Gartner Blog Network

Jonathan Care
Research Director
1 years at Gartner
22 years IT Industry

Jonathan Care expertise includes payment systems, cybersecurity, fraud detection and prevention applications, authentication, identity proofing, identity theft, and insider threats. He also covers the PCI compliance program, tokenization and the security aspects of payment systems. Read Full Bio

The M&M theory of PCI DSS

by Jonathan Care  |  October 10, 2018

There’s a great story about Van Halen. In their contract rider they insisted that they get a bowl of M&M candy with all of the brown ones removed before the show. It turns out this was a sharp move by the band to make sure that the contract was read and adhered to. If the […]

Read more »

Cyber-attacks to the left, ransomware to the right – we need to spend money on what?

by Jonathan Care  |  June 27, 2017

With the news that a new outbreak of malware is sweeping the globe, it turns out that many organisations are not prepared for the determined and resourced attackers that we have been warning about for some time. “Tuesday’s attacks used a different form of ransomware similar to a virus known as Petrwrap or Petya, according […]

Read more »

After WannaCry, what next?

by Jonathan Care  |  June 12, 2017

WannaCry (using the purloined exploit kit ETERNALBLUE) was paused, for now.  Heroic efforts from security practitioners around the world (and a congratulations to @malwaretech for finding the “kill switch” domain!) So, what’s next? In a word, Linux.

Read more »

After WannaCry 1.0 comes the WannaScammer

by Jonathan Care  |  May 18, 2017

I’ve received reports about scams like the one featured in this blog post. The scammers have cleverly reproduced the domain and email address, making it look like the email legitimately originates from BT. The result is a well crafted alert that could easily dupe a concerned business leader trying to understand the status of sensitive […]

Read more »

3 things to do immediately in the wake of WannaCry

by Jonathan Care  |  May 15, 2017

My colleagues in IT Security have had a busy weekend. Since its discovery on Friday afternoon, the WannaCry ransomware attack has continued to spread this weekend, impacting over 10,000 organizations and 200,000 individuals in over 150 countries, according to European authorities. However, while measures have been taken to slow the spread of the malware, new […]

Read more »

Thoughts from RSAC

by Jonathan Care  |  February 25, 2017

I may as well ‘fess up straight away. It was my first time at RSAC despite having attended many other events before. And I wasn’t quite prepared for an event that spanned not only three exhibition halls, but a number of the surrounding hotels as well! I was very interested to get a briefing from […]

Read more »

‘One Billion’ affected by the Yahoo hack

by Jonathan Care  |  December 15, 2016

As reported in the news, Yahoo have been not so much popped, as exploded. I think the key points here are: Passwords as an authentication technology are rapidly becoming obsolete. We’re seeing many more internet organisations using familiarity signals and behavioural biometrics to authenticate customers. The good-old-bad-old knowledge based authentication is flawed. For better or […]

Read more »

Mobile phone scams in the UK

by Jonathan Care  |  September 11, 2016

We’re all consumers. Normally I write about industry changes, but here’s something that affects all of us. I had a call this morning from a friend. I didn’t recognise the number that called my line at home (which I’d forgotten was anything other than a mechanism to pipe broadband into my house), so I looked […]

Read more »

What the CISO needs to know about Blockchain

by Jonathan Care  |  August 30, 2016

In response to some significant client demand, David Anthony Madhi and I have written a note giving our thoughts on the emerging blockchain technologies, and answer some of the questions we’ve seen posed by well-informed CISOs. To whet your appetite a little, here’s the summary: Blockchain has the potential to become a significant trust enabler […]

Read more »

UK: Two Thirds of big business has been breached this year

by Jonathan Care  |  May 8, 2016

The UK Government has sponsored a survey that reveals a significant fraction of businesses have been breached this year. The survey is released with a foreword by Ed Vaizey, the Digital Economy minister who says “The UK is a world-leading digital economy and this government has made cybersecurity a top priority. Too many firms are losing […]

Read more »