Sense of Security Wed, 17 Jun 2020 02:37:18 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.2 Educate your staff – Reduce your cyber risk /educate-your-staff-reduce-your-cyber-risk/ Mon, 15 Jun 2020 03:20:13 +0000 /?p=7545 Educating your staff is key.  When your staff are trained to identify and confidently respond to the various attack vectors used by cybercriminals, they will be in a much better position to defend and safeguard data assets and stop attackers from breaching your network.

The post Educate your staff – Reduce your cyber risk appeared first on Sense of Security.

]]>
With more staff working remotely, an increase in the attack surface and an ever-evolving number of threat actors entering the realm, there is no better time to direct your attention towards security awareness training.

Security awareness training is one of the most powerful security controls that a business can deploy to reduce cyber risk, as cybercrime continues to proliferate and evolve.

To mitigate this, educating your staff is key.  When your staff are trained to identify and confidently respond to the various attack vectors used by cybercriminals, they will be in a much better position to defend and safeguard data assets and stop attackers from breaching your network.

We can provide:

  • Boardroom to basement– A programmatic approach to cybersecurity awareness training Providing end to end management across all delivery methods and media.
  • Phriendly Phishing– A Phishing Simulation platform to harden the defences of your most valuable assets – your staff!
  • Individual instructor ledtraining courses both onsite or remote.

 

The time is now to invest in your staff. Our specialist trainers are here to help you build a cyber resilient workforce to better protect data assets and stop attackers in their tracks.

If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.

The post Educate your staff – Reduce your cyber risk appeared first on Sense of Security.

]]>
Sense of Security will be represented by three team members at RSA APJ 2020 /sense-of-security-will-be-represented-by-three-team-members-at-rsa-apj-2020/ Fri, 15 May 2020 06:02:11 +0000 /?p=7341 We are pleased to announce that three of our Sense of Security team members will be presenting at the virtual RSA APJ 2020 conference. Our Head of Research Willem Mouton...

The post Sense of Security will be represented by three team members at RSA APJ 2020 appeared first on Sense of Security.

]]>
We are pleased to announce that three of our Sense of Security team members will be presenting at the virtual RSA APJ 2020 conference.

Our Head of Research Willem Mouton will be jointly presenting with one of our Senior Security Consultants Hamed Merati on the topic of “Breaking Bad (passwords)“. In 2020 password security remains one of the single biggest threats facing all organizations. The aim is to highlight and share a statistical analysis of corporate compromises based on passwords and password policies encountered during security audits over the last 24 months.

Also, our COO Murray Goldschmidt, who is ranked as a top speaker at RSA this year, will be presenting on  “Securing your M&A activity with cyber security due diligence“. The presentation will focus on a case study of a Cyber Due Diligence assignment that changed the position of an astute Buyer & saved them from certain losses. Financial, Tax and Legal DD’s all presented low risk, but within 6 months the target was breached & lost all of its IP. We describe the makeup of a Cyber DD Program and what metrics to use to make informed M&A decisions. Cyber DD should precede all other DD activities. 

Willem and Hamed’s presentation will be held on Friday, 17 July from 12.05 pm – 12.35 pm. Murray’s presentation will be held on Thursday, July 16, 2020 from 12.05 pm – 12.35 pm.

For more information about this years ‘virtual’ RSA APJ Conference visit https://www.rsaconference.com/apj.

You don’t want to miss out

REGISTER NOW!!!!

See you ‘virtually’ in Singapore!!

The post Sense of Security will be represented by three team members at RSA APJ 2020 appeared first on Sense of Security.

]]>
Secure Mobile Application Development Training /secure-mobile-application-development-training/ Fri, 08 May 2020 03:26:16 +0000 /?p=7170 DDoS is now considered one of the primary threat types facing every industry and business that is exposed to the Internet. Our Data Sheet will give a better understanding of how it affects you.

The post Secure Mobile Application Development Training appeared first on Sense of Security.

]]>

Much like other IT aspects, mobile applications are not without their weaknesses as well.

Compatibility for different types of platforms, backwards-compatibility with older versions, weak or no integration of platform security features, insufficient protection of private information and insecure corporate service access are major concerns when it comes to secure development and usage of Mobile Applications across all platforms.

Because of these technical and business risks, secure mobile application and web service design, development and testing procedures should be used by business managers, software developers, auditors and security engineers.

Download the below datasheet to get a better understanding  of securely developing your mobile applications.

[contact-form-7]

If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.

The post Secure Mobile Application Development Training appeared first on Sense of Security.

]]>
Join Alastair MacGibbon and Murray Goldschmidt for our interactive Cyber Dialogue Q&A webinar on the new normal of business and cyber security. /join-alastair-macgibbon-and-murray-goldschmidt-for-our-interactive-cyber-dialogue-qa-webinar/ Fri, 08 May 2020 03:10:49 +0000 /?p=7165 What will be considered the “new normal” for business once COVID-19 restrictions are lifted and economic activity can return? What are the implications for cyber security?

The post Join Alastair MacGibbon and Murray Goldschmidt for our interactive Cyber Dialogue Q&A webinar on the new normal of business and cyber security. appeared first on Sense of Security.

]]>

Join Alastair MacGibbon and Murray Goldschmidt for our interactive Cyber Dialogue Q&A webinar on the new normal of business and cyber security.

There are some encouraging signs that COVID-19 restrictions will start to ease in Australia. The New Zealand Prime Minister has also proposed the creation of an ANZ bubble, enabling travel and business with our closest neighbour. Even whilst COVID-19 continues to march relentlessly throughout many countries, ANZ businesses need to plan for resumption of normal business practices.

What will be considered the “new normal” for business once COVID-19 restrictions are lifted and economic activity can return? What are the implications for cyber security?

Register now and submit your questions about life and business after COVID-19: https://attendee.gotowebinar.com/register/4529407770906209547?source=social

The post Join Alastair MacGibbon and Murray Goldschmidt for our interactive Cyber Dialogue Q&A webinar on the new normal of business and cyber security. appeared first on Sense of Security.

]]>
DevOps Security Automation Training /devops-security-automation-training/ Mon, 04 May 2020 07:00:48 +0000 /?p=7149 DDoS is now considered one of the primary threat types facing every industry and business that is exposed to the Internet. Our Data Sheet will give a better understanding of how it affects you.

The post DevOps Security Automation Training appeared first on Sense of Security.

]]>

Addressing security in a fast-moving DevOps environment is essential, not just for the long-term success of your service delivery lifecycle (SDLC) but for the protection of your entire stack of tools and processes.

The full-day (or two-day) training tutorial examines ways of integrating security into DevOps environments by looking at opportunities at each stage of the development cycle.

Above all, the core focus is on automating repeatable security tasks allowing “low-hanging-fruit” issues to be remediated without human intervention.

Download the below datasheet to get a better understanding around DevOps Security Automation Training.

[contact-form-7]

If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.

The post DevOps Security Automation Training appeared first on Sense of Security.

]]>
Working from home and your Cyber Security /online-cyber-security-courses/ Wed, 08 Apr 2020 08:02:11 +0000 /?p=7017 Cybercrime is a growing threat in Australia and globally. Businesses of all shapes and sizes are targets. The COVID-19 health crisis has forced a change in the way we work and interact with each other.

The post Working from home and your Cyber Security appeared first on Sense of Security.

]]>

Cybercrime is a growing threat in Australia and globally.

Businesses of all shapes and sizes are targets. The COVID-19 health crisis has forced a change in the way we work and interact with each other.

The shift toward work-from-home arrangements has amplified every business’s cybersecurity challenges:

  • the ever-expanding surface for attackers to exploit
  • an online workforce that is not educated about security awareness, leading to weak enforcement of mitigating behaviours (the “human firewall”)
  • unsecured data transmissions by people who are not using VPN software
  • email and corporate data access that isn’t secured with Multi-Factor Authentication
  • and physical and psychological stressors that compel employees to bypass controls for the sake of getting things done

Register your team or company to our online sessions in Phishing Fundamentals or General Security Awareness today.

Hackers are taking advantage of the human factor

Hackers are aware of the vulnerabilities during this health crisis. They’re taking advantage to exploit the human factor – the most vulnerable asset in an organization. According to the US Secret Service, cyber criminals are using the most common attack vectors of social engineering / phishing to lure people into sharing information.

Cyber-attacks can bring public infrastructure to its knees, disrupt business operations, create reputational and brand damage, and generally cause irreparable harm to large businesses. A single event could threaten the very existence of any business that has limited capacity to respond and recover.

Harden your human defences.

We can help you train your employees to be your first and last line of defence against cyber-attacks. Strengthening your human firewall is easy and there’s never been a more important time to train your staff and protect your business.

Register today for an online training session.

Act now by completing the form and we’ll be in touch to discuss the right training program for you at a time that suits your team. We are currently running sessions in Phishing Fundamentals or General Security Awareness.

[contact-form-7]

If you need assistance with your Cyber Security training from boardroom to basement, our specialists trainers are here to help you. Please contact us today.

The post Working from home and your Cyber Security appeared first on Sense of Security.

]]>
Cyber Security for Smart Grids /cyber-security-for-smart-grids/ Thu, 05 Mar 2020 00:22:27 +0000 /?p=6950 While the Microsoft ecosystem has enjoyed dramatic improvements in security and the latest Windows 10 is orders of magnitude more secure than previous generations of the workstation platform, we make the case for advanced security testing to ensure you avoid calamity.

The post Cyber Security for Smart Grids appeared first on Sense of Security.

]]>

Cyber Security for Smart Grid

Integrated IT and OT systems like Smart Grids are becoming more popular because of their self-management abilities, ensuring continuous availability of power. The ease of operation is pulling more energy and utility companies to invest in these systems.

But along with the benefits, critical systems are becoming a prime target for cyber attackers to inflict serious damage and disruption.

Cybersecurity is all the more critical while implementing such systems compared to the traditional electrical grid.

Download the full whitepaper to understand the emerging cyber-attack  scenarios in relation to the smart grid, its vulnerabilities and standards for cybersecurity assessment.

Get the full document here

[contact-form-7]

If you need assistance with fully understanding this report or would like to chat further about your security needs, our specialists consultants are here to help you. Please contact us today.

The post Cyber Security for Smart Grids appeared first on Sense of Security.

]]>
Presentation: RSA USA 2020 – Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed /presentation-rsa-usa-2020-preventing-an-enterprise-win10-rollout-being-remotely-controlled-and-ransomed/ Thu, 27 Feb 2020 22:52:42 +0000 /?p=6939 ...we call these Dynamic Risk Assessments (DRA). This type of assessment is based on the premise that we are not stifled by prescriptive rules, a spreadsheet listing the methods we must use, or having meetings with any number of stakeholders who may not disclose the true state of affairs for fear of losing credibility or possibly their job.

The post Presentation: RSA USA 2020 – Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed appeared first on Sense of Security.

]]>
Our COO Murray Goldschmidt, a top RSA speaker held a presentation at RSA USA 2020 on the topic of Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed

Windows 10 is the platform of choice for large scale, corporate controlled, end user OS deployments. Referred to through many names incl Enterprise Roll-Outs, Standard Operating Environments (SOE), Golden Image deployment etc they all relate to the same thing. A standardized deployment that needs to be secured at creation and then managed for the lifetime in operation. Large corps & govt tend to use the same formula. Create an image. Add in some enterprise mgmt features, end point security & full disk encryption. Harden. Test it (maybe). Operate it in the field. Deal with any fall out. These are high cost, time sensitive, task management centric projects. Using an outsourced partner to design, implement & manage the process adds in an element of supply chain risk – making the entire solution susceptible to long term time-in-market attacks. This includes a timeless opportunity for total environment-take-over. It is our experience that organisations are short-changing themselves by doing very limited testing of the system prior to deployment. At best this is limited to a hardening review.

This presentation describes a case-study for why testing is required to address a stream of risks and how this saved a large corporate from deploying an image that was certain to result in 10,000+ machines being remotely controlled by an adversary.

To learn more download our presentation here. For more information call us on 1300 922 933.

The post Presentation: RSA USA 2020 – Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed appeared first on Sense of Security.

]]>
Presentation: RSA USA 2020 – What Was Once Old Is New Again: Domain Squatting in 2020 /presentation-rsa-usa-2020-what-was-once-old-is-new-again-domain-squatting-in-2020/ Thu, 27 Feb 2020 17:00:10 +0000 /?p=6938 Despite investment in DDoS mitigation, testing solutions is seldom on the agenda of most vulnerability management programs that focus on vulnerability scanning and pen testing. This presentation delivers an effective approach to validate your defenses against all forms of DDoS including the ability to simulate attacks, measure your response and determine if your operational practices are working.

The post Presentation: RSA USA 2020 – What Was Once Old Is New Again: Domain Squatting in 2020 appeared first on Sense of Security.

]]>
Our Practice Manager Jeremy du Bruyn and our Head of Research Willem Mouton held a presentation at RSA USA 2020 on the topic of What Was Once Old Is New Again: Domain Squatting in 2020

A common cyber-attack technique is to lure a victim to browse to an attacker controlled website that is hosting malware or the like. One way to lure a victim is to register a DNS domain that resembles that of a major brand, and then either entice the victim to visit the website, for instance via an email message, or to simply wait for the victim to mistype or misspell the major brand’s website address. This registering of a similar DNS domain is commonly referred to as domain squatting. People are encouraged to be suspicious of emails received from unknown senders, but what happens when an email appears to come from a known person or organization, and the emails and its attachments are in line with the expected content. Again, research into similar topics isn’t new. However, by utilizing domain squatting the registering of DNS domains can be extracted by examining email flows, and the email content categorized by applying topic modelling on their contents. This allows for specifically crafted spear-phishing emails that match both the expected email sender and the topics of correspondence, which drastically increases the chances of a successful phish.

In this session, it will be demonstrated how old school domain squatting can be modernized to include OSINT gathering and the delivery of weaponized documents using email messages. The result is scarily accurate corporate relationship and supply chain mappings, as well as re-purposing actual business documents into spear-phishing attacks.

To learn more download our presentation here. For more information call us on 1300 922 933.

The post Presentation: RSA USA 2020 – What Was Once Old Is New Again: Domain Squatting in 2020 appeared first on Sense of Security.

]]>
Three Sense of Security team members will be presenting at RSA USA 2020 /three-sense-of-security-team-members-presenting-at-rsa-usa-2020/ Tue, 25 Feb 2020 22:18:26 +0000 /?p=6903 We are pleased to announce that three of our Sense of Security team members will be presenting at the RSA USA 2020 conference. Our Practice Manager Jeremy du Bruyn and...

The post Three Sense of Security team members will be presenting at RSA USA 2020 appeared first on Sense of Security.

]]>
We are pleased to announce that three of our Sense of Security team members will be presenting at the RSA USA 2020 conference.

Our Practice Manager Jeremy du Bruyn and our Head of Research Willem Mouton will be jointly presenting What Was Once Old Is New Again: Domain Squatting in 2020.  In this session the presenters will demonstrate how old school domain squatting can be modernized to include OSINT gathering and the delivery of weaponized documents using email messages. The result is scarily accurate corporate relationship and supply chain mappings, as well as re-purposing actual business documents into spear-phishing attacks.

Also, our COO Murray Goldschmidt, who is ranked as a top speaker at RSA this year, will be presenting on  Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed. A case-study for static and dynamic testing of Win10 enterprise rollout images. How this saved an organization from deploying an image that would have resulted in 10,000+ machines being remotely controlled by an adversary for ransom. Hardening reviews, configuration management, app whitelisting effectiveness, encryption recovery, and the ability to detect and defeat sleeper malware are described.

Jeremy and Willem’s presentation will be held on Thursday, February 27, 2020 from 8:00 am –8:50 am in Moscone West 3004. Murray’s presentation will be held on Thursday, February 27, 2020 from 2:50 pm –3:40 pm in Moscone West 2006.

For more information and to secure your spot for Jeremy and Willem’s presentation visit https://www.rsaconference.com/experts/jeremy-du-bruyn#upcomingsessions or for Murray’s presentation visit https://www.rsaconference.com/experts/murray-goldschmidt#upcomingsessions.

You don’t want to miss out

See you in San Francisco!!

The post Three Sense of Security team members will be presenting at RSA USA 2020 appeared first on Sense of Security.

]]>