The shipping and energy infrastructure around us can be pretty inspiring. It reflects years of labor by our men and women, the scale of our economy, the power of our ingenuity. If you sit for a while and watch the ships coming in and out of harbor, you feel connected to history and the wider world. Yet cargo is not the only thing that’s moving.Read more »
"Reduce your attack surface..."
"Minimize the blast radius..."
Marketers use these doomsday metaphors to scare seasoned security pro's from day-to-day paranoia into action!Read more »
It’s been a busy May in the cyberworld. Israel’s military strike on Hamas hackers in Gaza was the biggest news, but the Department of Defense’s Report on China Military Power and a Department of Energy finding that the grid may have suffered a DDoS deserve mention too.Read more »
This article was originally published on securitybrief.com.au.
Even if you’re not in the financial services industry (FSI), you’ve probably already heard of CPS 234 – the new standard for data protection set forth by the Australian Prudential Regulation Authority (APRA). The overarching goal of CPS 234 is to improve the cyber resilience of APRA-regulated organisations who face threats like payment and card fraud, attacks on critical infrastructure, mobile app vulnerabilities, and the like – in fact, according to NTT, 26% of global cyberattacks target the financial services industry and, interestingly enough, Australia is the source country for 66% of attacks in the finance sector across the entire Asia-Pacific region.Read more »
We’ve talked about how to prepare your organization to start ringfencing crown jewel applications – the people and process legs of the stool to address critical risks in securing your applications.
But why is segmentation important in the first place? If there is no specific compliance obligation, vulnerability issue, or failed PEN test, why should your business spend money on controls to ringfence its applications against the spread of breach? What exactly is the inaction tax for an organization with "status quo security"?Read more »