We already have moved to an understanding of crisis being part of our BAU, much like the tide it ebbs and flows with regularity. Constant crisis creates new tolerance thresholds whilst shifting perception away from incidents being of note or cause for alarm. No sirens are sounded, as the chorus would be indistinguishable.
Reading the recent report from the Ransomware Task Force reminds us of the advantages and limitations task forces offer. In any cresting malicious cyber trend, the tide go out when the monetary spends exceed gains. Bounds imposed on task forces create challenges for lasting change.
One of the most recognised risks is third party/ app supplier risks, as they provision the tools used to create your business' client services. Here is how to create a simple path, limiting disruption from a cyber event.
Using traditional intelligence models in private sector often doesn't account for the difference in audience and scope of responses available. By separating the focus between actors and actions, CTI practitioners can focus on delivering actionable intel to decision-makers thus also building the case for cyber as a value generating component of the P&L.
If we focus on how to get the best out of the team without focusing on the team, we look at process and results without looking at team dynamics. The difference between liking what you do logically, and loving what you do on a deeper emotional level is rooted in the team having good dynamics and feeling like they are part of a purposeful whole. Resetting VCAT is a way we build and re-build the team.
It's said you can't step into the same river twice, and oysters create layers of beauty encapsulating threat. Lessons from both in the growth of individuals and organisations.
Evaluations such as risk are partially built on external threat assessments, regarded as intelligence. Understanding what intel is, what it can do, and what it cannot is foundational to recognise the spectrum of offerings. The following synopsis of intel from a cyber perspective starts a whole new line of inquiry.
Bad actors' use of phishing in many forms to gain access is common. Phishing used against people with vision-related disabilities using assistive technology requires further conversations and considerations.
Organisational inclusion of individuals requiring assistive technology potentially incurs and assumes cyber risks for both parties. Care and consideration must be taken to protect the assistive technology user and the integrating organisation's environment.
Cyber is commonly seen by businesses as a cost center. Changes are afoot that suggest it is increasingly a revenue generator. There are great gains in client relationships to be made if organizations that are not vendors of these services think in a similar way about offering value from their cyber teams' work.