Given the historical hacking of major cloud based Authentication and Authorisation providers, like Okta and Auth0 , I think CISO’s and CTO’s need to seriously reconsider the risks they are exposing themselves to by utilising such services, and how them remaining a focus of hackers is almost certain as they keep adding on features and Read more about Open Source AuthN, AuthZ & VPN[…]
Artificial intelligence (AI) has reshaped many aspects of business and cybersecurity, promising unparalleled capabilities in threat detection, incident response, and overall risk management. Yet as AI continues to gain ground, understanding its limitations and risks becomes critical. This article explores the potential pitfalls of using AI in cybersecurity, covering risks such as over-reliance, ethical concerns, Read more about The Risks of Using AI in Cybersecurity[…]
Zero Trust security model adaption has accelerated over the past decade, driven by increasing cyber threats, digital transformation, and the need to secure remote workforces. Unlike traditional perimeter-based security, Zero Trust operates on the principle of “never trust, always verify,” ensuring that all access to resources—whether internal or external—is continually validated. While the theoretical benefits Read more about Zero Trust, the Hidden Pitfalls: Challenges and Failure Points in Implementation[…]
In an increasingly interconnected digital world, the traditional network perimeter security model is proving to be inadequate. With mobile devices, cloud services, and remote work being the norm, organizations can no longer rely on the assumption that everything within their network is inherently secure. Combine this with cybersecurity threats growing in sophistication, and the surface Read more about Implementing Zero Trust: Best Practices and Key Areas for Success[…]
Username and password based login is often seen as the weakest link in authentication – too often people choose weak passwords, write them down or reuse them. So on their own they are an easy target for hackers. But it need not be this way, if you have the ability to implement a few additional Read more about Strengthening username and password logins[…]
In this article we look at what could be the root cause of the CrowdStrike outage and what could have been done to prevent it.
Hiring competent people in cybersecurity is always important, as you cannot secure what you do not understand. The trouble is often those who are performing the hiring do not have an in-depth understanding of cyber security and what specific skills and experiences are required to perform a cyber security role well. Why is this so Read more about Detecting Cyber Security BS in CVs[…]
It appears 3rd party integrations are the flavour of the month for security incidents at the moment. The latest being Ticketek Australia, where some of its customer may have had their personal details exposed, including names, date-of-birth and email; all of which was managed by a “reputable, global third-party supplier”. In other words, a global Read more about The 3rd party security nightmare[…]
Research has been undertaken that reveals some interesting aspects of how LLMs (Large Language Models) work and how they represent knowledge. This indicates it is very difficult to successfully constrain a language model and thereby ensure that they are secure. This difficulty means it is dangerous to employee LLMs in mission critical situations where adversaries Read more about Can LLMs be constrained and secured?[…]
It seems not a day goes by without some record cybersecurity incident hitting the press, be it a data breach, a Zero Day or some malware doing its devious things… Trouble is the frequency of these events, and their scope, has been increasing significantly over the last few years and most people have not latched Read more about Houston, we have a security problem…[…]
This article aims to provide a comprehensive guide to performing effective 3rd party vendor security reviews, outlining key steps, best practices, and strategies to mitigate risks and ensure a robust security framework.
We look at how defence in depth can reduce the risk and impact caused by human error, the #1 cause of security incidents.
As of 1st February 2024 Google will put in place several new requirements of those sending emails to Google based email accounts. In effect all businesses that send emails to Google based email accounts will have to implement these changes to ensure their emails will get through and will not either be deleted or put Read more about Google email changes impact small businesses[…]
What I think are going to be the top 5 big cyber security themes in 2024.
This article explains exactly what the cashless disaster is and why we should not be going down this road, it could literally result in the end of Australian society as we know it.
In this article, we describe ISO27001 pivotal role in improving cybersecurity resilience within a business, and how it can build customer trust. We also explain the process of getting ISO27001 certification.
This article delves into the importance of attack surface management, highlighting specific areas that require careful consideration to ensure the security of an organization.
In this article, we will explore why cybersecurity is essential in the real estate sector, the specific threats it faces, and strategies to protect against them.
As businesses increasingly embrace LLMs, it’s critical to examine the potential benefits and risks associated with their usage.
To save people time in having to extract the questions from the PDF here , I have put together a Word document which you can download here. I’ve done some basic formatting and put in both the priorities and questions, as well as the Appendix A detailed questions; so you can select and answer whatever Read more about Australian Cyber Security Strategy – Discussion Paper, Response Template[…]