Hyperbole – Cyber incident response
Read More: Hyperbole – Cyber incident responseHyperbole (love the word!) ….. I would be disappointed if my business leaders thought that my security team could not respond to a cyber incident. The linked article describes that business leaders do not feel their organisation could respond to a cyber incident. So what is the problem? The article is not an accurate impression?…
Controls vs. Control functions
Cyber security planning
Read More: Controls vs. Control functionsGetting your terminology right is extremely important and I for one have made this error before. Control – Anything directly or indirectly used that affects the frequency or magnitude of a loss. Control Function – How a control directly or indirectly affects the frequency or magnitude of a loss.
Cyber security planning
AV NGAV EDR XDR MDR AMDR
Read More: AV NGAV EDR XDR MDR AMDRThe cyber security landscape has seen huge expansion and growth in the past 5 years and End Point Detection and Response (EDR) has been one of the biggest areas of expansion. https://www.morphisec.com/hubfs/2020%20State%20of%20Endpoint%20Security%20Final.pdf According to Ponemon Institute, 68% of organisations suffered one or more endpoint attacks that successfully compromised data or IT Infrastructure. In 2018 Gartner…
Sinclair Broadcasting Breach
Read More: Sinclair Broadcasting BreachStory: Another ‘murican Fortune 500 company breached and affected by a Ransomware attack. With Broadcasters, retailers (online and store), NBN service providers, BNPL, Transport, Tourism (lol), some utilities etc etc….. there is an immediate cost to your business profits from an outage, customers are not patient and will go elsewhere immediately and buy their product…
Data is difficult!
Read More: Data is difficult!Know your Data? (link below)….. Data is difficult, Categorising and securing Data is difficult, I personally rate this as a 4 or 5 out of 5 stars in my Cyber Security complexity Framework. Meaning that it is my opinion that this is not the place that most organisations looking to reduce their Cyber Risk should…
6502 – coming back to life?
Read More: 6502 – coming back to life?For those who know what the above is then kudos to you 😀 I grew up using an Atari 130XE with a 1.7 MHZ 6502C and as my first computer I loved it and the freedom it created for me to program and to play games! The 6502 is coming back to life in a…
Marketectures are not what the Client Needs
Read More: Marketectures are not what the Client NeedsThe recent security reference architecture document recently released by Microsoft is a glaring indictment of where the Cyber Security industry is in 2021. A Sprawling cityscape of Vendors Spruking their “Better Mouse Traps” (Thanks Bryan). Organisations have massive spaghetti junctions of interconnecting applications, services, users and platforms. Familiar with the below? this was my life…
Welcome to mass Travel disruption!
Read More: Welcome to mass Travel disruption!The shape of things to come for Australians? ….. I am the worst at actually printing out a “Hard copy” of any ticketing or required material, I like to rely on Technology and use the apps on my phone…. It is guaranteed …… without a doubt that our “Vaccination Certificate” Covid Government app back-end infrastructure…
Work from home? hacking is cheap to start out in
Read More: Work from home? hacking is cheap to start out inComing back to what I have discussed before, it is really cheap to get started as a “Wannabe” haxxor…… just search Reddit for red teaming and join the groups for public “Proof of Concept” hacks for each new vulnerability as it is announced (seriously!) ……. There are two solutions to this, either may be suitable:…
Find a Vulnerability in Software, Get sued by Vendor
Read More: Find a Vulnerability in Software, Get sued by VendorBad form or what? Find a Vulnerability, notify the vendor, get sued! IMHO, many vulnerabilities are not published already, and this only makes it worse….. sell the vulnerability on the Dark Web = profit. Let the Vendor know about it ….. get punished? Reason #233 for having a Cyber Security plan in place to protect…