Justifiably you have the questions poking around in your head about why you should limit physical access to data? The answer is quite simple::: first of all let’s start with a definition of what I actually try to express with this statement. Physical access refers to any one of your employees being able to plug … Continue reading Physical access to data is restricted?
Category: global risks
Police Proof local storage/raid proof
If you years ago I was contacted by an internationally operating law firm. They had very special requirements as to their data protection. I never did ask about the emphasis they had towards their clients security. We did get to work though, and created a solution that was highly individualized, and fulfilled pretty much all … Continue reading Police Proof local storage/raid proof
Your servers and critical infrastructure elements should be in an unmarked, locked room with access control and access log as well as CCTV
It regularly makes you wonder how many organizations have their servers and other critical infrastructure in rooms marked clearly as the server and communication room.
Why you need on-location and co-location backups and why they should be encrypted
I hope I will be stating the obvious in this post; but I have seen so many things going wrong that I will risk repeating myself! On location back ups are totally cool! They are directly connected to your ethernet, have blazing accessibility rate, superb file transfer speeds, and a variety of other bills and … Continue reading Why you need on-location and co-location backups and why they should be encrypted
New encryption law: Australia first Orwellian state?
The full impact of Australia's new law to crack down on encryption is still unknown. From what can be read currently, and currently available information the very broad and vague law is introduced to request the assistance of technology companies storing data in the country to make it available for law-enforcement. And the vagueness … Continue reading New encryption law: Australia first Orwellian state?
Protecting your organisation from CEO fraud
One of the most costly cyber threats/risks is CEO fraud.
Project: Advanced Cybersecurity Risk Assessment Checklist
What is the "Advanced Cybersecurity Risk Assessment Checklist" (ACRAC)?ACRAC allows any organisation to assess a status quo of their cybersecurity. It's a thorough, and constantly updated checklist to reduce common cyber threats organisations are confronted with. Its goal is to raise awareness for vulnerabilities, thereby neutralising a majority of threat vectors an organisation sees itself … Continue reading Project: Advanced Cybersecurity Risk Assessment Checklist
What’s the difference between risk, vulnerability, and threat in cyber security?
Differentiating the terms risk, vulnerability, and threat is quite difficult in a cyber security setting. This post intends to give a clear outline.
Removable media control, Endpoint security and The Problem of transportability of data
Removable media still presents one of the greatest threats; this post outlines one solution of how to deal with it properly.
Cyber insurance versus insurance companies
Cyber insurance is becoming every increasingly important product for most organizations. Finding an insurance policy, and an underwriter to understand the risk is very difficult.
Finding your next employer on the dark web?
With a potential bandwidth of the deep web increasing, it turns more and more into a profitable marketplace. Most recently, employers have sprung up, looking for qualified personnel. Work without the pension scheme’s, 9 to 5, and other inhibiting factors.
About John Cryan and the nonsense of the cashless society
Cache currency is a blessing for law-enforcement because it allows them to trace back the origins to a crime. When criminals are forced to resort to crypto currency, the game changes.
Mitigating sophisticated phishing attacks
The next generation of phishing attacks is there. Brace yourselves, and mitigate!
The case of the spying paper shredder
Cybercrime comes in many forms industrial espionage is one of them. Today, we are not even safe from paper shredders in the offices anymore.
The most complex case of CEO Fraud… yet; and how to mitigate it.
CEO fraud is one of the most devious forms of cybercrime, and social engineering. The most complex form was experienced, and the risk for future attacks was mitigated.
Why it’s a good idea to isolate EOL applications/software with insufficient patches, and how to do it
Software that it’s not regularly updated presents at risk. However, sometimes it is out of our influence whether or not a software remains up to date. If the software vendor does not provide updates and patches in time, and option to deal with such situations is to isolate software in virtual machines etc.
Why you don’t want your RJ 45 sockets available in the wild
This post is about the security risks of having exposed RJ 45 sockets and your organization.
European Parliament: Special Committee on Terrorism > Brief by Lars Hilse on the risks of Cyber Terrorism
In July 2018, I was invited to provide a briefing to the Special Committee on Terrorism of the European Parliament about the risks of cyber terrorism on critical infrastructure and public spaces.