Skip to content
Home » Cyber

Cyber

Working in ad-tech makes me more security aware

    Unsurprisingly, leading the marketing group in a company operating in the advertising technology space makes me a better marketer. But, unexpectedly this time, since joining Creatopy I’ve got quite a few security-related insights, especially around the topic of data protection and data privacy. For good reasons, there is a lot of noise about cyber threats, about people and groups that illegally access personal data to reach a variety of goals – from politically motivated cyber-attacks to pure profit. Individuals and… Read More »Working in ad-tech makes me more security aware

    The hidden link between Phishing attacks and the American Data Privacy and Protection Act

      On how human nature and digital literacy are connecting privacy regulations and phishing attacks. This week I read two seemingly unrelated pieces of news: one was related to the American Data Privacy and Protection Act (ADPPA) being pushed for a vote in the House. The second one was on phishing attacks skyrocketing with top brands like Microsoft and Facebook being heavily abused in the process. The ADPPA is an American equivalent of GDPR and sets the standards for how tech… Read More »The hidden link between Phishing attacks and the American Data Privacy and Protection Act

      How ransomware changed the face of cybersecurity

        In a popularity contest for cyberattacks, Ransomware would definitely win and its (bad) reputation among the general public is well deserved. Ransomware is probably the type of attack that had the most significant influence on the cybersecurity industry in the last 10 years. Here is why. The Prevalence Compared to other classes of attacks – like common malware, brute force attacks, and many others – ransomware, as we know it today, is a rather new type of attack. Although early… Read More »How ransomware changed the face of cybersecurity

        Security Architecture considerations for Cyber Resilience – why threat prevention is important

          In an earlier blog this year, I compared the concepts of cybersecurity and cyber-resiliency, arguing that the main difference between the two is one of perspective. Cybersecurity is centered on the idea that attacks can (and should) be prevented while cyber-resilience acknowledges that some attacks will go through, and that organizations must prepare to deal with the consequences quickly and effectively. Many examples in recent years demonstrate 100% of increasingly sophisticated attacks cannot be prevented. This reality has generated a… Read More »Security Architecture considerations for Cyber Resilience – why threat prevention is important

          A Practical Approach to Cyber Resilience – Developing solutions (Part 3 of 3)

            In the third and last part of the blog series on Practical Cyber Resilience, I will cover the Approaches, Tactics and Techniques that an organization should use when developing options for improving cyber resilience. In the previous blog, I detailed the practical five-step Cyber Resilience Analysis Process recommended both by NIST and MITRE for enhancing cyber resilience. The fourth step of the Cyber Resiliency Analysis is centered on/around identifying specific ways to make desired improvements. These alternatives include implementing cyber… Read More »A Practical Approach to Cyber Resilience – Developing solutions (Part 3 of 3)

            A Practical Approach to Cyber Resilience – The five-step process (Part 2 of 3)

              This is the second of a 3-blog series on Practical Cyber Resilience. In the first part, I covered the four key characteristics (or guiding principles) of cyber resilience. In this blog we will review the main objectives and 5-step Cyber Resilience Analysis methodology, as defined by the NIST Special Publication 800-160, Developing Cyber Resilient Systems. Within the context of this framework, cyber resilience efforts should focus on four key goals: Anticipate, Withstand, Recover from incidents, and Adapt. Sometimes with different wording,… Read More »A Practical Approach to Cyber Resilience – The five-step process (Part 2 of 3)

              Three takeaways for a Small Business from the Microsoft Exchange hack

                I heard this so many times: “My company is too small to be the target of an advanced attack”. Unfortunately, this is not true and the recent cyber-attacks on Microsoft Exchange servers clearly show it. Compared to the recent SolarWinds Orion security breach that directly affected mostly large organizations, the Exchange vulnerabilities were used to attack in excess of 30.000 organizations in the US alone, mostly small businesses and local government offices.  Here are the three lessons that a small… Read More »Three takeaways for a Small Business from the Microsoft Exchange hack