Kaseya and REvil: two sides of the supply-chain risk story

Posted by:

The ransomware problem has escalated at a steady pace over the last few years, with that upward slope punctuated by a few larger spikes as major incidents hit the headlines.

July’s Kaseya incident looks likely to be one of the biggest of those spikes, with at least 1000 and, by some reports, as many as 2000 small and medium businesses and organizations impacted. The subsequent disappearance of the perpetrators, the REvil ransomware-as-a-service group, from their various online locations is likely only ...

Read More →
0

IoT device makers wanting to better security standards

Posted by:

The Internet of Things is moving ever closer to an Internet of Everything, with more devices and dinguses connected to, and controlled via, our worldwide network of networks. 

The last decade or so has seen an explosion of new ways to monitor, track and operate a growing range of tools and appliances, but as this marketplace bloomed, security issues were all too often an afterthought. 

Companies with long expertise in building everything from lightbulbs and fridges ...

Read More →
0

Hafnium and SolarWinds shake up attitudes to supply chain risk management

Posted by:

Who do you trust?

That’s the big question facing companies around the world in recent months. In the wake of a wave of epic vulnerabilities, and equally massive compromises, affecting businesses and government institutions across the US and pretty much everywhere else, the reliability of our suppliers and providers has come into sharp focus.

Everyone wants to avoid the all-too-common inefficiency of “reinventing the wheel”, building things in-house rather than buying them in. Even the ...

Read More →
0

Takeaways from the British Mensa Security Drama

Posted by:

Sometimes, you hear of security issues that baffle the mind. Worse they could have been easily avoided, and also handled much better in the security incident aftermath.

February saw a security issue that fits nicely into this camp, and it continues to rage on this week. Ironically, it involves one of the branches of an international organization most of us would consider full of smarts: Mensa. 

The British branch of Mensa, the society for people in the UK with high ...

Read More →
0

Remember Online Scams Target Businesses Too

Posted by:

It’s online scam a go-go out there. It seems that no one is safe. Not the widower looking for love; not the person looking for information on covid, not the home user who accidentally visits an infected site, not the worker bee who clicks on a dodgy email link. 

Today’s focus seems to be personal scams – those targeting the individual – but that doesn’t mean that the bad guys have taken their eye off the corporate ...

Read More →
0

Information Security Policies: Knowing Who and How to Trust

Posted by:

After reading my previous post, you may think that greedy/evil/incompetent co-workers are a few steps away from causing data-breach related havoc. And that feeling in the pit of your stomach is the realisation that it might be your own actions (or indeed lack thereof) may have played a part.

When it comes to insider threat, we have to acknowledge that we all sit somewhere along the spectrum. Not only that, but the more senior we are and ...

Read More →
0

Making Vendor Risk Management Part of Your Security Strategy

Posted by:

When we think of Vendor Risk Management (VRM), there’s usually a policy or a procedure, possibly even a process to follow – and for good reason. The consistent approach that effective VRM gives you should lead to lower financial and strategic risks, increased admin efficiencies, reduced costs and quicker onboarding of suppliers.

A painful lessons this year has taught businesses is that they are only as resilient as the vendors they rely on. A promise is only ...

Read More →
0

How the pandemic changed everything and nothing

Posted by:

This is a quick look back over the last six months or so: what’s changed in the world of work and cybersecurity and how businesses have responded. I wasn’t sure how to title this post. I don’t think words like ‘review’, ‘lessons learned’ or ‘takeaways’ really do the scale of the situation, but ‘What the …. just happened?’ seems a bit strong.

That being said, from my research and conversations with people in the companies that have ...

Read More →
0

NIST Privacy Framework – Your Foundation for Future Privacy Compliance

Posted by:

In preparing to write an article about the NIST Privacy Framework I asked some friends who work in infosec and data protection for their thoughts. With few exceptions the conversation went:

“Oh, you mean the NIST CyberSecurity Framework.”

“No, the Privacy Framework”, I’d reply.

“I’m pretty sure it’s Cybersecurity.”

“I’ll send you a link.”

It’s not surprising that it’s gone under the ...

Read More →
0

Are You in the Dark About Visibility?

Posted by:

 

You can’t have good posture without good visibility. This is not a phrase I’ve picked up during those hours of internet yoga classes during lockdown; try saying that in a real life yoga class and you’ll get some very funny looks indeed. But it does describe the core of an effective cybersecurity strategy.

Your ‘Security Posture’ is a combination of factors:

  •       Your awareness of current and changing cybersecurity threats.
  • Read More →
    0
Page 1 of 7 12345...»
})
SEC Cybersecurity Exams