supply chain risk Archives - Cybersecurity Without Insanity

IT Relationship Breakdown – Part 1: It’s not me. It’s them.

I frequently encounter a broken relationship between my client and their IT MSP (managed service provider). In this first of two articles, I discuss why these relationships break down.

By Sam Glynn|2023-02-20T09:51:34+00:00February 20th, 2023|Categories: cybersecurity|Tags: analogy, backups, business continuity, daily, data protection, managed service provider, ransomware, regulators, regulatory compliance, risk management, senior executives, supply chain risk, third party risk management|

Cyber 321: ENISA predicts the future, when even teddy bears need to be cyber aware. And what did the NCSC ever do for us?

Cyber 3-2-1: ENISA predicts the future, a future when even teddy bears need to be cyber aware. And we get a clear answer to the question ‘What did the NCSC ever do for us?’

By Sam Glynn|2023-02-17T08:11:14+00:00February 17th, 2023|Categories: cybersecurity|Tags: accountability, assessment, cyber321, dora, managed service provider, nis2, regulators, regulatory compliance, risk management, senior executives, staff awareness, supply chain risk, third party risk management|

Cyber 321: 10th February 2023

Cyber 3-2-1: Love is in the air, an Irish university responds to a ransomware attack, and CROs believe cyber risk is a higher priority than credit risk.

By Sam Glynn|2023-02-10T08:55:45+00:00February 10th, 2023|Categories: cybersecurity|Tags: accountability, board of directors, cyber321, dora, incident response, managed service provider, Multi-Factor Authentication, ransomware, regulators, regulatory compliance, risk management, romance fraud, senior executives, staff awareness training, supply chain risk, third party risk management|

DORA will be a nightmare. But it is already a necessity.

DORA is going be a nightmare. But an incident with one IT provider last week shows us why it’s necessary.

By Sam Glynn|2023-02-07T10:48:49+00:00February 7th, 2023|Categories: cybersecurity|Tags: business continuity, central bank, daily, dora, incident response, managed service provider, ransomware, regulators, regulatory compliance, risk management, supply chain risk, third party risk management|

Cyber 3-2-1: What have traffic lights, JD Sports, and Microsoft OneNote got in common? They all star in this week’s Cyber 3-2-1. Also this week, reminders as to why regulators are so keen for us to get better at third-party risk management, especially when it comes to our IT service providers.

By Sam Glynn|2023-02-03T11:37:50+00:00February 3rd, 2023|Categories: cybersecurity|Tags: central bank, cyber321, dora, managed service provider, phishing, regulators, regulatory compliance, risk management, software updates, staff awareness, supply chain risk, third party risk management|

What a breach at the Teaching Council teaches us about email auto-forwarding?

Email auto-forwarding: What can we learn from a breach at the Teaching Council?

By SG|2022-12-14T07:16:06+00:00December 14th, 2022|Categories: cybersecurity|Tags: cost of attacks, daily, data breach, data protection, dpc, example, gdpr, Multi-Factor Authentication, payment fraud, phishing, staff awareness, supply chain risk|

FBI warns about the dangers of email auto-forwarding

Don’t believe me that email auto-forwarding is a risk? Would you believe the FBI?

By Sam Glynn|2022-12-13T09:16:10+00:00December 13th, 2022|Categories: cybersecurity|Tags: cost of attacks, daily, Multi-Factor Authentication, payment fraud, phishing, staff awareness, supply chain risk|

Cyber 321: 7th October 2022

Cyber 3-2-1: This month and last month, Ireland’s police, government and national cybersecurity agency have warned SMEs about the ever-increasing threat of cyber attacks. And yet executives and boards will continue to deliberately ignore this risk until their valuables have been stolen. This week’s action: You are choosing your own adventure. Make sure you are comfortable with your choice.

By Sam Glynn|2023-03-08T18:51:27+00:00October 7th, 2022|Categories: cybersecurity|Tags: backups, business continuity, cyber321, incident response, Multi-Factor Authentication, passwords, payment fraud, phishing, ransomware, risk management, software updates, staff awareness, supply chain risk, third party risk management|

Cyber 321: 15th October 2021

Cyber 3-2-1: The vast majority of large firms suffer because of cyber breaches in their supply chain, and yet the majority do not know what to ask their suppliers about cybersecurity. How Google and Microsoft are helping us all to be more cyber secure. And how 55 billion attacks are pointless because of one security measure. This week’s action: Keep privileged accounts for special occasions.

By Sam Glynn|2022-02-10T11:42:02+00:00October 15th, 2021|Categories: cybersecurity|Tags: cyber321, Multi-Factor Authentication, privileged access, supply chain risk|

Cyber 321: 13th August 2021

Cyber 3-2-1: Length matters (for passwords). If you pay a ransomware demand, expect more ransomware. And why there will be no end to your clients asking you about your cybersecurity defences. This week’s action: Do the maths on your backups.

By Sam Glynn|2022-02-10T11:44:06+00:00August 13th, 2021|Categories: cybersecurity|Tags: backups, cyber321, ransomware, supply chain risk, third party risk management|