Skip to content

Three takeaways for a Small Business from the Microsoft Exchange hack

    I heard this so many times: “My company is too small to be the target of an advanced attack”. Unfortunately, this is not true and the recent cyber-attacks on Microsoft Exchange servers clearly show it. Compared to the recent SolarWinds Orion security breach that directly affected mostly large organizations, the Exchange vulnerabilities were used to attack in excess of 30.000 organizations in the US alone, mostly small businesses and local government offices.  Here are the three lessons that a small… Read More »Three takeaways for a Small Business from the Microsoft Exchange hack

    A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series

      In a previous blog, I looked at the key differences between cybersecurity and cyber-resilience, and why cyber-resilience is a better approach for organizations to follow in 2021 because it is holistic. The IT cyber-resilience is a complex objective requiring a solid understanding and a structured approach. NIST Special Publication 800-160, Developing Cyber Resilient Systems, is one the most comprehensive resources available for those enrolled on this journey. Although a bit difficult to navigate, the value of this publication is in its… Read More »A Practical Approach to Cyber Resilience – Part 1 of a 3 Part Series

      Cybersecurity or Cyber-resilience: Which one should be the prime objective for 2021?

        Given the increased dependency on digital technologies for daily operations it’s not a surprise that organizations are concerned about cyber threats and the risks these are posing to their operations. But what is the best approach to this problem? Should an organization focus on cybersecurity or on cyber-resilience? Which of the two can be consider a prime objective for 2021?  Cybersecurity is the more established term of the two and refers to the people, technologies and processes that serve as… Read More »Cybersecurity or Cyber-resilience: Which one should be the prime objective for 2021?

        Five defining moments that shaped cybersecurity in 2020

          Among the many disruptions brought by 2020, cyber threats ranked in the top concerns. As we had to rely more on digital for work and social life, cyber-attacks became very real threats for most aspects of our lives: health, work, freedom, national security, and even life itself.  Here is a selection of 5 defining moments that confirms the need for cyber protection essential for both private and professional life. In March-April 2020, the rapid shift from in-office to remote work… Read More »Five defining moments that shaped cybersecurity in 2020

          Accelerating Safely on the Digital Highway

            I wrote this post a couple of months back but it’s highly relevant for 2021 and it’s worth being brought up again. You will also find below a reference to an interesting on-demand webinar hosted by InfoSecurity Magazine.. Despite today’s harsh medical crisis we are living great times of innovation. For the past years, digital transformation has been stuck more or less at buzzword level, but the last 2 months marked a sharp change, with many businesses being force into… Read More »Accelerating Safely on the Digital Highway

            Top 5+1 lessons of 2020

              The year 2020 is over and many of us would like to forget it as quickly as possible. We all hope for a better 2021 but, with all the hardship, 2020 was an extraordinary year and it delivered us some valuable life lessons. Here is what I’ve learned in the last 12 months: Black Swans do exist! From time to time unexpected events just happen. The 2008 economic crisis was such an event and the Covid-19 pandemic is a black… Read More »Top 5+1 lessons of 2020

              Defeating supply chain attacks together

                The recent security incident involving Solarwinds Orion proves that cybersecurity is a team game. We all use software developed by a wide range of providers (and we will continue to do so). Any successful attack on one of these vendors (suppliers) can have negative consequences on all users of their software solutions. Solarwinds was targeted by a complex attack (most probably state-sponsored) that successfully deployed malicious code into their IT management software product Orion (The backdoor code was hidden within… Read More »Defeating supply chain attacks together