Cyber Security News & Current Events

A Primer on Single Sign-on

Posted by Jeff on 28/05/20 9:59 AM

Traditional authentication schemes see users needing to create, and remember, separate login details for each service or system they use. With the average organisation using over 1000 distinct cloud services, the burdening of users to remember countless different passwords raises the security risk through password re-use, or the increasing use of less complex passwords as users become fatigued with their overwhelming number of credentials. Further, these credentials are most often stored in an abstracted, remote datastore that is unique to each application or service; there must be an implicit trust that the service is correctly and securely storing these passwords, and that any compromise is disclosed quickly enough to act.

Read More

Topics: Fundamentals, Authentication

There is no Magic Bullet for your Cyber Security Risks

Posted by Eddie on 31/05/19 11:30 AM

It seems that every other week, someone is touting a new solution to cyber security. They tell you that all we need to do is install our boldly coloured box which leverages algorithms and machine learning. The best part is that YOU don’t have to do any hard work at all! Once it’s installed, you will be secure!

Read More

Topics: Fundamentals, Risk Assessment, risk profile

Why Cyber Insurance Cannot Replace a Mature Security Posture

Posted by Nat on 11/04/19 4:30 PM

Although cybersecurity insurance can appear attractive, it is important that businesses understand it cannot feasibly serve as a replacement for threat mitigation. The majority of cyber threats are avoided by reaching a baseline standard of security maturity. The investment required to achieve this baseline is generally less than a few years of premiums and the deductible for just one incident.

Read More

Topics: Governance, Fundamentals, Risk Assessment, risk profile

Intro to Injection Vulnerabilities and the OWASP Top 10

Posted by Kristian on 9/04/19 7:15 AM

Injection vulnerabilities are the most common result of mixing user input with system control. An injection vulnerability can have catastrophic results for a system, potentially leading to a full database dump, and laying the groundwork for a remote shell. In layman's terms, this means an attacker controls the entire system and has access to all data.

Read More

Topics: Fundamentals, Pentesting, Authentication, Compromise

Security Fundamentals - Part 3: Controlling Admin Privileges

Posted by Tim on 14/12/18 12:22 PM

In Part 2, the importance of a well-maintained and well-structured hardware and software inventory and the benefits of vulnerability management was explained. The next step in the process of getting on top of security basics is gaining control of the environment. This step should be easier and more efficient if the earlier steps of creating a comprehensive inventory were completed.

Read More

Topics: Insider, Fundamentals, Authentication

A Security Conscious Cohort - Part 1: Defining a New Norm

Posted by Nat on 13/12/18 12:41 PM

As high-profile breaches produce increasing public attention, effective information security is more important than ever. Cyber incidents have a potential impact comparable to natural disasters. It is increasingly insufficient for organisations to achieve the bare minimum required for regulatory compliance – real protection is necessary.

Read More

Topics: Fundamentals

Management Buy-In - Part 1: Why You Need It

Posted by Nigel on 10/12/18 11:02 AM

Every information security framework and “best practice” guide to cyber security states that you need “management buy-in”, but why is it important and what does it look like?

Read More

Topics: Governance, Fundamentals

Security Fundamentals - Part 2: Managing Hardware and Software Assets

Posted by Tim on 26/11/18 3:54 PM


In part 1, the importance of knowing your system was discussed, in this article, the importance of properly managing and auditing these assets will be discussed. Proper management of ICT assets from an information security perspective involves knowing what properties of the assets are expected, being able to respond to new vulnerabilities quickly and knowing when unauthorised assets are present on your network.

Read More

Topics: Fundamentals

Bits of Entropy - The Importance of Complex Passwords

Posted by Kristian on 22/11/18 11:42 AM

Passwords are obviously required to keep your online accounts and data safe, but how strong is your password? The idea of a strong password can be hard to quantify and most places require your passwords to meet some requirements. It's common to see "Your password must contain characters from three of the following categories" to be able to set your password. These requirements are in place to raise the entropy of a password and make it much harder for an attacker to guess your password.


Read More

Topics: Fundamentals, Authentication

Security Fundamentals - Part 1: Do this before buying the next security product

Posted by Tim on 24/11/16 8:50 AM

A common theme amongst many engagements and discussions are “we are having issues maintaining control over our environment what products can solve this problem for us”. Questions like this are tackling the problem by jumping to a solution without identifying the cause and they can usually be addressed without buying a new security product.

Read More

Topics: Fundamentals

Finally, an actionable blog

The purpose of this blog is to make available the real-world lessons, experience, observations and mistakes that are part of the daily life of a group of cyber security professionals.

Read about:

  • What mistakes organisations are making (anonymously of course!)
  • What effective actions are available to quickly and economically achieve effective protection (without buying new kit)
  • Trends we're seeing, via our incident response and forensic investigation capabilities
  • And sometimes, just frustrations about what is wrong with cyber :|


Recent Posts