Cyber Security Blog

yt-1

There is a vast array of threat intelligence data out there and a variety of platforms that help businesses collect such insights. But is this data contextual, consumable, instructive and most importantly, actionable? 

In this blog, we discuss:

1. Attributes of quality Threat Intel
2. Some interesting facts about Mimecast Intelligence
3. Importance of Email Security 
4. The need of moving from perimeter to pervasive security

14 July 2020

Selecting the right type of cyber incident response training has never been this important.  No organisation today is exempt from being vulnerable to cyber-attacks, which makes having a cyber incident response plan and training staff correctly most imperative.  

18 June 2020

You can never be too prepared when it comes to cybersecurity and data privacy. For the health of your business, it is essential to continuously test your cyber incident response plans with effective cyber table-top workshops

15 June 2020

In any discussion on cyber incident response & resilience, it is imperative to deliberate upon the subject of threat actors. After all, if you can’t identify who could potentially harm your business, how will you anticipate the kind and scale of damage they can cause? 

27 May 2020

We reviewed SAMA, QCB & NESA Regulations on Business Continuity Planning, Testing & Cyber tabletop exercises and created an easy reference for you. We will be updating this blog regularly. If you are aware of updates and new regulations, email the author here.

24 May 2020

We have created an optimised cyber incident response plan template for you to download along with some guidance on how to fill it in and how to make it personal to your organisation. 

22 May 2020

To discuss cyber incident response with the CEO, you must be familiar with ISO 27001, NIST's CSF, PCI-DSS NCSC'S Cyber Assessment Framework and other regulations and standards that discuss cyber incident response and incident management. 

11 May 2020

Cyber incident response training is an important investment for today's business leaders. It's crucial that executive and management professionals throughout the organisation understand the scope of cyber threats and possess the necessary knowledge to respond quickly and effectively. 

9 May 2020

One often tends to get entangled in the word ‘tabletop’ when one thinks of conducting a cyber tabletop exercise for their organisation. It is natural to think of this exercise as one that can only be done physically in a closed room. However, contrary to that popular belief, it is often much more effective to conduct a remote cyber tabletop exercise. Read on to know why! 

8 May 2020

We are often asked about the benefits of internal cyber incident response training over our public or online training. This blog talks of the advantages of running an internal workshop that is tailored to your specific business, size & domain.   

7 May 2020

In this blog, I share why our clients who do ISO 27001 audits are including cyber tabletop exercises audits in their audit schedules. 

6 May 2020

To ensure some sense of order when you are attacked, start by following the cyber incident response checklist.

5 May 2020

If you’re one of those smart business executives who knows how important running a cyber tabletop exercise for their organisation is, you’ve won half the battle! The other half in your company’s ongoing war with cyber-crime is about running the cyber tabletop exercise correctly so that it’s actually effective!

2 May 2020

Your organisation may have a cyber incident response plan that it can fall back upon in case of a crisis, but you need to ensure its fit-for-purpose. We show you how to achieve that. 

1 May 2020

Most online cybersecurity training programmes appear to skip over the important topic of Cyber Kill Chain.

30 April 2020

Cyber tabletop exercises must be on your radar in 2020 and there’s no two ways about it. Find out what makes a normal cyber response test a really good and effective cyber tabletop exercise.  

21 April 2020

How to make the cybersecurity checklist PDF work for your organisation?

8 April 2020

With little time for cybersecurity training, how can businesses ensure their employees work securely from home?

1 April 2020

Cyber Tabletop Exercises help you test and evaluate the efficacy of your well-laid plans in a real-world situation.

You have to ask yourself, when your organisation is under a cyber-attack will your untested response plan actually work?  The only way to find out is to assess your plan with a successful  Cyber Tabletop Exercise. Note the emphasis on the word successful?

27 March 2020

The expectation - that security behaviours will change if your employees know what they need to do and if they know their firm’s security policies - is flawed. Knowledge is just a part of behaviour change; the real challenge that many organisations face is to work to ensure their people care, are motivated and have the ability and the confidence to act in the right way at the right time.

In this blog we cover: 

 

17 March 2020

With the increasing frequency of Travelex-like, business-impacting crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis.

In this blog we cover:

6 March 2020

Many organisations and security teams find it easy to blame the human factor in the security value chain. It’s become quite acceptable to say that humans are the weakest line of defence when it comes to organisational threats. But is this fair? Are human employees being given the kind of training they deserve in an ever-evolving and increasingly complex digital ecosystem?

23 January 2020

33.5% of Indian firms were hit by a cyber-attack in 2018. Not only is this figure alarmingly high, it also makes India the third most-attacked country as per a survey conducted by Tech Asia Research for Sophos, the renowned British security software and hardware firm.

14 January 2020

The world of modern cybersecurity has unfortunately been made more complicated than it really needs to be. Every day, we hear about new solutions that are based on the most modern and unpronounceable technologies that promise to protect organisations like nothing else can.

5 December 2019

We live in a world that’s hard to imagine without, email. As great, quick and useful as email is, it remains , one of the easiest attack vectors that cyber criminals use to target your business,

3 December 2019

A breach is an inevitability and this blog is not about slamming Capital One.  Instead, we try to provide some tangible guidance. Our network of practitioners Krisztian Kenderesi, Lorraine 

4 August 2019


Please only read this blog if you are concerned about privacy, confidentiality and security of your data stored in the Cloud. 

24 January 2019

The large array of solutions that promise to mitigate cyber threats can often confuse even the most astute buyers. Buzzwords like next-generation, Machine Learning and Artificial Intelligence tend to take the focus away from the fundamentals.  

31 July 2018

Today and beyond, the only certainties are death, taxes and cyber-attacks.  The challenge, today and forever ahead, is clear.  Wait! One more certainty? Regulations. 

How do you build and maintain a cyber-resilient, regulation-ready (think GDPR) business?

A key area of focus must be threat intelligence. Let's cut to the chase:

  1. If it's not already up there, threat intel (TI) should be put on your must-have-cybersecurity-product list. 
  2. Investing in the wrong threat intelligence feed can be costly and even counter-productive.  
  3. The right kind of threat intel can significantly improve your cybersecurity posture.

I spoke to Tushar Vartak, a leading Middle Eastern bank's CISO on how he sources threat intelligence feeds and how he uses threat intel to stay a step ahead of cyber criminals.  It's available here.

Threat intelligence is not well-understood and unsurprisingly, the market takes advantage and flogs painted paper as gold wafers. In this blog, I unravel some mysteries of TI and cover the below key topics. 

Who should read this?

  • Management such as CIO, CISO, CRO, IT Directors and anyone in charge of reducing an organisation's cyber risk. 
  • If you are a CISSP, studying for the CISSP, CISM, CISA or if you are an IT or security engineer. 
  • Auditors and folks in the governance, risk and compliance domains will find this information insightful.
24 July 2018

Threat Intelligence is a widely used term now. If you are a cybersecurity professional, you must be familiar with the term even if you don't fully understand the nuances. Threat intelligence plays a crucial role in today's cybersecurity defence apparatus and must be correctly understood by professionals working in the various domains of cybersecurity, especially those in security operations centres, dealing with SIEM like tools or those that work with incident response teams.

4 July 2018

Rig Exploit Kit has been the most active and successful exploit kit so far. According to Cisco Talos researchers, RIG is unique if compared to other exploit kits as it merges different web technologies such as VB Script, Flash, and DoSWF to obfuscate the attack. It has been used to install banking Trojans, ransomware. However, since April 2017 there has been a significant downfall in its activity till it has made a shift into crypto-mining by the distribution of less known coin miners.

26 June 2018

Cyber Management Alliances preferred IT security solutions and consultancy provider, Advanced Cyber Solutions, have been awarded the Ipswitch Partner of the Year for Northern Europe, in recognition of their unrivalled service in the region.

12 May 2018

IT solutions provider Systematic have chosen Ipswitch MOVEit Transfer as their MFT (Managed File Transfer) solution, describing the offering as "ticking all the boxes" after evaluating other competing solutions.

10 May 2018

Has there ever been a more confusing data security standard than the PCI-DSS? Even now, thirteen years on from its initial release, a clear understanding of what you need to achieve to be compliant may still be a challenge.

1 May 2018

FIM or File Integrity Monitoring, is without a doubt a highly important layer of defence in any network worth protecting. Required by data security standards such as PCI-DSS and recommended by auditors and security practitioners globally. FIM monitors critical system files, operating system components and even network devices for unauthorised changes.

30 April 2018

Cyber criminals are always trying to find different ways to hack devices to make money.

Now they have another way.  Called ‘jackpotting’, hacks attacks ATM machines; but to do this, physical access to the dispensing device is needed in order to empty it of all its cash.

27 April 2018

Another day,  another data breach. This time with MyFitnessPal, a nutrition tracking app that was acquired for US$475million by Under Armour Inc. 

Facts (may change) As result of a cybersecurity breach,  close to 150 million accounts (yes, it's a massive data breach) have been compromised. Attribution of the malicious actors behind this incident is unknown.

At best, Under Armour has been sloppy and lazy in responding to this breach.  I talk about the following in my opinion piece. 

31 March 2018

Is the board listening? We all know that GDPR will be enforced from 25th May 2018, but is your board aware of their new privacy obligations? While there is substantial GDPR coverage in the technical press, has the message got through to senior management?  Are their preparations adequate?

28 February 2018

Free Cyber Incident Response Plan Template

Optimised Document Structure, Easy to understand guidance on Cyber Incident Planning & Response and a ZERO-FLUFF approach makes this cyber response plan template immediately useful.

Simply fill in your details in the form below to receive your copy and more free mind maps and checklists.