Blog.

Patch management exists for a fairly simple reason: when software of a new operating system is released, there are hackers out there looking for holes and vulnerabilities that will let them in.

As more employees bring their personal mobiles and laptops to work, and connect these devices to the corporate network, endpoint security is becoming more common as an IT security function.

Given the increase in cyber security attacks, organisations without a Security Manager will find it is the CIO who holds the key to building a company’s resilience against future threats.

IT business leaders in Australia are responsible for ensuring success across a wide project and BAU landscape.

Globally, cyber security budgets are predicted to rise and are estimated to be more than $6 trillion annually by 2021. These figures are based on:

Cyber security is expensive and highly specialised. Consequentially, it is sometimes simply more cost effective for small-to-medium and mid-tier sized organisations to outsource this responsibility in either full or partial components. Standard criteria to mark against any cyber security vendor should be assessed by:

Globally, cyber security budgets are predicted to rise and are estimated to be more than $6 trillion annually by 2021. These figures have been driven largely by:

• Recent year-on-year growth in hostile nation-state sponsored activity,
• Organised crime and cyber hacking, and
• Malicious and non-malicious employee security breaches.

The type of damage resulting from this type of development includes theft of corporate, financial and personal data, intellectual property theft, destruction of data, stolen money and embezzlement, and lost productivity.

The resulting impact to businesses include compromised of systems and data, disruption of critical business services, extensive and costly forensic investigations, shareholder pricing drops, and reputational damage.

This month saw the enforcement of the Notifiable Data Breach Scheme that has increased professional cyber security responsibilities for business leaders and the C-Suite across the nation.

By now, you've heard about the processor vulnerabilities affecting almost every processor in common use today; those vulnerabilities are called Meltdown and Spectre:

What is the threat?

As a summary, the issues are located at the kernel level of the chips and can lead to leaking running memory outside the current process. Both would enable a hacker to access confidential information such as secret passwords, personal information or photos from desktops, laptops, cloud servers or smartphones.

Contrary to some initial reporting, this is not

Benjamin Franklin once said, ‘an ounce of prevention is worth a pound of cure’. Today this can be aptly applied to the value proposition of protecting our important information. 

Unfortunately, recent history shows that data breaches are a fact of life for many organisations – no-one knows who is going to be breached, or when.

That said, proven incident handling responses and breach impact minimisation through solid operations security has a significant return on investment when compared to the potential financial impact and brand damage of a breach.

The Notifiable

In cyber-security circles, this question often pops into discussions around Penetration Testing, ethical hacking or ‘Offensive Security’.

Penetration testing is a great validation mechanism that provides assurance that security controls are:

a) actually as effective as you think they are; and

b) at least as effective as when they were originally implemented. 

A ‘clean’ Penetration Test report demonstrates that the money and resources invested in security are delivering value to the company and are also invaluable during compliance and regulatory audits.

All security controls

Earlier this month, Senior Offensive Security Consultant Topaz was able to enjoy the results of a plan years in the making. That plan was to create Australia’s first lock picking and physical security conference. 

Following countless hours developing and coordinating in his spare time, the conference arrived this month in the form of OzLockCon 2017.

The goal for OzLockCon: to provide a forum for hackers and lock pickers to test their skills and push the limits of the latest physical security systems. Critically, Topaz saw this as an opportunity to bring