Category Archives: Resilience and Detection

𝐑𝐞𝐡𝐞𝐚𝐫𝐬𝐢𝐧𝐠 𝐟𝐨𝐫 𝐑𝐞𝐚𝐥𝐢𝐭𝐲: 𝐖𝐡𝐲 𝐌𝐨𝐜𝐤 𝐃𝐢𝐬𝐚𝐬𝐭𝐞𝐫𝐬 𝐁𝐞𝐚𝐭 𝐭𝐡𝐞 𝐑𝐞𝐚𝐥 𝐃𝐞𝐚𝐥!

Posted on by

Ever watched a play where actors flawlessly recite lines, embody characters, and captivate you with their performance?

It’s mesmerizing, right?

But what you don’t see are the countless rehearsals, the forgotten lines, and the tripping over props.

All of that happens behind the scenes.

By the time they’re on stage, they’ve mastered their act.

Enter the world of tests and trials in cybersecurity!

Annoying?

Absolutely.

As vexing as an actor forgetting lines for the tenth time.

But oh, so necessary.

Because when the actual cyber threats try to Gatecrash our systems, we want to be ready, not left fumbling for our lines or our defences.

Sure, in our ‘rehearsals’, things can go awry.

Unexpected glitches pop up, simulations may unveil problems we never considered.

A little chaos here, a little mayhem there.

But isn’t that the point?

To stumble, fall, and rise before the final act?

So, the next time a cybersecurity drill feels like a bothersome rehearsal, remember this: better a hiccup in practice than a disaster during the live show.

After all, in the grand theatre of cybersecurity, we’re aiming for a standing ovation, not stage fright! 

Cybersecurity – 𝐏𝐫𝐨𝐚𝐜𝐭𝐢𝐯𝐞 𝐃𝐞𝐟𝐞𝐧𝐜𝐞 𝐯𝐬. 𝐑𝐞𝐚𝐜𝐭𝐢𝐯𝐞 𝐑𝐞𝐜𝐨𝐯𝐞𝐫𝐲

Posted on by

Imagine for a moment, you’re standing at a fork in the road.

Down one path, you see a sturdy shield, a strong fortress, and tranquillity.

Down the other, you see a chaotic battleground, with an expensive toll gate just to step into the fray.

This is the choice you face when it comes to cybersecurity.

Opting for protection is like investing in that strong fortress and sturdy shield.

It’s paying upfront for software, employee training, secure networks, and regular audits.

It may feel like a dent in your wallet now, but this route is a calm, controlled environment where you dictate the pace and degree of your security measures.

Recovery, on the other hand, is the battleground.

It’s scrambling after a cyberattack to restore systems, retrieve data, and salvage reputation.

It’s sleepless nights and countless resources spent, both monetary and time.

And it’s the potential loss of trust from your clients that could lead to a significant reduction in business.

In essence, you pay less when you’re in control – when you choose to be proactive rather than reactive.

This is why protecting your business upfront from cyber threats is not just the more financially prudent option; it’s also the least stressful.

Remember, when it comes to cybersecurity, it’s always better to be safe than sorry.

Share your unique perspective in the comments below

𝐅𝐫𝐨𝐦 𝐂𝐫𝐢𝐬𝐢𝐬 𝐭𝐨 𝐂𝐚𝐥𝐦 – 𝐓𝐮𝐫𝐧𝐢𝐧𝐠 𝐓𝐢𝐝𝐞𝐬 𝐰𝐢𝐭𝐡 𝐚 𝐃𝐢𝐬𝐚𝐬𝐭𝐞𝐫 𝐑𝐞𝐜𝐨𝐯𝐞𝐫𝐲 𝐏𝐥𝐚𝐧

Posted on by

Picture this: It’s a Monday morning.

You stroll into your office, coffee in hand, ready to conquer the world, only to be met by chaos.

The server crashed.

All your data – poof – vanished!

And just like that, your world grinds to a halt.

Sounds like a nightmare, right?

The unfortunate reality is, it’s not a matter of if this will happen, but when.

In today’s digital landscape, the unexpected looms at every corner.

System failures, cyber-attacks, natural disasters, you name it.

Without a disaster recovery plan, your small business or nonprofit is like a ship sailing uncharted waters without a compass.

The truth is, many organizations focus on sailing smoothly – ensuring day-to-day operations run seamlessly, deadlines are met, and budgets are maintained.

These are important, of course, but what about the inevitable storms? Should we not prepare for them?

Now, you might ask, how does one prepare?

Well, let’s delve into a single component of the ACTION plan: operational resilience.

The O in ACTION stands for operational resilience, a key player in disaster recovery.

Having a robust data backup system is essential.

With a reliable backup, you can restore your systems and continue operating even in the face of disaster.

A good backup strategy encompasses not just regular backups, but also off-site or cloud backups that secure your data from localized incidents.

But remember, the operational resilience aspect isn’t limited to backups.

It involves having redundancy in your crucial systems to ensure you’re never left in a lurch.

Additionally, it calls for regular testing and updating of your recovery procedures, ensuring that when the storm hits, you’re not caught unprepared.

When disaster strikes, time is of the essence.

With each passing minute, the costs mount, and recovery becomes more difficult.

That’s why a swift, efficient recovery process powered by technology isn’t just a good-to-have; it’s an absolute necessity.

So, let’s replace Monday morning chaos with confident control.

Equip your organization with a disaster recovery plan, and turn the tide from crisis to calm.

After all, being prepared isn’t just about surviving the storm; it’s about learning to dance in the rain.

How does an Australian non profit organisation know how to stop a cyber event from happening again?

Posted on by

Preventing a cyber event from happening again is a critical step for nonprofit organizations in Australia.

Here are some steps that nonprofits can take to stop a cyber event from happening again:

Conduct a security assessment:

Nonprofits should conduct a security assessment to identify any vulnerabilities in their IT systems and data.

This may involve using security software tools or hiring a cybersecurity expert to perform the assessment.

Review policies and procedures:

Nonprofits should review their policies and procedures related to cybersecurity, data protection, and incident response.

This can help identify areas for improvement and ensure that the organization has appropriate controls in place to prevent future incidents.

Implement security measures:

Nonprofits should implement security measures to prevent cyber events, such as strong passwords, two-factor authentication, and regular software updates.

Nonprofits should also ensure that their systems and software are properly configured and patched.

Provide training and education:

Nonprofits should provide ongoing training and education to staff to ensure they are aware of the latest cyber threats and know how to prevent cyber events.

This may include training on how to recognize and report suspicious activity, as well as how to use security software tools.

Monitor systems:

Nonprofits should monitor their IT systems and data for any unusual activity or anomalies.

This can help identify potential security incidents before they become major problems.

Have an incident response plan in place:

Nonprofits should have an incident response plan in place to respond quickly and effectively in the event of a cyber event.

This plan should include procedures for notifying stakeholders, collecting evidence, and recovering data and systems.

Regularly review and update security measures:

Nonprofits should regularly review and update their security measures to ensure they are up to date and effective against the latest threats.

In summary, nonprofits can stop a cyber event from happening again by conducting a security assessment, reviewing policies and procedures, implementing security measures, providing training and education, monitoring systems, having an incident response plan in place, and regularly reviewing and updating security measures.

The only action is inaction and why companies get hacked

Posted on by

Cybersecurity threats are becoming increasingly common and severe, and the cost of these attacks can be devastating for businesses.

Despite this, many organizations seem to be slow to take action and invest in cybersecurity measures.

This inaction can be attributed to a variety of factors, including a lack of understanding of the risks, limited resources, and competing priorities.

One of the primary reasons for inaction when it comes to cybersecurity is a lack of understanding of the risks involved.

Many boards and C-suite executives may not be fully aware of the potential consequences of a cyberattack or the extent of the vulnerabilities within their organization.

Cybersecurity threats can be complex and constantly evolving, making it difficult for non-technical executives to keep up.

Another factor that contributes to inaction is limited resources.

Many organizations, especially smaller ones, may struggle to allocate the necessary budget and personnel to adequately address cybersecurity concerns.

This is especially true in industries where profit margins are thin, and there is intense pressure to prioritize cost-cutting measures over investing in cybersecurity.

Competing priorities can also be a factor in inaction on cybersecurity. Boards and C-suite executives are often responsible for overseeing multiple departments and initiatives, and it can be challenging to balance all of these competing demands.

Cybersecurity may be viewed as just one of many areas that require attention, and it may not always receive the level of priority it deserves.

In addition, some organizations may feel that they are not a likely target for cyberattacks, or that their current security measures are sufficient.

This complacency can be dangerous, as cybercriminals are constantly looking for new vulnerabilities to exploit. It is essential to remain vigilant and proactive in addressing cybersecurity risks.

In conclusion, inaction on cybersecurity by boards and C-suite executives can be attributed to a variety of factors, including a lack of understanding of the risks, limited resources, competing priorities, and complacency.

It is important for organizations to take a proactive approach to cybersecurity and ensure that it is given the attention and resources it deserves to protect against cyber threats.

Cyber is a risk that cannot be insured unless the insured takes on more risk

Posted on by

Cybersecurity is a hot topic in today’s digital age.

With the increasing reliance on technology and the internet, businesses and individuals are at risk of cyber-attacks and data breaches.

Unfortunately, many people assume that their insurance policies will cover them in case of a cyber incident.

However, the reality is that traditional insurance policies may not provide adequate protection against cyber risks.

The main reason for this is that cyber risks are constantly evolving and new threats are constantly emerging. As a result, insurance companies are often unable to keep up with the latest developments in the field.

Furthermore, many insurance policies have exclusions or limitations when it comes to coverage for cyber incidents.

This means that even if you have insurance, you may not be fully protected against a cyber attack.

So, what can you do to protect yourself against cyber risks?

One option is to purchase a standalone cyber insurance policy.

These policies are specifically designed to provide coverage for cyber incidents and typically include coverage for things like data breaches, cyber extortion, and business interruption.

However, purchasing a standalone cyber insurance policy also means taking on more risk.

Many standalone policies have high deductibles and exclusions, which means that you may still be on the hook for a significant portion of the loss in the event of a cyber incident.

Another option is to take a proactive approach to cybersecurity.

This can include implementing strict security protocols, regularly updating software, and training employees on how to recognize and prevent cyber attacks.

By taking steps to reduce your risk, you may be able to negotiate more favorable terms on your insurance policy.

In short, cyber risks are a reality that cannot be ignored.

While insurance can provide some protection, it is not a silver bullet.

Businesses and individuals need to take a holistic approach to cybersecurity, including both insurance and risk management measures.

And remember, just like a good lock on your front door, being proactive can keep cybercriminals at bay.

Building cyber resilience into a business is essential in today’s increasingly digital world.

Posted on by

With the increasing reliance on technology, businesses are exposed to a wide range of cyber threats, from data breaches and ransomware attacks to phishing scams and network intrusions.

It is therefore important for businesses to have a robust strategy in place to ensure that they are prepared to handle these threats and minimize the impact on their operations.

One of the key elements of building cyber resilience in a business is to ensure that the organization has strong security controls in place.

This includes implementing effective firewall and antivirus software, as well as regularly updating and patching systems to prevent vulnerabilities from being exploited.

It is also important to ensure that all employees have trained on cybersecurity best practices, such as avoiding clicking on suspicious links and using strong passwords.

Another important aspect of building cyber resilience is to have a disaster recovery plan in place.

This plan should outline the steps that the organization will take in the event of a cyber attack, including how to restore systems and data, communicate with employees and customers, and maintain business operations.

It is also essential to regularly test and update this plan to ensure that it is effective and relevant.

One of the key components of a disaster recovery plan is having backup systems and data in place.

This means having copies of important data stored in a secure location, such as in the cloud or on an external hard drive, so that it can be accessed if the primary systems are compromised.

It is also important to ensure that these backup systems are regularly tested to ensure that they are functioning properly and can be accessed as needed.

In addition to having strong security controls and a disaster recovery plan, it is also important for businesses to invest in cyber insurance.

This type of insurance can help cover the costs associated with a cyber attack, including legal fees, data restoration, and business interruption.

It is important to carefully review the terms of a cyber insurance policy to ensure that it meets the needs of the organization.

Another important aspect of building cyber resilience is to have strong incident response protocols in place. This means having a team in place that is trained to handle cyber incidents and can respond quickly to minimize the impact on the organization.

This team should be trained on how to identify and contain an attack, as well as how to communicate with relevant stakeholders, such as employees, customers, and the media.

One of the most effective ways to build cyber resilience into a business is to regularly conduct risk assessments.

This involves identifying potential threats and vulnerabilities, as well as evaluating the potential impact on the organization.

Based on the results of the risk assessment, the organization can then implement measures to mitigate these risks, such as implementing additional security controls or updating disaster recovery plans.

In addition to these measures, it is also important for businesses to be proactive in their efforts to build cyber resilience.

This includes regularly updating and patching systems, conducting employee training on cybersecurity best practices, and staying informed about the latest cyber threats and trends.

By taking a proactive approach, businesses can better protect themselves against cyber attacks and minimize the impact on their operations.

In conclusion, building cyber resilience into a business is essential in today’s digital world.

By implementing strong security controls, having a disaster recovery plan in place, investing in cyber insurance, and regularly conducting risk assessments, businesses can better protect themselves against cyber threats and minimize the impact on their operations.

By being proactive and staying informed about the latest cyber threats, businesses can build a robust defense against these threats and ensure their long-term success.

How to avoid being a target of script kiddies!

Posted on by

There is a huge difference between a cyber attack generated by a script kiddy running an automated system and one where you are being targeted by a dedicated hacker.

For one, if you are targeted by a dedicated hacker then you already know that you have something worth protecting and you have, hopefully, done something about it.

The biggest problems with cyber attacks on the internet are that 95% of them are coming from an automated system controlled or managed by trainees (script kiddies).

Automated systems have three reasons they are used:

  • They are easy to get.
  • They are easy to use.
  • They are easy to make money out of.

They are easy to get!

There are a number of ways for anyone to get hold of an automated system. They can download an operating system that has an automated system running on it. Kali, Parrot OS or Black-arch are all very good examples but there are others.

Designed as penetration testing tools, these systems have all of the requirements that they need to target organisations, multinationals, or anyone connected to the digital world.

Before you ask, yes it is all legal and above board as long as you are not targeting someone else.

To make these systems more effective they allow them to either download additional components from GitHub or design and program your own applications.

They are easy to use!

The old saying that whenever anything is free you are the product rings true with these systems as well. The creators of these systems keep track of people using them and incorporate any updates into their own releases.

To set up one of these systems all you need is a computer. Once you have administrator access to a computer you can download a virtual environment (VMware if you have some money or Virtual Box for free) and you can then install these operating systems as a virtual operating system.

You can even run the operating system on a microcomputer (Raspberry Pi) for under $100.

Once set up you now have access to the tools and capabilities that, if used correctly, can rival someone who has been in the industry for years. Almost like a novice woodworker creating a dovetail joint on their first try without knowledge of what to do.

No training, just using other people’s knowledge.

In addition, and a bigger issue, what they do not know can be learned or discovered by simply searching google.

The capability and effectiveness of these systems allow them to set up the automated attack and target a huge number of vulnerable systems based on blocks of internet-based addresses.

Simply they can find out if there is a targetable vulnerability just by using facets of the automated systems.

They are easy to make money out of!

These free operating systems have the capability of making money.

To make serious money, though, you need to work with partners. Working with partners can be both beneficial as well as detrimental to their own security.

When it comes to making money it is either through selling information on the dark web, selling cryptovirus decryption keys to vulnerable people or selling access to compromised systems to leverage other attacks.

How to avoid being a target of script kiddies.

To avoid being a victim you need to implement some protective strategies.

You need to apply the CareMIT business security methodology to the organisation but to start at the basics this is what you need to do:

  • Patch and update everything – operating systems, application and to really be secure remove anything that you do not use from the system. This is applied to computers, websites, servers, and smart devices.
  • Disable macros – do not allow macros to run on the computers
  • Use complex, unique and more than 12 characters for every site, service or system in the digital world
  • Use 2 factor or multi-factor authentication. If you manage websites or other cloud-based services make sure the third level of security is in place – captcha
  • Only allow good applications to run on the system. This is called application whitelisting and only approved applications are allowed to run. There are some anti-virus systems that allow you to do this.
  • The last one is critical to your sanity – DO A BACKUP. All the bad guys have to do is win once. A backup ensures that if and when they win they have not really won.

At the basic level, the users of these automated systems are just as vulnerable as the people that they are targeting. A severe case of “user beware”, because if you do not configure the system correctly you are just as vulnerable as your targets.

At the most fundamental level, we all know that most people between 13 and 30 have a limited ethical attitude and good and bad is debatable.

That’s why we have the proliferation of these systems.

Secure your business!

Get proactive!

Do the scorecard!

Read your report!

Linkto scorecard https://caremit.scoreapp.com

#ceo #ExecutivesAndManagement #ProfessionalWomen #CareMIT #cybersecurity #infosec

Why 2022 could be a bad cybersecurity year for SME’s

Posted on by

SME’s are a prime target for cybercrime.

They have reduced expertise, minimal money, and an attitude, we are too small to be a target, that leaves them wide open to a cyber event.

Our industry, the people who know and think we understand the bad guys have been pushing for an attitude change for the last 10 years. In a large number of ways, we have failed, especially in the SME space.

In some, we have failed significantly.

By the time we get called in, after a cyber event, it is way too late.

To late to recover, too late to respond and definitely too late, in a number of organisations, to get back to business as normal.

Most SMEs, after a cyber event and especially after a ransomware attack, have but 3 choices,

  • pay the ransom,
  • recover from backup and hope you have a decent backup (a decent, tested backup is vital, no matter the situation)
  • or go out of business.

Here are 3 cybersecurity strategies that every SME should implement to be more secure and avoid that devastating cyber event.

Training users

Increased awareness of business security in a workplace is vital in today’s business world.

Not many businesses know where to go to get that training.

Training needs to be done as an ongoing process.

Once or twice a year is inadequate. But training and education has to be easy, bite-size pieces, easily digested, easily implemented and easily followed.

In addition to ongoing training, you also need to incorporate business security into your onboarding process to instill the required cultural elements into new people on staff.

Want some free cybersecurity training, here is something that will definitely help
https://wizer-training.com/partner/caremit

Risk management and gap analysis

SME’s have a limited understanding of the new risks delivered to the business via our digital components.

The game has changed significantly in the last 10 years and we, as small and medium businesses, are constantly playing catch-up.

We are significantly hampered and handicapped by the impact and scale of our digital usage.

It is everywhere, used in every component and used all of the time.

To understand the risks without understanding the systems you need some help.

Here is some help for you.
Https://CareMIT.scoreapp.com

With the report, you can now implement a gap analysis and work out what you need to do to increase security around your organisation.

The report also ties in well with:

Implemented a framework

If you are looking for a better way to manage security within your Organisation, you need to look no further than a framework.

A framework is a documented system that allows an organisation to follow the bouncing ball and tighten up the security in a regimented way.

The more the components of the framework are implemented the more secure and mature the organisation.

Frameworks are easy to follow and implement and the one I recommend is the National Institute of Standards and Technology (NIST) cybersecurity framework.
https://www.nist.gov/cyberframework

Answer the 98 questions, honestly, and you now have a road map to implement cybersecurity in a significant way.

The NIST cybersecurity framework also gives you a number.

Between 0 – 4, it can be used as a comparison between businesses, supply chain components, and government departments so you can do business with like-minded organisations.

What can SME’s do?

It is not too late to implement any of these strategies. The bad guys are getting more and more clever, so time is running out.

They are targeting everyone who is connected to the digital world, the internet, with more sophisticated systems, a number of them are now fully automated.

Some of those automated systems have minimal human involvement after the initial set up.

From initial social engineering attack, all the way through to payment of ransom everything is automated and driven by machine learning.

Every SME should be implementing a training and education process, doing a risk and gap analysis and implementing a cybersecurity and business security framework.

With that everything else will follow.

The business will be more stable, the culture of the organisation will change and getting back to business as normal after an attack can be significantly easier.

The impact of a cyber event for an organisation implementing these 3 components or not is significant.

If you haven’t implemented these 3 strategies in the last 12 months, 2 years or 5 years then 2020 is going to be a bad year.

But it’s not too late.

Why you need an off-site backup

Posted on by

Off-site, secure, out of band backups are your only hope for recovery in a cyber event

Ransomware, the scourge of today’s business, is literally a click away from crippling your business and organisation.

Attackers can reportedly execute the malware and begin encrypting most file types and removing all local backups. It is still unclear how much the demanded ransom is, but researchers have found that TFlower doesn’t append the encrypted files’ extensions.” Connor Madsen webroot. https://www.webroot.com/blog/2019/09/20/cyber-news-rundown-tflower-ransomware-exploiting-rdp

A determined crypto-virus attack on your organisation can reduce the organisations chance to make money, it can impact your reputation and can cause problems for months if not years.

Even an accidental infection, most result from an accident, can cause similar effects.

In the event of a crypto-virus attack, especially for small and medium enterprises, you have 2 options.

  • You pay the ransom – you may get your data back, you may get some of it back or you may get none of it back, we are after all talking about a criminal organisation that is holding your data to ransom.
  • You recover from your backup.

Paying the ransom is up to you, most security and ICT companies will say not to pay.

If you have a security or ICT company, or someone in your organisation that does the job they would have told you to do a backup.

Your back up has to cover the following:

  • It should be regular – depending on your requirements for the data and access to the data a back up should be completed every 24 hours.   A better solution is to have an incremental backup every 15 minutes.
  • It should have no human intervention – the backup has to run no matter what.  If you are backing up to a hard drive, connected to your device and you require someone to change drives then human error comes into it.   The old adage that the backup will fail the same day you need it is true.
  • It should be off-site – As in totally away from the business but also not connected to the business except when it is doing a backup.
  • It should be secure – all the data, no matter where it is stored should have encryption wrapped around it.   It should be encrypted at rest (stored on the location), it should be encrypted in transport (getting there and back) and it should be encrypted if you are going to use it.  This stops the information being stolen but also being accidentally accessed by the provider.
  • It should be tested regularly – you have done a backup and that’s all I have to do.   No, you need to test it regularly.   Do a regular restore to test that it works and also to ensure that you are backing up ALL of your essential data.   You do not want to be in a situation where a failure is your first test.

Achieving all of these components is difficult.   Try talking to us or a reputable ICT and security provider concerning your options!

Click here for your free trial of a secure, out of band off-site backup solution.