Cyber Security News & Current Events

The Dangers of Outsourced Development (and the 'AntiHack' Function)

Posted by Eddie on 5/06/19 7:15 AM

 

Seen above is real source code we got access to in a recent web application penetration test by exploiting security vulnerabilities caused by poor secure coding practice. While inspecting source code we found an interesting function called ‘antiHack’ which appears to do nothing but return the inputted data verbatim.

Read More

Topics: Governance, Pentesting

Why Cyber Insurance Cannot Replace a Mature Security Posture

Posted by Nat on 11/04/19 4:30 PM

Although cybersecurity insurance can appear attractive, it is important that businesses understand it cannot feasibly serve as a replacement for threat mitigation. The majority of cyber threats are avoided by reaching a baseline standard of security maturity. The investment required to achieve this baseline is generally less than a few years of premiums and the deductible for just one incident.

Read More

Topics: Governance, Fundamentals, Risk Assessment, risk profile

Management Buy-In - Part 1: Why You Need It

Posted by Nigel on 10/12/18 11:02 AM

Every information security framework and “best practice” guide to cyber security states that you need “management buy-in”, but why is it important and what does it look like?

Read More

Topics: Governance, Fundamentals

Christmas Turkeys and Cyber Security Aren't That Dissimilar

Posted by Nigel on 3/12/18 12:56 PM
What Brush Turkeys Have Taught Me About Information Security

It is that time of year again when a male brush turkey has made my backyard his home, tearing apart vegetation to make his nesting mound. While this is a source of frustration, on the positive side, it has given me new ways to think about information security.

Read More

Topics: Insider, Governance, Red Teaming, Risk Assessment

Documentation Provides Security Value

Posted by Nigel on 15/02/18 5:45 PM

A big part of my job is conducting security audits or assessments of clients. In one assessment, I asked a client for some documentation, in this case a system design document, as is usual practice. I was told “We don’t do documentation just for audits”. Further discussion revealed that the client’s culture was one where documentation was considered unnecessary for many activities, including activities directly related to security. Needless to say, I found many issues with their information security posture.

Read More

Topics: Governance

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|

Subscribe:

Recent Posts