It appears 3rd party integrations are the flavour of the month for security incidents at the moment. The latest being Ticketek Australia, where some of its customer may have had their personal details exposed, including names, date-of-birth and email; all of which was managed by a “reputable, global third-party supplier”. In other words, a global Read more about The 3rd party security nightmare[…]
Research has been undertaken that reveals some interesting aspects of how LLMs (Large Language Models) work and how they represent knowledge. This indicates it is very difficult to successfully constrain a language model and thereby ensure that they are secure. This difficulty means it is dangerous to employee LLMs in mission critical situations where adversaries Read more about Can LLMs be constrained and secured?[…]
It seems not a day goes by without some record cybersecurity incident hitting the press, be it a data breach, a Zero Day or some malware doing its devious things… Trouble is the frequency of these events, and their scope, has been increasing significantly over the last few years and most people have not latched Read more about Houston, we have a security problem…[…]
This article aims to provide a comprehensive guide to performing effective 3rd party vendor security reviews, outlining key steps, best practices, and strategies to mitigate risks and ensure a robust security framework.
We look at how defence in depth can reduce the risk and impact caused by human error, the #1 cause of security incidents.
As of 1st February 2024 Google will put in place several new requirements of those sending emails to Google based email accounts. In effect all businesses that send emails to Google based email accounts will have to implement these changes to ensure their emails will get through and will not either be deleted or put Read more about Google email changes impact small businesses[…]
What I think are going to be the top 5 big cyber security themes in 2024.
This article explains exactly what the cashless disaster is and why we should not be going down this road, it could literally result in the end of Australian society as we know it.
In this article, we describe ISO27001 pivotal role in improving cybersecurity resilience within a business, and how it can build customer trust. We also explain the process of getting ISO27001 certification.
This article delves into the importance of attack surface management, highlighting specific areas that require careful consideration to ensure the security of an organization.
In this article, we will explore why cybersecurity is essential in the real estate sector, the specific threats it faces, and strategies to protect against them.
As businesses increasingly embrace LLMs, it’s critical to examine the potential benefits and risks associated with their usage.
To save people time in having to extract the questions from the PDF here , I have put together a Word document which you can download here. I’ve done some basic formatting and put in both the priorities and questions, as well as the Appendix A detailed questions; so you can select and answer whatever Read more about Australian Cyber Security Strategy – Discussion Paper, Response Template[…]
Recently (9th November 2021) the Australian Information Commissioner produced a ruling against Clearview AI Inc for its usage of the images of Australians scrapped from Social Media sites and found them to have failed to comply with the requirements of the Australian Privacy Principle and hence interfered with the privacy of Australian individuals, as follows: Read more about Whose Face is it anyway? The ClearView AI Ruling[…]
Those who have been following my posts know I have an evolving love/hate relationship with online security questionnaires. Done well, they can speed up the process for the client and service provider and establish a properly shared understanding of where risks lie and how those can be managed over time. Done badly, they can be Read more about Security Questionnaires online, are they safe?[…]
First off, do you know what the biggest single cause of security vulnerabilities and successful attacks against computer systems is? A lot of people think of insufficient access controls, a lack of process, SQL injection, etc but there is something more fundamental sitting behind a lot of these that often gets overlooked. I’m talking about Read more about Protecting against the biggest security vulnerability[…]
It appears that there is a growing wave of SaaS utilities that will either scan websites and internet-based services for you or provide you with access to historical information on sites and services they have already scanned, often for a fee. Unfortunately, using such services can result in your seriously falling foul of the law Read more about Web site scanning without prior permission is very likely illegal, here’s why[…]
Online security questionnaires, a blessing or curse? In this article I explore my experiences with them and what can be done to improve the process.
The Defence in Depth Security Model is one of those security concepts I often see incorrectly implemented or not used to its full potential to protect services or systems. There is way more to it than first meets the eye. In this article you will learn: What is the Defence in Depth Security Model? The Read more about The Defence in Depth Security Model Explained[…]
Many small businesses are suffering at the hands of hackers, most of it via intercepting email-based invoices and changing the account payment details to those of a bank account under the control of the hacker. As shown in a recent case, $51,000 was stolen by a scammer by altering the bank account details of an Read more about Stopping Business Email Compromise[…]