security
Blog / security
Effective Information Security & Risk Management ISRM Programmes
CISO securityLet us start by stating an age-old maxim : You cannot eliminate all risks. But you can reduce the level of risks to an acceptable standard. That’s why building an Information Security and Risk Management (ISRM) programme is essential. Our businesses generate an ever-increasing volume of data. So, in an era where information is currency, and cyber threats continue to evolve, an effective ISRM programme is a necessity. Let’s take a quick look at ISRM and what it takes to put in place an effective programme.
Managing Third-Party Risk - the Importance of Real-Time Intelligence
ciso securityManaging third-party risk is inevitable when you work with vendors, suppliers, contractors, and business partners. And the harrowing thing is that you have no control over their networks or security. On-off or snapshot assessments of third-party risks still leave your business vulnerable as neither your business nor the third-party’s operates in a static environment. As things change in real time, you need real-time intelligence to manage third-party risk in your firm.
Insider Threats: A CISO Nightmare
security insider-threat CISOWith insider threats, your biggest assets become your biggest risks. One of today’s most damaging security threat comes from trusted insiders. Insider threats can come from anyone in your organisation, from those with the highest access to your company data to those who you think have no access at all. Your insiders are both employees and third parties. The risk is at all levels. Its no wonder that 25% of all security incidents involve company insiders.
A live malware infection - a real life study (Part 1)
cybersecurity malware securityWe recently assisted a client that was aggressively hit with a phishing campaign. Following a couple of successful compromises they found themselves faced with an escalation with the malware attempting to impersonate staff, both emailing their customers and pivoting to attack the admin users in a secondary phishing attack. What made things a little more interesting than the usual kiddy attack was that the initial malware was not carrying a particularly nefarious payload, which meant that it escaped the usual malware detection that the client had deployed.
Topics
ai atlassian banking best-practices blockchain ciso climate-change cloud covid19 crime crypto culture customer-success cybersecurity data-protection development dlp employees gdpr infrastructure insider-threat malware office365 offshoring remote-working risk-management security semafore slack social-media technology trojan-horse work-experienceFeatured
AI vs. Web Developers - Collaboration or Competing?
AI vs Web Developers - Collaborative Innovation or Competing Forces in the Future of Web Development? Artificial Intelligence (AI) has come to the for...
Blockchain Technology & the Future of Cybersecurity
Over the past few years, we’ve been hearing more and more about crypto in emerging markets, digital money, blockchain technology, and other financial...