Whitepapers – Sense of Security Thu, 05 Mar 2020 00:23:21 +0000 en-US hourly 1 https://wordpress.org/?v=5.3.2 Cyber Security for Smart Grids /cyber-security-for-smart-grids/ /cyber-security-for-smart-grids/#respond Thu, 05 Mar 2020 00:22:27 +0000 /?p=6950 While the Microsoft ecosystem has enjoyed dramatic improvements in security and the latest Windows 10 is orders of magnitude more secure than previous generations of the workstation platform, we make the case for advanced security testing to ensure you avoid calamity.

The post Cyber Security for Smart Grids appeared first on Sense of Security.

]]>

Cyber Security for Smart Grid

Integrated IT and OT systems like Smart Grids are becoming more popular because of their self-management abilities, ensuring continuous availability of power. The ease of operation is pulling more energy and utility companies to invest in these systems.

But along with the benefits, critical systems are becoming a prime target for cyber attackers to inflict serious damage and disruption.

Cybersecurity is all the more critical while implementing such systems compared to the traditional electrical grid.

Download the full whitepaper to understand the emerging cyber-attack  scenarios in relation to the smart grid, its vulnerabilities and standards for cybersecurity assessment.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Cyber Security for Smart Grids appeared first on Sense of Security.

]]>
/cyber-security-for-smart-grids/feed/ 0
Security Awareness Training Program for Whole-of-Business /security-awareness-training-program-for-whole-of-business/ /security-awareness-training-program-for-whole-of-business/#respond Wed, 11 Dec 2019 05:53:14 +0000 /?p=6750 Careless or uninformed staff are the second most likely cause of a serious security breach, second only to malware. Security awareness training is the first step to solving this problem.

The post Security Awareness Training Program for Whole-of-Business appeared first on Sense of Security.

]]>

Careless or uninformed staff are the second most likely cause of a serious security breach, second only to malware.

The current security threat landscape is rapidly changing. The threats you faced yesterday will not be the threats you face tomorrow. Today’s attackers are typically highly trained, financially motivated and possibly in the employ of nation states.

A whole-of-business approach to security awareness training is needed encompassing everyone.

Attackers are systematically adapting techniques to target the weakest elements in your business. Their attacks are wide and also targeted, with motivated attackers carefully perfecting their craft to get handsome returns on their investment in time.

People remain the weak link in the security of networks, applications and data. It is not only the rank-and-file employees who succumb to phishing scams who pose risks. Most businesses believe that the shiny new technologies they’ve acquired will protect them from everything while producing the reporting they need to comply with standards and regulations. However, human points of interaction have the potential to undermine even the most comprehensively designed systems through a simple mouse click.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Security Awareness Training Program for Whole-of-Business appeared first on Sense of Security.

]]>
/security-awareness-training-program-for-whole-of-business/feed/ 0
Achieving cyber resilience by reducing your susceptibility to attack /achieving-cyber-resilience/ /achieving-cyber-resilience/#respond Tue, 08 Oct 2019 11:27:03 +0000 /?p=6092 The reason why a DDoS mitigation 
effectiveness test needs to be part of 
your vulnerability management program.

The post Achieving cyber resilience by reducing your susceptibility to attack appeared first on Sense of Security.

]]>

The reason why a DDoS mitigation 
effectiveness test needs to be part of 
your vulnerability management program.

A denial-of-service attack has the objective of preventing legitimate users from accessing specific computer systems and services.

Denial-of-service (DoS) attacks typically flood servers, systems or networks with traffic in order to overwhelm the victim’s resources and make it difficult or impossible for legitimate users to access them.

These attacks can also be more targeted and may not require large volumes of traffic if a specific component is more susceptible to outage through a crafted attack.
A distributed denial-of-service (DDoS) attack occurs at scale and generally is operated through a network of compromised computers on the internet, all controlled and orchestrated by an attacker.

What does DDoS look like today 
and in what direction is it hitting?

Today, more than ever, organisations are susceptible to outages that are caused through attacks launched at denying their ability to operate their business and service their clients.

Mitigation technologies have achieved greater penetration in the market and the cost of mitigation has come down. This is common with large scale cloud offerings and Content Delivery Networks (CDN’s) now being very accessible. However, organisations remain exposed.

Resilience testing has been part of most other industries for yonks. Read the reast of our whitepaper to get a better understanding of how IT and Cyber resilience testing should be a key part of your Vulnerability Management program.
level that enables manufacturers to improve their
products and processes going forward.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Achieving cyber resilience by reducing your susceptibility to attack appeared first on Sense of Security.

]]>
/achieving-cyber-resilience/feed/ 0
The case for supply chain risk assessments /the-case-for-supply-chain-risk-assessments/ /the-case-for-supply-chain-risk-assessments/#respond Sun, 06 Oct 2019 04:37:38 +0000 /?p=6077 Are you thinking about the extent to which you are integrated in various supply chains. Learn how you can identify and assess your exposure and resilience to these forms of attack.

The post The case for supply chain risk assessments appeared first on Sense of Security.

]]>

A business primer

Risk Management has been a constant in information security standards, regulations and corporate policies essentially forever. It is a staple.

Companies, organisations and governments all require risk assessments to be conducted. And more specifically, a well-functioning board needs appropriate and complete information about the risk posture around the operations of a business in order to make informed decisions about the future direction.

The scope of assessments and the depth to which reviews are conducted are what differentiates the better managed businesses from the pack. The reason for this is because narrow risk assessments, while possibly meeting the objective of undertaking such reviews, do not really help an organisation understand the full extent to which they are exposed, and this therefore limits their capacity to react, control and mitigate.

One of the areas we find most lacking in coverage, yet ironically becoming more prevalent around risk and exposure, is supply chain risk.

Understanding Supply Chain Risks adds a totally new dimension to your assessment. These are no longer first order threats. They are likely to be second and third order threats, and in highly integrated and complex environments, the existence of nested supply chains means that you may never know all the parties associated with the product or service you are acquiring. While you may not be able to identify and protect against all supply chain risks, it does not mean that you can blindly ignore this vector due to the complexity of the subject. On the contrary, ignoring supply chain risks today would be negligent, and boards should be insisting that information be presented to them around these risks for consideration.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post The case for supply chain risk assessments appeared first on Sense of Security.

]]>
/the-case-for-supply-chain-risk-assessments/feed/ 0
Saving your Windows 10 rollout from calamity /saving-your-windows-10-rollout-from-calamity/ /saving-your-windows-10-rollout-from-calamity/#respond Sun, 06 Oct 2019 04:11:54 +0000 /?p=6072 While the Microsoft ecosystem has enjoyed dramatic improvements in security and the latest Windows 10 is orders of magnitude more secure than previous generations of the workstation platform, we make the case for advanced security testing to ensure you avoid calamity.

The post Saving your Windows 10 rollout from calamity appeared first on Sense of Security.

]]>

Saving your Windows 10 rollout from calamity

The case for advanced 
security testing

In terms of Enterprise Computing for laptops and desktops (we will collectively refer to these as workstations), Microsoft Windows 10 is the go-to-choice for large scale Operating System (OS) deployments. Workstations are often targeted by an adversary through a range of techniques including luring users to malicious web pages and phishing users through email borne attacks with malicious attachments. Given today’s mobile workforce, laptops are also increasingly lost or stolen by attackers trying to access sensitive data stored on them.

Securing your workstation fleet is therefore an imperative. Testing the security controls is even more important because there is no use of going to the effort of defining and configuring the security profile if you do not know the controls will actually work!

Large scale rollouts generally include the creation of a reference image to serve as the foundation for the devices in your organisation. This also often termed as the Golden Image or Standard Operating Environment (SOE).

Ensuring this is secured can prevent large scale flaws spreading across your organisation. Download the full whitepaper for insights and tips on how to avoid calamity.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Saving your Windows 10 rollout from calamity appeared first on Sense of Security.

]]>
/saving-your-windows-10-rollout-from-calamity/feed/ 0
Dynamic Risk Assessments /dynamic-risk-assessments/ /dynamic-risk-assessments/#respond Sun, 06 Oct 2019 03:58:39 +0000 /?p=6062 While a traditional assessment may identify some of your issues surrounding your cyber resilience, we present a case study demonstrating the true value of a Dynamic Risk Assessment.

The post Dynamic Risk Assessments appeared first on Sense of Security.

]]>

The business case for dynamic risk assessment

Risk Management is a discipline with an extensive heritage. For example, the insurance industry has been built on, and profits from, disciplined risk management. For every product there is a policy and a detailed assessment as to what the premium should be to cover the risk and for the underwriter to make a profit overall.

Many of the models that are used in insurance are mathematical and require years of claim data to improve accuracy. However, cyberspace is a constantly evolving landscape with changes occurring far more rapidly than in traditional cover areas such as home and contents, car, travel etc. Due to the lack of established data the cyber insurance industry has struggled to develop models to accurately determine what to cover and for how much.

Putting cyber insurance aside (that is a topic for another paper altogether), let us focus on how cyber risk assessments can be performed for the modern organisation given the dynamic nature 
of cyberspace.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Dynamic Risk Assessments appeared first on Sense of Security.

]]>
/dynamic-risk-assessments/feed/ 0
Web scale cyber resilience /web-scale-cyber-resilience/ /web-scale-cyber-resilience/#respond Fri, 27 Sep 2019 05:36:24 +0000 /?p=6001 Does your testing firm really understand your tech stack? Are they really going to scrutinise your ability to be cyber resilient? Penetration Testing is a complex discipline. Your business deserves the best protection. If you really want to seek comprehensive assurance of your deployments, ask yourself this question when you next are seeking testing services for your cloud deployment.

The post Web scale cyber resilience appeared first on Sense of Security.

]]>

Testing the modern Cloud Web Application deployment (containers and microservices)

You should be asking yourself “Does my testing firm really understand my tech stack? Are they really going to scrutinise our ability to be cyber resilient?”

High profile website deployments need to leverage the elastic nature of public cloud technology. Modern applications today are most likely designed as micro-services with containerisation for speed of deployment and operational management. The environment is also likely to be auto-scaling. This means that the environment scales to accommodate the load.

There are some other quite fundamental differences between these modern web apps and the ones that are a few years older.

The older ones probably lurk at the edge of your physical data-centres, internal networks and could possibly be in your public cloud environment if they were migrated in a lift-and-shift manner when everyone was all gung-ho about cloud adoption.

For further information download the complete report below.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Web scale cyber resilience appeared first on Sense of Security.

]]>
/web-scale-cyber-resilience/feed/ 0
The state of the internet perimeter in Australia /the-state-of-the-internet-perimeter-in-australia/ /the-state-of-the-internet-perimeter-in-australia/#respond Mon, 23 Sep 2019 04:36:24 +0000 /?p=5930 Our new benchmark study built on 12 months of external network penetration testing reports

The post The state of the internet perimeter in Australia appeared first on Sense of Security.

]]>

If your network is exposed to the Internet, you can be sure someone out there is having a look.

Sense of Security has released a benchmark study based on 12 months of continuous external network penetration test reports.

External network perimeter penetration tests do not only concentrate on the network layer. This often means we will investigate exposed web applications too. You can rest assured that if it’s exposed to the Internet someone out there is having a look.

Our tests evaluated the robustness of an organisation’s Internet perimeter to simulated attacks designed to breach security defences. The results included in the data were complete perimeter tests but excluded any social engineering scenarios.

SOS has released this data to help improve security awareness of the state of cyber security in Australia. The results here are complementary and should be read in conjunction with those released in our recent ‘The State of Web Application Security in Australia’ report released in May 2019. This will provide the reader with a more complete view of common weaknesses at the network and application layers on the Internet boundary.

While there are certainly challenges, our research indicates that you don’t need the latest and greatest technology to secure your enterprise. Minimising your attack surface area is still one of the most effective things you can perform. Organisation’s should also strive towards continuous monitoring to identify vulnerabilities at high frequency, rather than relying on point in time security reviews alone.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would liek to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post The state of the internet perimeter in Australia appeared first on Sense of Security.

]]>
/the-state-of-the-internet-perimeter-in-australia/feed/ 0
The State of Web Application Security in Australia /the-state-of-web-application-security-in-australia/ /the-state-of-web-application-security-in-australia/#respond Wed, 22 May 2019 03:28:55 +0000 /?p=5136 Sense of Security has released the first ever Australian Cyber Security benchmark study built on 12 months of continuous Web Application Penetration test reports and the findings were rather alarming.

The post The State of Web Application Security in Australia appeared first on Sense of Security.

]]>

Nearly 1 in 2 business web applications
 in Australia are vulnerable to cyber-attacks

Sense of Security has released the first ever Australian Cyber Security benchmark study built on 12 months of continuous Web Application Penetration test reports.

This comprehensive document clearly demonstrates those in Australia who think their web apps are safe-and-sound could be vulnerable. Co Author and SOS Founder, Jason Edelstein, “Web applications are part of the basic building blocks of the Internet, and a major portion of those who think their web assets are secure, are in fact, potentially vulnerable.”

SOS collated and examined data from 175 Web Application Penetration test reports over the past 12 months and came up with 3,670 findings. 41% of the findings show that companies and institutions are at medium to high risk, and from those, 6% of the findings found serious web app vulnerabilities and are rated at a high risk of attack.

Edelstein said, “we are coming from a very large sample over a relatively short time period, the report is a perfect benchmark for everybody concerned with Cyber Risk. Based on the depth and breadth of the report, the notion of thinking ‘everything is OK’ has been comprehensively rebutted.”

displays the number of findings ranging from high risk to low risk as a percentage of customers per sector

Get the full document here

[contact-form-7]

If you need assistance with your web application security, our specialists consultants are here to help you. Please contact us today.

The post The State of Web Application Security in Australia appeared first on Sense of Security.

]]>
/the-state-of-web-application-security-in-australia/feed/ 0