Security Controls & Resilience

Cyber crime victims: What do they have in common?

There are plenty of stories about cyber crime affecting companies and individuals in the security industry and mainstream media – companies having data stolen, personal data being used for fraud, phishing scams, identity theft/fraud and ransomware being used to extort money.

The question is how can you and your business learn from these past cases and reduce your own exposure to the same sorts of attacks?

Read More

Improve your Cyber Maturity with Eight Essential Controls

The Australian Cyber Security Centre (ACSC) maintains a guideline called ‘The Essential Eight: Strategies to Mitigate Cyber Security Incidents’.  Government departments’ cyber resilience is measured against these controls.   Research shows that successful implementation of the Essential Eight fends off 85% of targeted cyber-attacks, so it’s a very sound security strategy to follow.

Let’s explore the ACSC’s Cyber Maturity Model[1] for Essential Eight compliance to understand how it works, what to look out for and why you should apply it within your organisation.

Read More

Identity Management: The Key to SOC Success or Failure

Whether an attacker is breaking into your organisation or a malicious insider is trying to exfiltrate data using legitimate access, there is little argument that both attacks require a level of system identity to act on the target. Modern enterprise ICT systems leverage a variety of technologies to attest to the identity of users, but understanding the when and how is equally important.

Read More

Privileged Account Management: Essential Cyber Security Measures

Privileged user accounts, such as those used by administrators, application developers and even the security team themselves are prime targets for attackers. Typically, once an attacker has the credentials for a privileged account, they are free to move around the business as they please.  For this reason, constructing a secure privileged account management capability is a critical building block in your enterprise security architecture.

Read More

Digital Transformation: The Cyber Security Catalyst

The adoption of cloud services is core to the Australian Government’s digital transformation strategy. Cloud services yield faster service delivery for agencies and ensure organisations only pay for what they consume. Yet, this shift to cloud introduces a degree of risk and uncertainty that needs addressing, so let’s look at this risk in terms of merging the Government’s foremost cyber security advice with the Digital Transformation Agency’s cloud-first strategy.  Read more to understand how the ASD’s Essential Eight supports the Australian Government’s move to Cloud.

Read More

How Mature Are Your Cyber Security Controls?

The imminent changes to the Australian Privacy Act (22 Feb 2018) requires businesses report eligible data breaches.  Consequently, executives are asking how they can determine their preparedness and ensure they reduce the risk of potential fines. The Australian Signals Directorate’s (ASD) Essential Eight has received considerable airtime, and for good reason, as it provides a no-nonsense approach for organisations to improve their security posture by focusing on eight cyber security controls.

Read More

Inequity in Multi-Factor Authentication – choosing the right implementation for your organisation

The Australian Signals Directorate (ASD) recommends the use of multi-factor authentication (MFA) within their general security control guidance known as the Essential Eight. They claim, “it is one of the most effective cyber security controls an organisation can implement,” yet, not all implementations of MFA are equally effective, so choosing which one is right for your organisation is essential. Furthermore, adversaries know about inherent weaknesses and have begun targeting organisations that use particularly weak implementations. This blog looks at some of the issues and pitfalls with modern MFA solutions and offers some guidance that supports ASD’s claim that it’s one control not to overlook.

Read More

ASD Essential Eight – Application Patching, an essential security process

Organisations struggling with cyber security and where to start can seek general guidance from the Australian Signals Directorate (ASD): specifically, a prioritised list of security controls known as the ASD Essential Eight. ASD claims that when implemented effectively, the Essential Eight mitigates 85% of targeted cyber-attacks. Application Patching sits within the preventative category of controls, yet organisations still struggle to implement a comprehensive patching regime.

Read More
1 2