My takeaways from last week – Oct 18, 2021

This week it was a lot about ransomware and for good reasons, I think. It is a priority now to defend against equally for governments, businesses, and individuals. Besides ransomware, I selected a few interesting articles among which one is about user rights and one about cyber... ignorance. Read on to get my takeaways from …

Continue reading My takeaways from last week – Oct 18, 2021

My takeaways from last week – Oct 11, 2021

This was a particularly interesting week with a couple of events worth being reviewed (and learned from): the launch of the more security-oriented Windows 11, the Facebook outage and, a new ransomware threat for VMware ESXI. I also included a short read on planning for Incidents Response. Here is my take from last week: I'm …

Continue reading My takeaways from last week – Oct 11, 2021

My takeaways from last week – Sept 27, 2021

Each Monday I'm publishing a list of quick thoughts and top readings on cybersecurity from the previous week. Here is my take from the week of September 20th: An excellent article on advanced phishing: Hackers Are Going ‘Deep-Sea Phishing,’ So What Can You Do About It? "Hackers are upping their game, using an approach I …

Continue reading My takeaways from last week – Sept 27, 2021

How ransomware changed the face of cybersecurity

In a popularity contest for cyberattacks, Ransomware would definitely win and its (bad) reputation among the general public is well deserved. Ransomware is probably the type of attack that had the most significant influence on the cybersecurity industry in the last 10 years. Here is why. The Prevalence Compared to other classes of attacks - …

Continue reading How ransomware changed the face of cybersecurity

Security Architecture considerations for Cyber Resilience – why threat prevention is important

In an earlier blog this year, I compared the concepts of cybersecurity and cyber-resiliency, arguing that the main difference between the two is one of perspective. Cybersecurity is centered on the idea that attacks can (and should) be prevented while cyber-resilience acknowledges that some attacks will go through, and that organizations must prepare to deal …

Continue reading Security Architecture considerations for Cyber Resilience – why threat prevention is important

A Practical Approach to Cyber Resilience – Developing solutions (Part 3 of 3)

In the third and last part of the blog series on Practical Cyber Resilience, I will cover the Approaches, Tactics and Techniques that an organization should use when developing options for improving cyber resilience. In the previous blog, I detailed the practical five-step Cyber Resilience Analysis Process recommended both by NIST and MITRE for enhancing …

Continue reading A Practical Approach to Cyber Resilience – Developing solutions (Part 3 of 3)