The Cashless Disaster
This article explains exactly what the cashless disaster is and why we should not be going down this road, it could literally result in the end of Australian society as we know it.
Enhancing Security and Customer Trust: The Role of ISO 27001 in Modern Businesses
In this article, we describe ISO27001 pivotal role in improving cybersecurity resilience within a business, and how it can build customer trust. We also explain the process of getting ISO27001 certification.
Strengthening the Fortress: The Crucial Role of Attack Surface Management in Business
This article delves into the importance of attack surface management, highlighting specific areas that require careful consideration to ensure the security of an organization.
Safeguarding the Foundations: The Crucial Role of Cybersecurity in Real Estate
In this article, we will explore why cybersecurity is essential in the real estate sector, the specific threats it faces, and strategies to protect against them.
The Benefits and Risks to a Business of Using AI Language Models (LLMs)
As businesses increasingly embrace LLMs, it’s critical to examine the potential benefits and risks associated with their usage.
Australian Cyber Security Strategy – Discussion Paper, Response Template
To save people time in having to extract the questions from the PDF here , I have put together a Word document which you can download here. I’ve done some basic formatting and put in both the priorities and questions, as well as the Appendix A detailed questions; so you can select and answer whatever Read more about Australian Cyber Security Strategy – Discussion Paper, Response Template[…]
Whose Face is it anyway? The ClearView AI Ruling
Recently (9th November 2021) the Australian Information Commissioner produced a ruling against Clearview AI Inc for its usage of the images of Australians scrapped from Social Media sites and found them to have failed to comply with the requirements of the Australian Privacy Principle and hence interfered with the privacy of Australian individuals, as follows: Read more about Whose Face is it anyway? The ClearView AI Ruling[…]
Security Questionnaires online, are they safe?
Those who have been following my posts know I have an evolving love/hate relationship with online security questionnaires. Done well, they can speed up the process for the client and service provider and establish a properly shared understanding of where risks lie and how those can be managed over time. Done badly, they can be Read more about Security Questionnaires online, are they safe?[…]
Protecting against the biggest security vulnerability
First off, do you know what the biggest single cause of security vulnerabilities and successful attacks against computer systems is? A lot of people think of insufficient access controls, a lack of process, SQL injection, etc but there is something more fundamental sitting behind a lot of these that often gets overlooked. I’m talking about Read more about Protecting against the biggest security vulnerability[…]
Web site scanning without prior permission is very likely illegal, here’s why
It appears that there is a growing wave of SaaS utilities that will either scan websites and internet-based services for you or provide you with access to historical information on sites and services they have already scanned, often for a fee. Unfortunately, using such services can result in your seriously falling foul of the law Read more about Web site scanning without prior permission is very likely illegal, here’s why[…]
Online Security Questionnaires – do they work?
Online security questionnaires, a blessing or curse? In this article I explore my experiences with them and what can be done to improve the process.
The Defence in Depth Security Model Explained
The Defence in Depth Security Model is one of those security concepts I often see incorrectly implemented or not used to its full potential to protect services or systems. There is way more to it than first meets the eye. In this article you will learn: What is the Defence in Depth Security Model? The Read more about The Defence in Depth Security Model Explained[…]
Stopping Business Email Compromise
Many small businesses are suffering at the hands of hackers, most of it via intercepting email-based invoices and changing the account payment details to those of a bank account under the control of the hacker. As shown in a recent case, $51,000 was stolen by a scammer by altering the bank account details of an Read more about Stopping Business Email Compromise[…]
robots.txt Pen Test extension
Given that I’m seeing an increase in unauthorised, and essentially illegal, Pen Tests against business production instances, which only serve to: Test the firewalls around your production instance (rather than testing the application code directly), Put at serious risk the availability of the web service under ‘test’ by consuming resources that should be only used Read more about robots.txt Pen Test extension[…]
3rd Party Pen Testing, make sure you are doing it right
We ask when you can Pen Test a 3rd party and the right way to go about it
Continuous Pen Testing – Pros and Cons
It seems quite a few businesses are resorting to using 3rd parties to implement continuous pen testing for not only their own products but also for online services they also consume – this can be a very bad idea and lead to a false sense of security. In the face of it regularly scanning an Read more about Continuous Pen Testing – Pros and Cons[…]
Singapore’s TraceTogether Token
Singapore has developed a physical token to enable elderly and vulnerable people to easily be contact traced without the need of having the TraceTogether app. The device also overcomes some of the issues that are being faced with the mobile app, including battery drainage and issues when the app is running in the background or Read more about Singapore’s TraceTogether Token[…]
Security Event Logging, why it is so important
Every once in awhile I get asked why detailed event logging is so important when setting up cybersecurity controls at a business. In this article will attempt to explain why this is critically important. To log or not to log, that is question… When it comes to logging security events and being able to make Read more about Security Event Logging, why it is so important[…]
How much should you spend on an external PenTest?
External Penetration Tests today come in all shapes and sizes, from the rudimentary highly automated scanning to the more detailed and human-driven PenTests, with often widely ranging costs to boot (3 to 4 times difference is not unusual for essentially the same thing). Sometimes it’s difficult to work out what form of external PenTest is Read more about How much should you spend on an external PenTest?[…]
Encrypt Email addresses at Rest
It seems not a day goes by without some major data breach occurring on businesses systems. Anywhere from a few thousand records to many millions at a time, containing information ranging from names, addresses, telephones number, dates of birth and account details, etc. One thing I have noticed, that seems to be a constant throughout Read more about Encrypt Email addresses at Rest[…]