The Wednesday Bit is still on holiday! A couple of weeks back, whilst walking in Scotland, I got involved with a prospective client in a discussion about the benefits of our cyber security stack and in particular our Security Operations Centre. The discussion was not about “how much” but what …
Keep control of your information
I have implemented information control for one-person organisations – because even a small organisation will have some need to share information with other people and organisations. It is an essential step in any IT and Cyber Security Audit to examine who, has access to what information and what steps are …
Credentials are King
Threat actors are always looking for good sources of valid (stolen) email and password combinations – and there are many hundreds of millions available to them. 361 million stolen accounts leaked on Telegram added to HIBP (bleepingcomputer.com) Once they have these credentials, the threat actors will be trying them out …
The Principle of Least Privilege and Authentication, Authorisation and Accountability – A Primer
Authentication, Authorisation and Accountability (AAA) and The Principle of Least Privilege (PoLP) come together in this primer to give you a basic understanding of the importance of knowing who is accessing your information and how much they can access. Another important idea covered here is what happens when something goes …
“View Document”
Sometimes a cyber-attack is something as easy as adding a button saying “view document” when whale phishing senior people in an organisation. Ongoing Microsoft Azure account hijacking campaign targets executives (bleepingcomputer.com) Your takeaway When was the last time you audited the credentials and associated authorisations of those credentials? If you …
