Whilst cyber catastrophes make headlines, the parallels to natural disasters or acts of war are missing vital pieces necessary for response options to become available. Examining the absent portions -provisions where we stand at present and how far we've to go.
In implementing Zero Trust there are challenges with an inward facing cyber strategy that doesn't include external connections.
Biden's EO 14028 challenges the entire US government cyber ecosystem to rethink how we weave various digital components - inclusion, security, trust into the digital fabric we rely upon. Here we start unpacking various threads needing woven into future developments.
Constant crisis has raised the noise threshold to deafening, creating difficulty in finding your organisation's signal - making it difficult to take stock after managing one crisis whilst preparing before the next one hits. It needn't be so.
We already have moved to an understanding of crisis being part of our BAU, much like the tide it ebbs and flows with regularity. Constant crisis creates new tolerance thresholds whilst shifting perception away from incidents being of note or cause for alarm. No sirens are sounded, as the chorus would be indistinguishable.
Reading the recent report from the Ransomware Task Force reminds us of the advantages and limitations task forces offer. In any cresting malicious cyber trend, the tide go out when the monetary spends exceed gains. Bounds imposed on task forces create challenges for lasting change.
One of the most recognised risks is third party/ app supplier risks, as they provision the tools used to create your business' client services. Here is how to create a simple path, limiting disruption from a cyber event.
Using traditional intelligence models in private sector often doesn't account for the difference in audience and scope of responses available. By separating the focus between actors and actions, CTI practitioners can focus on delivering actionable intel to decision-makers thus also building the case for cyber as a value generating component of the P&L.
Evaluations such as risk are partially built on external threat assessments, regarded as intelligence. Understanding what intel is, what it can do, and what it cannot is foundational to recognise the spectrum of offerings. The following synopsis of intel from a cyber perspective starts a whole new line of inquiry.
Bad actors' use of phishing in many forms to gain access is common. Phishing used against people with vision-related disabilities using assistive technology requires further conversations and considerations.