’s something that affects all of us. I had a call this morning from a friend. I didn’t recognise the number that called my line at home (which I’d forgotten was anything other than a mechanism to pipe broadband into my house), so I looked […]

Read more »

What the CISO needs to know about Blockchain

by Jonathan Care  |  August 30, 2016

In response to some significant client demand, David Anthony Madhi and I have written a note giving our thoughts on the emerging blockchain technologies, and answer some of the questions we’ve seen posed by well-informed CISOs. To whet your appetite a little, here’s the summary: Blockchain has the potential to become a significant trust enabler […]

Read more »

UK: Two Thirds of big business has been breached this year

by Jonathan Care  |  May 8, 2016

The UK Government has sponsored a survey that reveals a significant fraction of businesses have been breached this year. The survey is released with a foreword by Ed Vaizey, the Digital Economy minister who says “The UK is a world-leading digital economy and this government has made cybersecurity a top priority. Too many firms are losing […]

Read more »

Microsoft release Tay onto the world and…

by Jonathan Care  |  March 24, 2016

Microsoft released Tay (a narrow scope A.I. with the interactional profile of a 14 year old teenager) yesterday, and today took it off-line in a flurry of press complaints that it “learned racism” from interaction with the denizens of Social Media. Frenzied press speculation has led to many calling this an indictment of Machine Learning. […]

Read more »

Arcane is the new normal in cyber security

by Jonathan Care  |  August 26, 2015

It’s the end of Gartner’s Security Summit here in Sydney, and it has been great to meet fellow analysts, Gartner clients, and event sponsors. One of the conference themes was the evolution of the CISO role from cyber security Defender to Facilitator, and how strategy must encompass not only controls to protect the enterprise and detect […]

Read more »

Best Practices in PCI DSS 3.1 are now required

by Jonathan Care  |  August 13, 2015

PCI DSS 3.1 became effective April 15, 2015, and impacted organizations were given some “Best Practices”, with a clear indicator that on July 1st, 2015 these would become required. So what has changed, and what (or whom) are impacted? This is dependent on which SAQ you are completing, so let’s take a look at these […]

Read more »