Tuesday, March 9

Cyber Security

Cyber Security

Women in Payments: Q&A with Lisa Conroy
Cyber Security

Women in Payments: Q&A with Lisa Conroy

Though she didn’t initially set out to prevent crime, when Lisa Conroy was first involved in data security breaches at her company, she became hooked. In this month’s blog series, Conroy explains how she discovered her true calling by accident. (more…)
5 ways to detect a phishing email – with examples
Cyber Security

5 ways to detect a phishing email – with examples

Phishing is one of the most common methods of cyber crime, but despite how much we think we know about scam emails, people still frequently fall victim. Action Fraud receives more than 400,000 reports of phishing emails each year, and according to the Mimecast’s State of Email Security 2020, 58% of organisations saw phishing attacks increase in the past 12 months. Meanwhile, Verizon’s latest Data Breach Investigations Report, more than two thirds of data breaches involved social engineering attacks such as phishing. In this blog, we use real phishing email examples to demonstrate five clues to help you spot scams. 1. The message is sent from a public email domain No legitimate organisation will send emails from an address that ends ‘@gmail.com’. No...
7 steps to a successful ISO 27001 risk assessment
Cyber Security

7 steps to a successful ISO 27001 risk assessment

Risk assessments are at the core of any organisation’s ISO 27001 compliance project. They are essential for ensuring that your ISMS (information security management system) – which is the result of implementing the Standard – addresses the threats comprehensively and appropriately. What is an information security risk assessment? In the context of information risk management, a risk assessment helps organisations assess and manage incidents that have the potential to cause harm to your sensitive data. The process involves identifying hazards – whether they are vulnerabilities that a cyber criminal could exploit or mistakes that employees could make. You then determine the level of risk they present and decide on the best course of action to prevent th...
Social engineering: what it is and how to avoid it
Cyber Security

Social engineering: what it is and how to avoid it

Cyber criminals have many tricks up their sleeves when it comes to compromising sensitive data. They don’t always rely on system vulnerabilities and sophisticated hacks. They’re just as likely to target the an organisation’s employees. The attack methods they use to do this are known as social engineering. What is social engineering? Social engineering is a collective term for ways in which fraudsters manipulate people into performing certain actions. It’s generally used in an information security context to refer to the tactics crooks use to trick people into handing over sensitive information or exposing their devices to malware. This often comes in the form of phishing scams – messages that are supposedly from a legitimate sender that ask the recip...
Australian government bombarded by cyber attacks
Cyber Security

Australian government bombarded by cyber attacks

Australia has been hit by a series of ongoing, sophisticated cyber attacks targeting “all levels of government”, Prime Minister Scott Morrison has announced.  The government, the industrial sector, political groups, schools, healthcare organisations and essential service providers and operators of other critical infrastructure have all come under attack in the past few months.  The nature of the attacks – targeting public-facing infrastructure and essential services – suggests that whoever is responsible is trying to disrupt systems or steal government data.  Indeed, Morrison confirmed that the attacker was “a state-based actor, with very significant capabilities”, although he didn’t speculate on which one.  Who is responsible?  The list of countrie...
How to document PCI DSS-compliant policies and procedures
Cyber Security

How to document PCI DSS-compliant policies and procedures

Technology can only do so much to protect an organisation from data breaches. That’s why Requirement 12 of the PCI DSS (Payment Card Industry Data Security Standard) instructs organisations to implement policies and procedures to help staff manage risks. Employees introduce many risks into businesses that technology simply can’t prevent. Misconfigured databases, email attachments sent to the wrong person and records that are improperly disposed are common examples the ways staff compromise information. These are the kinds of risks that a PCI DSS policy can help prevent. What you should include in a PCI DSS policy A PCI DSS policy is a collection of written procedures and guides that state how an organisation manages its CDE (cardholder data environment)...
How to audit administrative actions in your Oracle RDS and Oracle databases on EC2
Cyber Security

How to audit administrative actions in your Oracle RDS and Oracle databases on EC2

Preface Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. DataSunrise is an AWS Advanced Technology Partner certified on Security competency in Data Protection and Encryption along with other AWS validated qualifications. DataSunrise can run on-premises or an EC2 box or as a cluster on multiple EC2 instances, in a virtual machine or on bare-metal. DataSunrise Data and Database Security Suite (DataSunrise) for all types of Amazon RDS acts as a database application firewall (DAF) acts as a man-in-the-middle for all sessions, queries, and commands ...