How to prepare for and survive a virus epidemic: no crying for WannaCry and Petya. Prepare. Relax. Laugh.
Physical object security and cybersecurity defense have many similarities, such as: Defense in depth Intelligent adversaries The need for awareness Structure of response activities There is one thing, however, that is taught to everyone responsible for providing physical security: you main focus is to protect the "vital objects". These things can be a power substation, … Continue reading What is your “vital object” when planning security measures?
Supply chain risk – in cyberspace Cyber supply chain risk is a difficult area to manage. According to NIST 80% of all breaches originate in the supply chain, meaning it should be a definite priority of any security conscious organization to try and manage that risk. That number was given in a presentation by Jon … Continue reading Handling suppliers with low security awareness
Earlier this year it was reported that half of the web is now served over SSL (Wired.com). Still, quite a number of sites are trying to keep things in http, and to serve secure content in embedded parts of the site. There are two approaches to this: A form embedded in an iframe served over … Continue reading Why “secure iframes” on http sites are bad for security
Without trust in business there would be no growth. When someone grants you credit, they trust you will honor your duty to pay. When you fork over money for a product you trust that the product is what marketing says it is, or at least fairly close to that. If this trust was not in … Continue reading Trust in business is trust in the security of those you do business with
Active sales processes are supported by thought-out processes, continuous improvement, A/B-testing, communication in multiple channels - and logging results in databases to analyze performance. The field is typically referred to as customer relationship management, and the cloud king of the field is Salesforce.com. Some criminals aren't very sophisticated and they still manage to earn money … Continue reading Social engineering and relationship management
Cyber attacks tend to penetrate the attack surface using one of just a few initial attack vectors: Phishing e-mails (80%) Abuse of trust relationships Web application session hijacking Sometimes the easiest way into a large and well protected organization is through compromising a trusted third-party, such as a key supplier with less secure practices. If … Continue reading Why high-reliability organizations evaluate the threat potential of suppliers