Blog
When working from home isn’t as safe
Are we really safe and secure when working from home amid the Covid-19 pandemic? Check out the cyber security insights shared by Quan Heng.
ACSC Essential Eight Assessment Services
Australian Cyber Security Centre’s (ACSC) Strategy to Mitigate Cyber Security Incidents provides a prioritised list of mitigation strategies to assist organisations in protecting their systems and their crown jewels against a range of adversaries. The mitigation strategies advised by ACSC vary and can be customised based on the risk profile, the industry sector and the adversaries the organisation is most concerned with.
VeriSaaS – The IRAP journey
Meet the CEO at VeriSaaS, Brice Neilson, as he talks through their journey of undergoing an IRAP assessment up to PROTECTED status, what it means to be IRAP assessed, and why.
“Privasec Delivers Outcomes” | Client Feedback with Makdap’s Head of IT
Makinson d’Apice has long been part of Australia’s business fabric. Check out the testimonial left by Asitha Udumalagala, Head of Information Technology at Makdap.
Cyber Resilience Testing Under the CORIE Framework
The Council of Financial Regulators (CFR) released a framework in December 2020 that
is used to build red team scenarios to test the level of Australian financial services industry’s cyber resilience.
The Cyber Operational Resilience Intelligence-led Exercises (CORIE) framework is a pilot programme of exercises that will mimic the Tactics, Techniques and Procedures (TTPs) of real-life adversaries, creating and utilising tools, and using techniques that may not have been anticipated and planned for. Read more to understand how the CORIE framework could help Financial Institutions (FI) stay competitive and secure by leveraging an unbiased view, and by third-party providers mimicking real-world Advanced Persistent Threats (APTs).
Broadcast Episode New Release | MAS TRM Directive and Third-Party Risk Management
Our latest broadcast episode is now out! In our third episode (Singapore feature), together with our host Quan Heng “Q”, we meet with Angela Yuen, Privasec’s GRC Consultant, as we explore a very topical discussion.
We are Hiring! – Check out our open job roles
Due to rapid growth and industry’s demand, our Privasec team is hiring!
Happy International Women’s Day 2021 | #ChoosetoChallenge Special Edition
It’s International’s Womens Day! This year’s IWD 2021 campaign theme is: ‘Choose to Challenge’. From challenge comes change; a challenged world is an alert world. We can all choose to seek out and celebrate achievements, collectively, helping to create an inclusive world.
Singapore’s Safer Cyber Space Masterplan 2020
Singapore’s Safer Cyberspace Masterplan 2020 builds on the second Pillar of the 2016 Singapore Cybersecurity Strategy and outlines a plan towards the creation of a safer and more secure cyberspace in Singapore. The Cyber Security Agency of Singapore (CSA) has developed this Masterplan in consultation with the cybersecurity industry and academia, to raise the general level of cybersecurity in Singapore, for individual users, communities, enterprises, and organisations. The Masterplan comprises three thrusts, to: Secure our core digital infrastructure; Safeguard our cyberspace activities; and Empower our cyber-savvy population. The Masterplan also outlines 11 initiatives under these three thrusts (as shown in the infographic below) that serve as examples of how we intend to better safeguard and protect our cyberspace, and mitigate the impact through swift detection and response to cyber threats. Everyone has a role to play in the cybersecurity of our shared digital space, and enterprises, organisations and individuals can leverage the initiatives in the Masterplan to better protect themselves. Demo content from https://www.csa.gov.sg/news/publications/safer-cyberspace-masterplan
Hacked!: What To Do Next
EVERNOTE became the latest member of the “we’ve been hacked” club. And the thing is, what was once a pretty exclusive club now lets just about everyone in these days. I’m a member too. And as I discovered when I was hacked last year, my experience was distressingly commonplace. And yet while being hacked may be increasingly familiar, it isn’t getting any less stressful or confusing. It’s hard to know what to do, or where to begin, immediately afterward. Whether you were hacked, phished, had malware installed or just don’t know what the heck happened but there’s somebody all up in your e-mail, here are a few good first steps to take following an incident. This is by no means comprehensive, but it’s a good start. Ask Yourself WhyWhile you are fixing things, it’s a good time to take a step back, and ask yourself a more basic question: What was the reason for the breach? If it was your bank account, the answer may be obvious. In other cases, such as e-mail, it can be for a host of reasons — from using it to send spam, to requesting money from your contacts, to getting password resets on other services. …
The Directors Guide to Cyber Security
You have a firewall, anti-virus installed on each computer, security policies, and the best ITsecurity operations people taking care of your organisation’s cyber security. Everything isunder control, right? Think again. Sony Pictures, The Office of Personnel Management, Ashley Madison, and Targetalso had all of these, yet each was vulnerable to cyber-attacks so damning that the CEOs wereforced to resign. Having to replace a CEO whilst in crisis mode is a challenge for any board,but it gets worse, much worse. Consider if you were on the board of a company that had suffered a $252 million loss as theresult of a cyber-attack. How do you imagine shareholders and customers would react to thatkind of loss? What impact would that have on your conscience? That’s the loss that Targetfaced, resulting in shareholders ousting the board of directors. Imagine waking one morningto discovering your unblemished record of career excellence tarnished by a cyber-attack.What each of these companies failed to have, which could have reduced the risk of cyberattack to within the organisation’s risk appetite, was a board that was engaged and playing a small, but necessary role in combating cyber-attacks. To date, most boards have been passive with respect to cyber security simply …
New CORIE Framework by the Council of Financial Regulators for APRA-regulated financial institutions
A new framework by the Council of Financial Regulators requires APRA-regulated financial institutions to attack themselves in a bid to uplift their cyber preparedness, as APRA orders urgent audits against CPS 234.
The #CORIE framework that has been launched will require banks, super funds and other financial institutions to organize independent red team attack simulations.