With little time for cybersecurity training, how can businesses ensure their employees work securely from home?
David Cass, Vice President for Cyber and IT Risk at Federal Reserve Bank of New York, recently spoke with Amar Singh, Founder and CEO of Cyber Management Alliance.
Download the Remote Working Cybersecurity Checklist.
The two cybersecurity experts talked about their opinions and insights about remote working and the key aspects that organisations and staff members should focus on while working from home – a phenomenon that has taken on global proportions in the light of the COVID-19 situation.
David Cass, Vice President for Cyber and IT Risk at Federal Reserve Bank of New York
Tabletop Exercises help you test and evaluate the efficacy of your well-laid plans in a real-world situation.
You have to ask yourself, when your organisation is under a cyber-attack will your untested response plan actually work? The only way to find out is to assess your plan with a successful Tabletop Exercise. Note the emphasis on the word successful?
The expectation - that security behaviours will change if your employees know what they need to do and if they know their firm’s security policies - is flawed. Knowledge is just a part of behaviour change; the real challenge that many organisations face is to work to ensure their people care, are motivated and have the ability and the confidence to act in the right way at the right time.
In this blog we cover:
- Hygiene factors to consider for effective cyber awareness training
- Case study of a UK Government organisation with 80,000+ staff & how it transformed its security awareness journey
- Learning points for anyone trying to bring about organisational behaviour change
- Merits and demerits of gamification
With the increasing frequency of Travelex-like, business-impacting crises, top executives of organisations are taking notice and rushing to ensure that they have cyber incident response plans to deploy when hit by a cyber crisis.
In this blog we cover:
Many organisations and security teams find it easy to blame the human factor in the security value chain. It’s become quite acceptable to say that humans are the weakest line of defence when it comes to organisational threats. But is this fair? Are human employees being given the kind of training they deserve in an ever-evolving and increasingly complex digital ecosystem?
33.5% of Indian firms were hit by a cyber-attack in 2018. Not only is this figure alarmingly high, it also makes India the third most-attacked country as per a survey conducted by Tech Asia Research for Sophos, the renowned British security software and hardware firm.
The world of modern cybersecurity has unfortunately been made more complicated than it really needs to be. Every day, we hear about new solutions that are based on the most modern and unpronounceable technologies that promise to protect organisations like nothing else can.
We live in a world that’s hard to imagine without, email. As great, quick and useful as email is, it remains , one of the easiest attack vectors that cyber criminals use to target your business,
A breach is an inevitability and this blog is not about slamming Capital One. Instead, we try to provide some tangible guidance. Our network of practitioners Krisztian Kenderesi, Lorraine
Please only read this blog if you are concerned about privacy, confidentiality and security of your data stored in the Cloud.
The large array of solutions that promise to mitigate cyber threats can often confuse even the most astute buyers. Buzzwords like next-generation, Machine Learning and Artificial Intelligence tend to take the focus away from the fundamentals.
Today and beyond, the only certainties are death, taxes and cyber-attacks. The challenge, today and forever ahead, is clear. Wait! One more certainty? Regulations.
How do you build and maintain a cyber-resilient, regulation-ready (think GDPR) business?
A key area of focus must be threat intelligence. Let's cut to the chase:
- If it's not already up there, threat intel (TI) should be put on your must-have-cybersecurity-product list.
- Investing in the wrong threat intelligence feed can be costly and even counter-productive.
- The right kind of threat intel can significantly improve your cybersecurity posture.
I spoke to Tushar Vartak, a leading Middle Eastern bank's CISO on how he sources threat intelligence feeds and how he uses threat intel to stay a step ahead of cyber criminals. It's available here.
Threat intelligence is not well-understood and unsurprisingly, the market takes advantage and flogs painted paper as gold wafers. In this blog, I unravel some mysteries of TI and cover the below key topics.
- Explain threat intelligence to anyone!
- The basics of threat intel
- The Threat Intelligence Value Pyramid
- Applying Threat Intelligence
- Sourcing and key considerations
- Key Takeaways
- Useful links & more information
Who should read this?
- Management such as CIO, CISO, CRO, IT Directors and anyone in charge of reducing an organisation's cyber risk.
- If you are a CISSP, studying for the CISSP, CISM, CISA or if you are an IT or security engineer.
- Auditors and folks in the governance, risk and compliance domains will find this information insightful.
Threat Intelligence is a widely used term now. If you are a cybersecurity professional, you must be familiar with the term even if you don't fully understand the nuances. Threat intelligence plays a crucial role in today's cybersecurity defence apparatus and must be correctly understood by professionals working in the various domains of cybersecurity, especially those in security operations centres, dealing with SIEM like tools or those that work with incident response teams.
Rig Exploit Kit has been the most active and successful exploit kit so far. According to Cisco Talos researchers, RIG is unique if compared to other exploit kits as it merges different web technologies such as VB Script, Flash, and DoSWF to obfuscate the attack. It has been used to install banking Trojans, ransomware. However, since April 2017 there has been a significant downfall in its activity till it has made a shift into crypto-mining by the distribution of less known coin miners.
