Is Risk Listing a Reliable Risk Management Practice?
12Jan By RBNo Comments
Risk

Is Risk Listing a Reliable Risk Management Practice?

Introduction Risk management can be defined as the “process which aims to help organizations understand, evaluate and take action on all their risks with a view to increasing the probability of success and reducing the likelihood of failure” (Hopkin, 2010, p. 37). This is the definition made by the Institute of Risk Management (IRM), which also published ‘A Risk Management Standard’ (IRM, 2002), a guide that lays out a framework for managing risks. This report will critically analyse and evaluate this approach, also known as Risk Listing. This paper will initially examine the limitations of this risk management practice by explaining why these disadvantages could lead to a negative impact on the organization involved in the process. The second part will focus on recommendation...
Read More
Cyber attacks on corporations hit record-breaking highs
12Jan By RBNo Comments
Security

Cyber attacks on corporations hit record-breaking highs

New data has found that the number of global weekly cyberattacks has reached the highest record to date. The data has shown that there were 925 attempts per organization in Q4 2021. The data also revealed that the number of attempted attacks has been on a steady increase since Q2 2020, having seen 50% more attacks per week on corporate networks in 2021 in comparison to 2020. The data from CheckPoint was gathered from millions of global sensors across endpoints, mobiles, and networks, collecting valuable data from a number of industries. For instance, the findings showed that both the research and education sector witnessed the highest amount of attacks in 2021, with an average of 1605 attacks every week, per organization. This was a 75% increase compared to 2020. Military and ...
Read More
The Evolution of Patch Management: How and When It Got So Complicated
11Jan By RBNo Comments
Security

The Evolution of Patch Management: How and When It Got So Complicated

If you look at the past, patch management was not a cybersecurity issue; rather, it was an IT issue. And it wasn't until the emergence of Code Red in 2001 when Microsoft started issuing patches to plug security vulnerabilities in its software. Patch management as security came to prominence again with the massive Internet worms of 2009, 2011, and 2012, including WannaCry in 2017, which would shock entire enterprise networks. These incidents would set the stage for widespread adoption of regular patch management cycles among enterprises. Until then, there were only sporadic security incidents, but nothing large in scale where you would see viruses and malware spreading across geographies. As these large-scale attacks that infected entire networks across geographies became more preva...
Read More
How to get your address off the internet: What you need to know to protect yourself
11Jan By RBNo Comments
Reputation

How to get your address off the internet: What you need to know to protect yourself

With so much work and communication taking place online these days, companies and people are making ourselves vulnerable to a range of negative exposure – from unfair reviews of your service or product and how to get your address off the internet to complete scrutiny of your online presence. Table of contents How to get your address off the internet: The steps you need to be successfulHow to remove my address off the internet and other personal information How to get your address off the internet: The steps you need to be successful Case Read more cases Situation “Dr. Harris”, a female doctor, recently changed her job, however, the old online contact information remained the same and she was receiving calls about her past position. She repeatedly had to apologize ...
Read More
How To Build a Good Reputation
11Jan By RBNo Comments
Reputation

How To Build a Good Reputation

People frequently overlook the value of having a good reputation until things deteriorate. However, it’s important for individuals and businesses alike, especially if they aim to expand beyond their existing reach. A company’s reputation is a valuable asset that should not be treated lightly. Building a positive online image requires a deliberate effort that will ultimately determine the success of your company. We will explain why you need to build a positive reputation and how to maintain it. Table of contents Benefits Of Having a Positive Business ReputationHow To Build a Good Reputation in Business OnlineHow to Keep a Good Reputation Benefits Of Having a Positive Business Reputation Approximately 20% of new businesses fail within their first two years, 45% in the fi...
Read More
2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security
11Jan By RBNo Comments
Security

2022 Cybersecurity Predictions from Lookout: Work From Anywhere Ends On-Premises Security

Lookout, an endpoint-to-cloud cyber security company, have put together their cyber security predictions for 2022. 1 — Cloud connectivity and cloud-to-cloud connectivity will amplify supply-chain breaches One area organizations need to continue to monitor in 2022 is the software supply chain. We tend to think of cloud apps as disparate islands used as destinations by endpoints and end-users to collect and process data. The reality is that these apps constantly communicate with different entities and systems like software-update infrastructure and with each other — interactions that are often not monitored. In late 2020, the cybersecurity community uncovered one of the worst breaches in recent memory when the SolarWinds software-publishing infrastructure wa...
Read More
Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage
11Jan By RBNo Comments
Security

Breach Response Shift: More Lawyers, Less Cyber-Insurance Coverage

The face of data breach investigations is changing as companies weigh business factors outside of the traditional office of information security. Following a breach, for example, companies are no longer likely to make their first call to an incident response firm but rather to an outside attorney, a trend that legally protects businesses but could make the technical response more difficult, according to ongoing research by a trio of academic researchers. Nearly half of all companies call in lawyers to lead the investigation, relying on their expertise to navigate regulatory requirements, hire outside consultants, and write final reports, the academic experts found. Insurance firms are also seeing thousands of cyber breaches handled by outside attorneys, rather than an outsi...
Read More
Microsoft: macOS ‘Powerdir’ Flaw Could Let Attackers Gain Access to User Data
11Jan By RBNo Comments
Security

Microsoft: macOS ‘Powerdir’ Flaw Could Let Attackers Gain Access to User Data

Microsoft today disclosed a vulnerability in Apple's macOS that could enable an attacker to gain unauthorized access to protected user data through bypassing the Transparency, Consent, and Control (TCC) technology in the operating system. The Microsoft Security Vulnerability Research (MSVR) team reported its discovery to Apple's product security team on July 15, 2021. Apple addressed CVE-2021-30970, dubbed "Powerdir," in a rollout of security updates released on Dec. 13. TCC is an Apple subsystem introduced in 2012 in macOS Mountain Lion. The technology was designed to help users configure the privacy settings of their device's applications — for example, access to the camera or microphone or their calendar or iCloud account. To secure TCC, Apple created a feature that prevents una...
Read More
Active Directory security updates: What you need to know
7Jan By RBNo Comments
Security

Active Directory security updates: What you need to know

Several years ago I documented Windows updates that needed additional registry keys to be set before you are fully patched. These updates can be hard to keep track of. Microsoft recently released several more updates that need action on your part. The Microsoft Japanese security team documented several updates released in November 2021 that need more registry keys or actions taken to better protect Active Directory. These updates will ultimately be enforced, but in the meantime, these settings should be on your radar and tested for their impact. Active Directory elevation of privilege vulnerability The first patch addresses a security bypass vulnerability (CVE-2021-42278) that allows attackers to impersonate a domain controller by using computer account spoofing. Included in thi...
Read More
Why We Need To Reframe the False-Positive Problem
7Jan By RBNo Comments
Reputation

Why We Need To Reframe the False-Positive Problem

The concept of false positives has been pushed and pulled around for years in the cybersecurity industry. Countless vendor-sponsored studies reinforce the idea that false positives are directly contributing to the problem of alert fatigue. And as a security vendor, it's no surprise that one of the top burning questions on our customers' minds is, "What's our false-positive rate?" There's no doubt that security analysts and IT admins are frustrated by a constant barrage of alerts. But false positives aren't solely to blame; the reason is largely due to poorly targeted detection logic. Without experienced teams and large datasets, targeting threat detection can result in large volumes of noise. And because the nature of administrative work can also overlap with attacker patterns, the...
Read More
Follow Us on Twitter
Join our community on LinkedIn