Security teams are always busy deploying and implementing security controls to try and prevent or detect cyber-attacks. Those controls, as well as the security configurations with the operating systems and networks they are responsible for protecting, introduce an ongoing management and operational load.Read More
Few organisations have the resilience to suffer a cyberattack as large as the one the Australian National University (ANU) notified last week. Data breaches of this magnitude certainly take their toll, and in this case the ANU will be feeling the pain for some time to come. But what happened and how can organisations better prepare themselves for this kind of attack?Read More
There are plenty of stories about cyber crime affecting companies and individuals in the security industry and mainstream media – companies having data stolen, personal data being used for fraud, phishing scams, identity theft/fraud and ransomware being used to extort money.
The question is how can you and your business learn from these past cases and reduce your own exposure to the same sorts of attacks?Read More
The Australian Cyber Security Centre (ACSC) maintains a guideline called ‘The Essential Eight: Strategies to Mitigate Cyber Security Incidents’. Government departments’ cyber resilience is measured against these controls. Research shows that successful implementation of the Essential Eight fends off 85% of targeted cyber-attacks, so it’s a very sound security strategy to follow.
Let’s explore the ACSC’s Cyber Maturity Model for Essential Eight compliance to understand how it works, what to look out for and why you should apply it within your organisation.Read More
Critical infrastructure (CI) systems are prime targets for cyber-attack from overseas adversaries as the mass disruption from a successful attack could seriously cripple a country’s economy and national security. How prepared is your critical infrastructure to defend against international hackers and what can you do to build effective security controls?Read More
Whether an attacker is breaking into your organisation or a malicious insider is trying to exfiltrate data using legitimate access, there is little argument that both attacks require a level of system identity to act on the target. Modern enterprise ICT systems leverage a variety of technologies to attest to the identity of users, but understanding the when and how is equally important.Read More
Privileged user accounts, such as those used by administrators, application developers and even the security team themselves are prime targets for attackers. Typically, once an attacker has the credentials for a privileged account, they are free to move around the business as they please. For this reason, constructing a secure privileged account management capability is a critical building block in your enterprise security architecture.Read More
The adoption of cloud services is core to the Australian Government’s digital transformation strategy. Cloud services yield faster service delivery for agencies and ensure organisations only pay for what they consume. Yet, this shift to cloud introduces a degree of risk and uncertainty that needs addressing, so let’s look at this risk in terms of merging the Government’s foremost cyber security advice with the Digital Transformation Agency’s cloud-first strategy. Read more to understand how the ASD’s Essential Eight supports the Australian Government’s move to Cloud.Read More
The changes to the Australian Privacy Act (22 Feb 2018) requires businesses report eligible data breaches. Consequently, executives are asking how they can determine their preparedness and ensure they reduce the risk of potential fines. The Australian Signals Directorate’s (ASD) Essential Eight has received considerable airtime, and for good reason, as it provides a no-nonsense approach for organisations to improve their security posture by focusing on eight cyber security controls.Read More
The Australian Signals Directorate (ASD) recommends the use of multi-factor authentication (MFA) within their general security control guidance known as the Essential Eight. They claim, “it is one of the most effective cyber security controls an organisation can implement,” yet, not all implementations of MFA are equally effective, so choosing which one is right for your organisation is essential. Furthermore, adversaries know about inherent weaknesses and have begun targeting organisations that use particularly weak implementations. This blog looks at some of the issues and pitfalls with modern MFA solutions and offers some guidance that supports ASD’s claim that it’s one control not to overlook.Read More