The thing about backups and having a tested one with a well thought out plan is that when everything goes to custard there is always a way back to business as normal
Author Archive: admin
Cybersecurity and the log4j vulnerability
I like basic
I like simple.
There is definitely not enough of basic or simple in my business!
One of the most basic and simple strategies for cybersecurity is called the essential 8.
When implemented correctly the essential 8 improves an organisations security posture significantly.
Two of the components of the essential 8 is patching – Patch operating systems and patch applications.
That was till this week.
A little context:
A vulnerability has been discovered in a simple logging component of Java.
This identified vulnerability allows an attacker to send a simple line of code to a system.
That code is then passed to the logging system and bingo they now have full access to the device as an administrator.
In other words, a 10-year-old can hack your system and do some serious damage!
That makes it a huge internet problem, in fact, it is being labeled “the worst hack in history”
First discovered in web-based systems (Apache) it has now been identified in thousands of products that are installed on computers across the world..
This vulnerability has highlighted the fact that everyone and their dog has used this logging system and then failed to think about updating it as part of their patching process.
In some cases, the versions we are coming across have been in these systems for more than 8 years and traveled from version to version.
To counteract the problem is difficult.
We cannot just remove the problem files because the application will stop working.
We cannot just change it for the newest version because the application will stop working.
So we have to wait for the software owners to patch their software and release the patch.
In the meantime, we plan for the worst and hope for the best.
We rely on our defence in depth.
We rely on our proactive systems and contingencies.
We rely on others in the industry to find solutions that can be implemented and apply them as fast as possible.
Do a podcast they say, it’s easy they say. Sure it is!
Do a podcast they said, it’s easy they said!
Sure it is!
A touch of sarcasm there I am afraid.
My first idea for a podcast was to interview people who had been targeted, exploited and/or who had experienced a cyber event.
It would be full of information about, no wait…..
No one is going to talk about being breached!
That conversation, if they had lost thousands of dollars or worse closed their doors, would be way tooooo painful.
Although it would be of huge benefit to others and my target audience it would definitely be detrimental to the interviewee’s health
If they survived, talking about it would have a negative impact on their revenue, reputation and brand.
Not the best idea I have had.
Scratch that!
Second idea!
Let’s interview people in the industry.
A bit of research on the interwebs and it confirmed a long-standing realization that not-for-profit organisations, charities and small and medium businesses are treated shoddily by the cybersecurity industry.
After a couple of conversations, I soon realized that the best in cyber had very little understanding of the space that is occupied by organisations with less than 50 staff.
There are a number of people that are in the cyber industry who are wholly based in normal business and who understand cyber and smaller organisations.
I actually hope that I can interview them, but
Most do not understand the challenges and problems associated with a struggling small and medium business environment.
Where making a simple decision could mean that you have a cash flow issue, a marketing issue, a cyber problem or a going out of the business problem
So number 3 idea was born
There are two areas where everyone has problems in cyberspace.
The first are NFPs, Charities and SMEs.
Second, are the elderly and mature.
Coming soon as a podcast and video:
“Need help – ask Roger”
Cybersecurity for normal small businesses.
Some straight answers to cyber questions that the others are reluctant to answer.
A podcast about how to build resilience and security into your business from the basics up.
Get answers to the questions that you need to ask about business security
And to make myself even busier I thought,
“An old persons take on protecting their digital stuff”
The most under-protected user of the digital world are the elderly, retired and mature
This area of the population are uneducated and ill-informed but most important they are innocent to the true capability of the cyber-criminal.
This makes them the number one target for the cyber creep.
They are under constant attack through scams, extortion and fear-mongering.
Hopefully going to be launching them both this month, see lockdown has some advantages.
The first episodes of both of them went live this week all I have to do is find the URL for them
#nonprofits #smallbusiness #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo #CareMIT #cybersecurity #infosec
Why didn’t I insure my bike?
When I was in the Navy, I was based at Garden Island in Western Australia on and off for 5 years.
In that time I was relatively fit and I represented the Navy in a number of sports.
I would pedal to work (20Km each way) at least 4 days a week.
On a good day 40 minutes from the front door to the office.
90 minutes on the way home because you had to stop at the pub to get the goss
If you know the island you know that there is one problem.
No matter what direction you were going morning, afternoon or even if you had the luxury of knocking off early, you ran into the wind
On the causeway, the easterly and the sea breeze were always in your face.
Both of them could get up to 40Km per hour.
The only consolation was the flatness around the area.
One day my bike was stolen.
Taken out of the backyard.
It wasn’t until it was gone did I realize what it was doing in my life, apart from keeping me fit.
I didn’t have to drive so the wife could have the car to ferry the kids and do all of the other stuff she needed to do.
I didn’t have to drive so there was always extra money in the budget for everything we needed.
I could no longer come and go as I pleased, I now had to fit in with everyone else.
I could no longer go to the pub on the way home.
In fact, apart from the initial cost, the bike had cost me nothing.
This is what is happening in the digital world.
We do not know or understand the heavy lifting that our digital devices and services are doing for us.
That is until they are gone.
When they are gone, we realize that the business, organisation, association or ourselves have taken them for granted.
They were doing everything.
So an accidental loss, a cyber event or an insider will cause havoc unless you have stood back and thought:
What If?
What if we turn it all off?
Now what!
That “what if” makes you proactive.
It builds in resilience.
It is the first step to increased revenue, improved capability and scalability.
Have you looked at the business and thought WHAT IF????
Cybersecurity for the C suite executive (CEO, CFO,COO)
Cybersecurity for the C suite executive (CEO, CFO, COO).
Lets look at the facts!
No matter the size, shape or industry of an organisation.
No one is fully prepared for a full-on, bare knuckles, cyber ninja assault.
We are not talking about a random attack.
An attack that is being perpetrated against your organisation with Metasploit and a new copy of Kali.
This attack is from Mr. Creepy!
He knows what he is doing.
He knows what he is after.
But, more importantly, he also knows how to get it.
He has studied your organisation for months to find your weaknesses.
He has the skills and resources (very important) to break in and steal your crown jewels.
These are the people who give my industry grey hairs and stress lines.
Thinking that there is no way that you would be targeted by a professional is a grave mistake.
Because It no longer needs to be a professional!
They are quite happy to train others in the required skills.
They are quite happy to sell others their expertise.
They are quite happy to tell others where they are going wrong.
They have created capabilities and skills that they have incorporated into something to sell.
This increases the capability of the inexperienced cybercriminal immensely.
Want to avoid being on the radar as a prime target then YOU NEED TO DO SOMETHING.
Here is something to start with.
#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo #CareMIT #cybersecurity #infosec
If you are not worried about a cyber-attack then you have probably not been given the right information
If you are not worried about a cyberattack then you have probably not been given the right information!
#Cybersecurity or business security should be one of those areas of business that keeps you up at night.
To tell you the truth it should be one of those areas that terrify you!
When the script kiddy targets you with a random automated attack it is not personal, it is just business.
If you have done nothing or very little in the way of protection then you quickly become a victim.
With the average time inside a network of more than 250 days, most organisations have no systems or capabilities to detect them never mind identify or stop them.
From initial infection to the point where your world ends can be as little as 24 hours or they can sit inside your network and wait.
6 – 12 months is normal.
In that time they are documenting your network, your people, your intellectual property, your systems, your access to money and anything else that they can find.
While you are blissfully unaware of them being there they are getting ready to deliver the coupe de tar.
In addition, while they are rummaging through your proverbial underwear drawers your systems could be spamming your friends, running denial of services attacks on corporate networks, bitcoin mining, storing porn for pedophiles all while they destroy your backups and other systems.
And that is just a random capability from an inexperienced criminal, just imagine what Mr. Creepy can do you if he singles you out and makes you his sole purpose in life!
We have put together a simple 2 page ransomware advice brochure (The before, during and after plan) that could go a long way to reducing the impact of a ransomware attack.
#nonprofits #ExecutivesAndManagement #AccountingAndAccountants #ProfessionalWomen #ceo #CareMIT #infosec