Moving to a more mature security posture?
Intended to be topical and informative, my blog contains lightweight discussions around various Cyber Security issues.
As company networks have evolved and become more complex, so has the “logging”. This means the results and reports from devices and applications all over the network, each pouring out with endless amounts of data, need to be interpreted into meaningful information. However, logging and monitoring are two different things. If you can’t detect an issue you can’t deal with it. Some of the largest…
Ubiquitous and permanently connected to the internet, smartphones are here to stay. As devices that talk to everything all of the time, they access corporate data more easily whilst boundaries to the company network blur or even disappear. Imagine: Joe from Accounts procures his new iPhone as part of his renewed contract and one of the first things he does after restoring the backup of…
Before we go any further, let’s ask another question: Why would we need application whitelisting? Legacy controls such as Anti-Virus have become less effective at stopping the latest threats, user permissions may not be locked down, meaning users can “run anything”. Often companies build systems which must never be changed, or are very seldom updated due to the types of business-critical information they must process;…
The bad guys are getting smarter. With all the best will in the world and all the tools at your disposal an incident is inevitable. Planning properly for such a Cyber Attack and putting in place contingency plans is a critical area of Cyber Security that is often ignored. The Cyber Security Breaches Survey 2016 reported that only 10% of UK business overall have a…
Your users are the last line of defence and in almost all cases will make the difference between suffering a data security breach or not. As with disasters that can make the media, human error plays a major part during an incident. Users are the weakest link in the security chain, but if not empowered to make the right choice when they need to respond,…
You are the boss of your organisation. Are you getting updates about Cyber Security within your business? Or possibly more importantly, are you asking for them? e.g What problems are we having that might be affecting our security posture and exposing my company? Is our Anti-Virus up to date? Are our backups OK and have they been tested recently? When were our firewall rules last…
Recent years have demonstrated great efforts made by organisations to encrypt any data that needs to physically leave the building where it is normally stored – the “data at rest” is made unreadable to any person or entity that is not authorised to read that data. Traditionally it is patient and finance data that have been the focus, typically stored or used on a mobile…
Depending on your point of view being able to “work from home” can be either a blessing or a burden. The same can be said for organisations who decide to permit home and mobile working. Over time this dilemma becomes compounded by the number of users who need (or demand!) access to an ever-increasing amount of business-line applications and resources whilst outside of the office….
If you need to ask that question, then the answer is yes! When a user is working on their computer they have certain rights and permissions to access files and run programs. Ideally those rights and permissions should conform to a model of Least Privilege Access. Least Privilege Access is a concept where users working on the network are able to do their job and…
