More often than not when I walk into a building I will see RJ-45 network outlets in the wild. Without having done exact calculations I was able to hook up my laptop to this outlet, and have full access to the network. This goes for supermarkets, public administration buildings, and even military installations. What’s particularly … Continue reading Why a detailed network documentation is essential?
Category: risk management
Printers should be segregated from the rest of the network
When it comes to security risks for networks, hardly anyone will think of a printer as an existential threat to an organization. However, multiple cases proving that printers, and other IOT devices can act as Trojan horses have surfaced over the last couple of years. There are probably multiple reasons why this is happening, and … Continue reading Printers should be segregated from the rest of the network
Why it’s a bad idea to have your device’s IP address publicly visible!
You know how you walk into an office building, and the machines standing around have stickers on them with their IP address clearly visible to the general public? Well, thank you for that! You just saved me a ton of work figuring out which printer I want to attack to get access to the rest … Continue reading Why it’s a bad idea to have your device’s IP address publicly visible!
Do encrypted cloud backups have benefits I’m missing?
n fact, they do! Unless you are set in a very dynamic environment, where a lot of changes to files in operational Infrastructure happens You have probably follow the trend, and have a cloud-based back up system in place. And that is a good thing to have! The benefits are obvious… Affordable colocation Of your … Continue reading Do encrypted cloud backups have benefits I’m missing?
The data you store in the cloud must be segregated from that of other clients
One of the most problematic issues that is going to strike us in the near future is the cross infection of systems. Currently there are no sane arguments to support insisting on a totally isolated the violin from the cloud storage provider, but the future in cyber security is always very exciting, and surprises us … Continue reading The data you store in the cloud must be segregated from that of other clients
Why you should isolate un-patchable, end-of-life software
And another blog post from the recent past I outlined why a patch policy and an update policy maybe critical for survival of an organization. On rare occasions, and actually more often than desirable critical software upon which the organization relies to operate cannot be updated or patched simply because this piece of software has … Continue reading Why you should isolate un-patchable, end-of-life software
Physical access to data is restricted?
Justifiably you have the questions poking around in your head about why you should limit physical access to data? The answer is quite simple::: first of all let’s start with a definition of what I actually try to express with this statement. Physical access refers to any one of your employees being able to plug … Continue reading Physical access to data is restricted?
What Active Directory backup do you pursue?
AD is a difficult thing to back up. An alternative strategy could be quite easy...
Your servers and critical infrastructure elements should be in an unmarked, locked room with access control and access log as well as CCTV
It regularly makes you wonder how many organizations have their servers and other critical infrastructure in rooms marked clearly as the server and communication room.
Ux/UI confirmation screens with color differentiation
It’s amazing how many projects there are where money doesn’t play a role; as long as it doesn’t involve user experience, or a user interface that makes sense to users. Recently I was on a project in the financial sector which focused on digital change. We had very fruitful discussions in terms of what to … Continue reading Ux/UI confirmation screens with color differentiation
Application security is not necessarily necessary
Often times applications have reached end-of-life, or are no longer supported by the vendor. In this case organizations tend to weed out or replace such applications simply due to this fact. I was confronted with this organization while performing a due diligence for an investment company. The course after of the organization in question was … Continue reading Application security is not necessarily necessary
Visitors by appointment only… even tech workers, maintenance staff, cleaning staff, etc
Probably one of the most interesting incidents I have investigated was the theft of computers from a university. The perpetrator had done a good job scouting out the procedures of the organization, and through his reconnaissance put together a whole deal of information. He knew for instanceHe knew for instance that onHe knew for instance … Continue reading Visitors by appointment only… even tech workers, maintenance staff, cleaning staff, etc
Your email server should ensure encrypted communication and messaging only
As you can see this post was published in 2019. We’ve had pretty much everything about you go south. Probably the most revealing thing, and the only one in years that led to some kind of reaction, where the Snowden revelations. No, one of the main issues is that even after such a major incident, … Continue reading Your email server should ensure encrypted communication and messaging only
Emergency WAN connectivity to ensure business continuity
Probably The coolest thing in cyber security is that you constantly learn. On a conference I was speaking up I was asked by an attendee in my audience, and after my talk whether I could answer him a very confidential question. Turns out the guy was the CISO Of an oil and gas company, and … Continue reading Emergency WAN connectivity to ensure business continuity
Why you need on-location and co-location backups and why they should be encrypted
I hope I will be stating the obvious in this post; but I have seen so many things going wrong that I will risk repeating myself! On location back ups are totally cool! They are directly connected to your ethernet, have blazing accessibility rate, superb file transfer speeds, and a variety of other bills and … Continue reading Why you need on-location and co-location backups and why they should be encrypted
You seriously have to regularly upgrade your printer firmware!
When I heard this argument for the first time over a decade ago I thought it would never be a thing. I was to be proved wrong! A few years ago, I was hired to figure out how a perpetrator got into a corporate network. Like so often, my blue-chip/fortune 500 colleagues had failed to … Continue reading You seriously have to regularly upgrade your printer firmware!
Protecting your organisation from the risk of social engineering
Humans are still the weakest link in cyber security, and they lack training to become aware of the risks. This is a very good example.
Protecting your organisation from CEO fraud
One of the most costly cyber threats/risks is CEO fraud.
Project: Advanced Cybersecurity Risk Assessment Checklist
What is the "Advanced Cybersecurity Risk Assessment Checklist" (ACRAC)?ACRAC allows any organisation to assess a status quo of their cybersecurity. It's a thorough, and constantly updated checklist to reduce common cyber threats organisations are confronted with. Its goal is to raise awareness for vulnerabilities, thereby neutralising a majority of threat vectors an organisation sees itself … Continue reading Project: Advanced Cybersecurity Risk Assessment Checklist
What is the best password strategy to pursue?
When it comes to passwords, there are many opinions. However, a save passwords strategy doesn’t have to be so complex that you cannot remember the password you entered. Instead it is about choosing passphrases which are easy to remember for the human mind.