Publications
Publications from our people with our own opinions. Have insight into the cybersecurity world and with it, our thoughts on it.
Scattered Spider: The Emerging Threat in Cybersecurity
The article explores the rise of Scattered Spider, a cybercriminal group using advanced techniques like SIM-swapping and MFA bypass to target cloud services. Their activities pose significant threats, highlighting the need for enhanced cybersecurity measures and collaboration between law enforcement and cybersecurity firms to counter their tactics.
Published: 23 May 2024
Tips to Harness AI to Bolster Organisational Defences
The article offers tips on using AI to improve organizational defences against cyber threats. It discusses the significance of advanced threat detection using AI, creating user behaviour profiles for security, automating incident response, continuous learning for digital trust professionals, and sharing threat intelligence. By implementing these strategies, organizations can enhance their cybersecurity measures to combat evolving cyber threats more effectively.
Published: 20 December 2023
Three steps to optimal cybersecurity
The article outlines three steps to better cybersecurity: 1) Continuously improving and fostering awareness about cybersecurity; 2) Developing and frequently updating a plan to respond to cyber incidents; 3) Creating a strong recovery strategy to reduce damage from attacks. It highlights the need for a balance between preventing attacks and being ready to handle them when they occur.
Published: 1 November 2023
The Role of Deepfake Technology in the Landscape of Misinformation and Cybersecurity Threats
The article on ISACA's blog discusses the cybersecurity challenges posed by deepfake technology. Deepfakes, which manipulate audio and video using AI, are a growing threat in misinformation and cybersecurity, with potential uses ranging from phishing scams to undermining biometric security measures. The article suggests a multifaceted approach to combat these threats, including the development of detection algorithms, revising security protocols, and legal measures to regulate the creation and distribution of deepfakes. It emphasizes the importance of staying informed and prepared against these evolving cyber threats.
Published: 9 August 2023
Six steps to securing your supply chain
The article outlines six essential steps for securing supply chains against cyber threats. It emphasizes the importance of understanding and managing the data handled by suppliers, setting clear security expectations, minimizing damage from potential breaches, conducting thorough security assessments, continuously testing supply chain security, and making cybersecurity a priority for all employees. These measures aim to safeguard against the increasing sophistication of cyberattacks and ensure robust supply chain resilience.
Published: 21 March 2022
Fish tanks, thermostats and third-party breaches – Why securing your supply chain should be a top priority
The article discusses the heightened risks of cyber attacks through supply chain vulnerabilities, especially with increased reliance on suppliers in today’s hyperconnected world. Highlighting high-profile breaches like SolarWinds and Kaseya, it showcases the sophistication of supply chain attacks and their broad impact. The convergence of IT, IoT, and OT environments poses new security challenges, exemplified by a casino hack via a fish-tank thermometer. The piece emphasizes the need for an integrated approach to supply chain security within overall risk management strategies.
Published: 14 February 2022
How to Stay One Step Ahead of Ransomware in 2022
The article provides six tips for businesses to stay ahead of ransomware threats in 2022. It emphasizes the importance of protecting backups, reducing the attack surface through network segmentation and privileged access management, maintaining good security hygiene, fostering a cybersecurity-aware culture, managing third-party risks, and having a solid incident response plan. These strategies aim to improve a company’s cybersecurity posture and readiness against ransomware, highlighting a holistic approach that involves people, technology, and processes.
Published: 13 December 2021
The Evolving Threat of Ransomware
The article details the surge in ransomware attacks during the COVID-19 pandemic, underscoring the significant threat they pose to businesses, especially with the shift to remote work. It emphasizes the complexity and financial impact of these attacks, noting that most are linked to organized crime with a primary motive of financial gain. The piece suggests a multi-layered cybersecurity approach as essential for protection, highlighting the importance of understanding critical business assets, educating end users, and being able to respond swiftly to threats.
Published: 25 November 2021
The Pegasus project: key takeaways for the corporate world
The Pegasus Project reveals the risk of smartphone surveillance, stressing the need for businesses to protect sensitive data. With threats like Sour Mint showing the limits of Mobile Device Management (MDM) tools, the article advocates for Mobile Threat Defense (MTD) solutions for better security against sophisticated cyber threats. It calls for a shift towards stronger protective measures to combat these evolving risks.
Published: 9 September 2021
Four cyber security trends to watch
The article outlines four cybersecurity trends for organizations to watch: the expansion of cyber attack surfaces due to rapid technology adoption; the increase in sophisticated cyber-attacks; the financial and reputational impact of data breaches, and the need to focus on detection and response over prevention. It emphasizes the importance of adopting a proactive and risk-based cybersecurity strategy, moving from reactive to predictive measures.
Published: 6 September 2021
Baselining Cybersecurity Skills for All IT Professionals
The article emphasizes the need for IT professionals to have baseline cybersecurity skills, highlighting the importance of integrating cybersecurity practices into daily work to mitigate risks and address the skills gap. It suggests mastering key concepts and controls, using ISACA’s ITCA credential as a pathway for both new and experienced professionals to update their skills in line with current trends.
Published: 17 February 2021
Will Low-Earth Orbit Satellites Fly Under the Privacy Radar?
The article examines the privacy and security concerns surrounding the deployment of low-earth orbit (LEO) satellites for global internet coverage. As this technology advances, it prompts questions about user tracking, the applicability of privacy laws in space, and the vulnerability of satellites to hacking. It highlights the need for clear regulations and secure manufacturing practices to protect against cyber threats. The future of satellite internet will require transparency from providers and a framework to ensure privacy and security are maintained in space as they are on Earth.
Published: 4 January 2021
Securing the IoT Landscape of Tomorrow
The article discusses preparing for the Internet of Things (IoT) by emphasizing governance, testing use cases, and prioritizing cybersecurity. It advises careful planning before investing in technology and highlights the importance of Firmware over the Air (FOTA) updates for device support. The piece also mentions the need for a security framework and supply chain scrutiny to ensure IoT deployments are secure and future-proof.
Published: 13 November 2020
SMEs are most at risk of email account compromise: Three ways to protect your business
During the COVID-19 pandemic, cyber attacks on Australian businesses have increased, with a focus on email account compromise (EAC). This involves cybercriminals exploiting email security weaknesses to impersonate employees and redirect payments. The article suggests measures like multi-factor authentication, security awareness training, and email fraud defense solutions to mitigate risks. It also emphasizes the importance of businesses ensuring their IT service providers implement adequate security controls.
Published: 16 October 2020
Protecting citizens' privacy in smart cities
The article discusses privacy protection in smart cities using video analytics. It advises local governments to use methods that anonymize individuals in video data, such as blurring faces or using low-quality videos, to safeguard privacy. It stresses choosing vendors carefully, incorporating privacy from the design phase, employing strong encryption and access controls, and conducting privacy assessments to ensure technology benefits city operations without compromising citizen privacy.
Published: 10 August 2020
Preserving Privacy in Video Analytics Solutions in Smarter Cities
The ISACA article discusses ways to keep people’s privacy safe while using video analytics in smart cities. It suggests using techniques to make it hard to identify individuals from video footage, like blurring faces or using low-quality videos. It also highlights the importance of adding strong privacy measures, like encryption, from the start and conducting privacy checks to make sure data use follows rules and respects privacy.
Published: 2 July 2020