I am in the middle of another IT and Cyber Security audit for an organisation and as part of that report I have been asked to look at their SharePoint configuration. IT was set up in rush during the first lockdown and the board and CEO are not sure about …
Real Incident Response
What is your incident response plan if a hurricane is going to cross where you live and/or work? Johannes Ullrich who writes for SANS has written about his preparations. I am not going to say much about them – they are a description of a technical response to a serious …
Ransomware will always be changing – so does your response
As cyber security professionals come to understand the current ransomware threat and vendors and MSPs provide services and training to deal with the threat – the threat actors will always change their tactics. Here is one of the latest – using torrents to extract data from compromised systems: Clop ransomware …
Continue reading “Ransomware will always be changing – so does your response”
Defence-in-Depth – The Next Step
Yesterday I wrote the opening chapter of this defence-in-depth article – I looked at how anti-virus protection can be side-stepped by threat actors and that staff cyber awareness training is needed to provide another layer to your defences. That was a human addition to your defence-in-depth and today we are …
How does the malware get in?
I am often asked this question by clients and particularly prospective clients, who think they do not need our cyber security awareness training or any of the tools in our security stack. The answer to the question is not easy, in a Word or OneNote file, through a link to …
