Cybersecurity Starts in the Boardroom
The Principle of Least Privilege (PoLP) is a fundamental concept in cybersecurity. It ensures that users are granted only the minimum necessary access rights required to perform their job functions. This principle is one I always enforce in cyber security as it is a powerful way of defending the most …
Continue reading “Why the “Principle of Least Privilege” works and something for free…”
There are hundreds of reasons organisations, lobbyists and some politicians will quote for not reporting a cyber-security breach – most will have to do with money. The one reason the rest of us should be in favour of reporting rules is that it is our data that these organisations have …
Continue reading “Cyber-breach reporting rules are a good thing for all of us”
New Zealand-based infosec firm Emsisoft, has issued a report on ransomware in the US during 2023, in which they are suggesting a ban on paying ransoms and the subsequent loss of revenue by the gangs would reduce ransomware attacks. The State of Ransomware in the U.S.: Report and Statistics 2023 …
I have written about three of the ways ransomware hackers can extort you in my Ransomware Primer Mini-Series: Now the ALPHV/BlackCat ransomware gang has come up with yet another method to get organisations to pay their ransoms. In the US there is a legal obligation for publicly traded companies to …
Continue reading “Yet another way for ransomware gangs to extort you”
You should not rely on the technique in this article as your “ransomware recovery plan”: Researchers Quietly Cracked Zeppelin Ransomware Keys – Krebs on Security If you read the article, you can see that breaking the ransomware encryption is not easy or guaranteed. Neither should you plan on paying up: …
