Statistics, Lies and Automobiles
Read More: Statistics, Lies and AutomobilesI have a new goal for 2022 and beyond, no more stats! I promise to stop using statistics, statistics are the cyber security industries fear mongering tactic, you must do something about x because 78% of your industry peers are worried about the risk of x; this is most often not relevant, disingenuous and “over…
It all adds up!
Read More: It all adds up!I had no idea at all! over 100 notifiable and probable “State Based” significant hacks to October 2021 – either against government orgs or with a value of more than $1 million. Four of those were against Australian government orgs and one against a New Zealand Government org. One of our business partner orgs who…
Board level: concepts and explanations
Read More: Board level: concepts and explanationsHave you ever “lost” you audience when presenting a solution to your board of directors? no matter how hard you try to explain why your company needs this cyber security widget or process, they do not understand “your” urgency nor accept what you are explaining? Try this at home when you are passionate about a…
Zero Trust vendor architecture: Ethical, or not ethical?
Read More: Zero Trust vendor architecture: Ethical, or not ethical?A vulnerability is disclosed in Palo Alto VPN hardware/software, the company who discovered this: Randori may not have disclosed this to the vendor in a timely fashion. The premise that is suggested for this, is that as Randori are a Red Teaming company they used this Vulnerability to infiltrate their clients who used Palo Alto…
The problem is NOT Cyber security!
Read More: The problem is NOT Cyber security!The “Compliance with the NSW Cyber Security Policy” special report released on the 28th October 2021 should be a serious concern to every NSW resident who has their Personally Identifiable Information being “securely” held by a government agency. Vic, NSW, QLD, SA, NT and TAS could very likely be transposed with NSW and these findings…
Sinclair Broadcasting Breach
Read More: Sinclair Broadcasting BreachStory: Another ‘murican Fortune 500 company breached and affected by a Ransomware attack. With Broadcasters, retailers (online and store), NBN service providers, BNPL, Transport, Tourism (lol), some utilities etc etc….. there is an immediate cost to your business profits from an outage, customers are not patient and will go elsewhere immediately and buy their product…
Data is difficult!
Read More: Data is difficult!Know your Data? (link below)….. Data is difficult, Categorising and securing Data is difficult, I personally rate this as a 4 or 5 out of 5 stars in my Cyber Security complexity Framework. Meaning that it is my opinion that this is not the place that most organisations looking to reduce their Cyber Risk should…
Marketectures are not what the Client Needs
Read More: Marketectures are not what the Client NeedsThe recent security reference architecture document recently released by Microsoft is a glaring indictment of where the Cyber Security industry is in 2021. A Sprawling cityscape of Vendors Spruking their “Better Mouse Traps” (Thanks Bryan). Organisations have massive spaghetti junctions of interconnecting applications, services, users and platforms. Familiar with the below? this was my life…
Work from home? hacking is cheap to start out in
Read More: Work from home? hacking is cheap to start out inComing back to what I have discussed before, it is really cheap to get started as a “Wannabe” haxxor…… just search Reddit for red teaming and join the groups for public “Proof of Concept” hacks for each new vulnerability as it is announced (seriously!) ……. There are two solutions to this, either may be suitable:…
Find a Vulnerability in Software, Get sued by Vendor
Read More: Find a Vulnerability in Software, Get sued by VendorBad form or what? Find a Vulnerability, notify the vendor, get sued! IMHO, many vulnerabilities are not published already, and this only makes it worse….. sell the vulnerability on the Dark Web = profit. Let the Vendor know about it ….. get punished? Reason #233 for having a Cyber Security plan in place to protect…