In a popularity contest for cyberattacks, Ransomware would definitely win and its (bad) reputation among the general public is well deserved. Ransomware is probably the type of attack that had the most significant influence on the cybersecurity industry in the last 10 years. Here is why. The Prevalence Compared to other classes of attacks – like common malware, brute force attacks, and many others – ransomware, as we know it today, is a rather new type of attack. Although early… Read More »How ransomware changed the face of cybersecurity
In an earlier blog this year, I compared the concepts of cybersecurity and cyber-resiliency, arguing that the main difference between the two is one of perspective. Cybersecurity is centered on the idea that attacks can (and should) be prevented while cyber-resilience acknowledges that some attacks will go through, and that organizations must prepare to deal with the consequences quickly and effectively. Many examples in recent years demonstrate 100% of increasingly sophisticated attacks cannot be prevented. This reality has generated a… Read More »Security Architecture considerations for Cyber Resilience – why threat prevention is important
I heard this so many times: “My company is too small to be the target of an advanced attack”. Unfortunately, this is not true and the recent cyber-attacks on Microsoft Exchange servers clearly show it. Compared to the recent SolarWinds Orion security breach that directly affected mostly large organizations, the Exchange vulnerabilities were used to attack in excess of 30.000 organizations in the US alone, mostly small businesses and local government offices. Here are the three lessons that a small… Read More »Three takeaways for a Small Business from the Microsoft Exchange hack
In a previous blog, I looked at the key differences between cybersecurity and cyber-resilience, and why cyber-resilience is a better approach for organizations to follow in 2021 because it is holistic. The IT cyber-resilience is a complex objective requiring a solid understanding and a structured approach. NIST Special Publication 800-160, Developing Cyber Resilient Systems, is one the most comprehensive resources available for those enrolled on this journey. Although a bit difficult to navigate, the value of this publication is in its… Read More »A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series
Given the increased dependency on digital technologies for daily operations it’s not a surprise that organizations are concerned about cyber threats and the risks these are posing to their operations. But what is the best approach to this problem? Should an organization focus on cybersecurity or on cyber-resilience? Which of the two can be consider a prime objective for 2021? Cybersecurity is the more established term of the two and refers to the people, technologies and processes that serve as… Read More »Cybersecurity or Cyber-resilience: Which one should be the prime objective for 2021?
I wrote this post a couple of months back but it’s highly relevant for 2021 and it’s worth being brought up again. You will also find below a reference to an interesting on-demand webinar hosted by InfoSecurity Magazine.. Despite today’s harsh medical crisis we are living great times of innovation. For the past years, digital transformation has been stuck more or less at buzzword level, but the last 2 months marked a sharp change, with many businesses being force into… Read More »Accelerating Safely on the Digital Highway