Over the past decade or more, we have seen a tremendous shift in business infrastructure away from the traditional on premise systems and services towards cloud-based X-As-A Service (XaaS). Instead of having all of our hardware and software safely located inside the walls of our bricks & mortar offices, we now have only basic connectivity devices.

Over the past decade or more, we have seen a tremendous shift in business infrastructure away from the traditional on premise systems and services towards cloud-based X-As-A Service (XaaS). Instead of having all of our hardware and software safely located inside the walls of our bricks & mortar offices, we now have only basic connectivity devices.

In February of 2017, The Australian Signals Directorate (ASD) Australian Cyber Security Centre (ACSC) published an update to their “Top 4” Strategies to Mitigate Cyber Security Incidents by revising the list to include four more crucial strategies.

This ecosystem is composed of both technical and administrative controls, but is also comprised of as few layers as possible to create a defence in depth architecture that integrates with each of its individual pieces. Visibility is improved by removing gaps and overlaps and ultimately leads to reduced human error, nearly universally agreed as the core of most incidents either directly or indirectly.

Developed a decade ago, the Zero Trust framework has recently gained more attention due to the collective castle walls of many organisations crumbling and the owners of information systems and data becoming usurped by malicious entities. There is plenty of proof and anecdotal evidence to assure us that cybersecurity incidents are a matter of “when” and not “if”.

This voluntary framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

Email spoofing is a tried-and-true, favourite tactic of cyber criminals and often accompanies phishing, spear phishing, and whaling attacks on you and your organisation. With a little know-how, I could send out an email that looks like it came from the Prime Minister, my car dealership, or old matey next door. With a properly constructed message body, most would must look twice to tell the difference.

Long gone are the days when we created, stored, and used data only on one computer. We have a ton of options when it comes to removing data from a computer that doesn’t involve a wired or wireless network connection. Many of you remember having shelves full of floppy disks and odds are they’ve been replaced by drawers full of USB thumb drives and hard drives and other plug-in storage media.

The reason Anti-Virus is still current is because viruses still pose a major threat to our information systems and that isn’t changing any time soon. Just because we’re focused on ransomware and other immediate dangers doesn’t mean the threats are gone; like a good vaccine, we’re just able to handle their presence.

This is where we get down into the weeds into the heart of the systems on our networks. While some of the other components we spoke of earlier such as patching and managing permissions, here we focus on the core of what makes the system tick.

Hardening server applications really isn’t optional. You need to defend against malicious data access, theft, exposure, corruption and loss.

Also known as “sniffing”, capturing network traffic can be either proactive or reactive depending on the application. The goal is to capture the data traversing the network for the purposes of analysis and intelligence gathering and this can be done on wired or wireless networks