SecurityCategory

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – my home network is safe

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – my password use does not matter

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – phones are safe

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – changing passwords

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – It’s not my responsibility

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – I’ve got a firewall

Even with the gradual increase in cybersecurity literacy amongst the masses, there are still some myths that people follow religiously, even Cybersecurity professionals. I will set out to bust some of those myths here. Many of the myths have come from companies advertising products as a “silver bullet” solution, some… Continue Reading Cybersecurity Myths – I’m not a target

Yesterday, there was a world-wide incident that affected computers running CrowdStrike Falcon, where there was a conflict between the vendor’s anti-malware protection and the Windows sensor, resulting in a BSOD and unresponsive computers. This is a major incident that was effectively the effective impact as we were expecting from the… Continue Reading Lessons from the CrowdStrike incident

Terminology around privacy and security often will use the term “PII” – to refer to “Personally Identifiable Information”. However, PII in Australia is not a valid term – the definition by the OAIC is “personal information”, and it differs from the US term (from NIST) and the legal obligations around… Continue Reading PII in Australia and personal information

Data Sovereignty with cybersecurity is a hot question that many organisations consider to be one of their early considerations when selecting a service provider for storing their data. The intention is that important data needs to not be held in foreign datacentres, so that foreign governments cannot withhold the data… Continue Reading Cybersecurity and Data Sovereignty

Cybersecurity is more than just firewalls and anti-virus, goes further than just zero-trust approaches and cultural changes, and is beyond just policy and compliance. Cybersecurity is not an ‘action’ or a ‘solution’ – it is an ongoing activity that needs constant review and updating. Cybersecurity Planning will vary for each… Continue Reading Cybersecurity planning

With the ever-increasing levels and frequency of attacks and impact, businesses of all sizes should consider specific cyber insurance. However there are some Cyber Insurance myths that need to be dispelled. Myth #1 – My other insurance will cover me Unless your other insurance specifically covers cyber events, you are… Continue Reading Cyber Insurance myths

I have posted a few articles about different security standards and frameworks, such as PCI-DSS, The Essential 8, ISO27001, NIST and others – and in my experience, there are some organisations that focus on compliance instead of security. People desperately chase the dogma of maturity levels or complying with every… Continue Reading Focus on Compliance or Security?

As the world becomes more aware of cybersecurity risks and issues, company boards need to become more aware of the issues that cybersecurity poses for their businesses. However, it can be difficult for non-technical people to learn the new terminologies and concepts. The question still remains on how we educate… Continue Reading Educate Boards in Cybersecurity

A question that has been around my mind for a while is “does the CISO need to become the CSO”? Is the responsibility of the Chief Information Security Officer too limiting, and should they be the Chief Security Officer? The issue with a CISO is that they often are limited… Continue Reading Does the CISO need to become the CSO?

Last month, I wrote an article on the Essential 8. The article pointed out that for most of the measures, they should be the absolute minimum measures that organisations take with their systems. For those who work in the area of security, most of the Essential 8 are common-sense and… Continue Reading Obvious PCI-DSS benefits

The Australian Cyber Security Centre, working alongside the Australian Signals Directorate (formerly Defence Signals Directorate) created a list of eight essential mitigation strategies to act as a baseline for cybersecurity. These are very much basic and essential measures, and they are an absolute minimum. As a cybersecurity professional, these are… Continue Reading What is wrong with the Essential 8?