Cyber 3-2-1: Backups, doorways, and DORA
Cyber 3-2-1: Reminders about why backups are so valuable, why there are more doorways into your systems than you think, and why the pain of DORA will be worth it.
IRS: What does reasonable security look like?
How to figure out what IRS (Implementing Reasonable Security) looks like for your organisation.
DORA + SEAR + IAF = IRS
DORA; SEAR; IAF. Lots of acronyms. But the only one that matters is IRS.
Cyber 3-2-1: Income generation strategies from the cyber world.
Cyber 3-2-1: Many of us are currently finalising our income generation strategies for 2024, so here’s the Top 3 from the world of cyber crime.
The risk if your IT service provider is also your CISO.
The conflict of interest when your security expert works for your IT service provider.
MFA or SweetFA
Research shows the effectiveness of Multi-Factor Authentication at protecting commercial accounts from unauthorized access.
Cyber 3-2-1: What the world of cyber security could tell us about the Individual Accountability Framework.
Cyber 3-2-1: What the world of cyber security can tell us about the Individual Accountability Framework, and why CISO may stand for ‘Career is Sadly Over’.
What has the Individual Accountability Framework (IAF) got to do with cyber security?
DORA is not what is keeping compliance professionals up at night.
Why your execs are special.
When it comes to executive security behaviours, it’s a case of “Do as I say, not as I do”
Cyber 3-2-1: booking.com phishing, ransomware attack on China’s biggest bank, and insurers are your new auditors
Cyber 3-2-1: Phishing attacks on booking.com, ransomware attacks on ICBC, and premium attacks by insurers.
Your cyber insurance could be as useful as a chocolate teapot.
[Reading time: 41 seconds]
The following is a clause in Hiscox’s current cyber insurance application form*:
“All [users] with administrative privileges [must] have two accounts: one for everyday usage [..], […]
Get your head out of the clouds
If you think using the cloud means someone else is managing your cyber security, you need to get your head out of the clouds.
Cyber 3-2-1: A supply chain attack, a Facebook malvertising campaign, and an existential crisis.
Cyber 3-2-1: What do a supply chain attack, a malvertising campaign, and an existential crisis look like?
Guarantees vs Probabilities
What has advice about diabetes got to do with cyber security?
Thinking vs Doing
You aren't rewarded for reading about cyber security.
Cyber 3-2-1: If cybersecurity was the music industry
Cyber 3-2-1: How attackers make a hit; IT service providers and consultants are top of the wrong charts, and the latest hit from CISA’s.
The Gardai need to cop on
The difference between being legally right and morally right.
Puppies aren’t just for Christmas.
Pupplies aren’t just for Christmas. And backups aren’t just for data.
Cyber 3-2-1: Why do you rob banks? Because that’s where the money is!
Cyber 3-2-1: Why do you rob IT providers / SaaS services / legal firms? Because that’s where the data / money / reputations are.
What has homework got to do with cyber security?
When it matters, you would never ask a student to correct their own homework. Same story for cyber security.
Sign up for the Cyber Without Insanity Newsletter
Learn how to protect your reputation from cyber criminals and your sanity from techie jargon.
Not sure? You can read previous issues here
Here’s what my subscribers think:
“I love them, they have become a must-read.”
“Love the emails… they are really useful bite-sized tips.”
“I’m loving these! True to your word they are easy to read”
“I’m really enjoying your emails. They are well written and engaging and I’m learning a lot about cyber security.”
“Great emails, and always really well written.”
“You’re a champion when it comes to the no-jargon plain English approach. Always clear and to the point.”
“You have a wonderful tone of voice. It’s a great read for the content, and also for your turn of phrase.”
“I can’t believe it, but I actually look forward to your emails!”