Latest News

Modern Application program interfaces (APIs) have been providing developers more options to deliver efficient products/services in minimal time. Sources such as ProgrammableWeb provides a great directory to choose from over 15,000 APIs. However, with more data comes more security concerns. Businesses use APIs to connect services and transfer data and a robust API security strategy is key to improving an organisation’s security posture.

Modern API

According to recent studies on cyber trends, ransomware attacks will continue to evolve and pave the way for two- stage extortion attacks: attacking victims with ransomware attacks to extract files and then extorting a ransom by threating to disclose sensitive data.

Ransomware

Privasec Consultant featured in Symes Report

Image Source: The Symes Report - Leadership of our times. (2019) Issue 5.

Just like many other industries, the aviation industry has reaped benefits of substantial digital transformation. But with more digitalisation comes more risk. The Atlantic Council recently published a report regarding aviation cybersecurity, based on a global survey of 244 respondents. In this report, the two main sets of challenges highlighted are: 

  1. Attempt to weave aviation cybersecurity into flight safety, security, and enterprise information technology has proven difficult.
  2. The second challenge is  third-party risk management. There seems to be an issue between suppliers and customers regarding cybersecurity, with many finding it difficult to incorporate best practices into purchases, as well as difficulties in developing consensus on adequate cybersecurity risk management and transparency.

aviation cyber security

If you’re looking for a dynamic, team oriented environment then Privasec might be the right place for you. Career progression is available for the right candidate who is able to demonstrate great work ethic and target attainment.

Sales Development Representative Sydney

Application control treats software as packages and places trust in them for software management, however Application Whitelisting uniquely identifies every file and application as a unique item regardless of which software it belongs to.  

application control vs application whitelisting

Cyber-attacks are inevitable to any business. But during a cyber-attack incident, there is no time to waste. Just like a 911 call, your cyber-security partner should start providing immediate remote support upon notification to assess the gravity of the incident and work to contain it.

incident management cycle

 How prepared is your business to handle a cyber incident or defend against a cyber-attack? Here are your key steps to preparing a robust  incident response capability: 

Just like other businesses, the Australian federal government has undertaken substantial digital transformation in projects such as myGov, Digital Entity, cloud.gov.au, data.gov.au etc. But with more digitalisation, comes more risk. In recent years, malicious actors have been successfully finding ways to overcome government capabilities. For this reason, Information security has been a top national priority for the Australian government.

IRAP ISM Compliance

Traditionally, the Offenders (Red Team) and Defenders (Blue Team) have been considered two sides of the same security coin. While the Red team emulate an attacker exploiting a vulnerability in an organisation’s systems, the Blue team is responsible for building security controls to defend against the attackers. As both the activities are integral in improving the cyber security posture of a company, an integration between both mindsets is crucial in achieving the desired business objectives. Purple teaming process involves consistent knowledge sharing between both the Red and Blue teams for continuous process improvements:

  • Defence informs the offence about their controls, monitoring and how to respond to the security incidents.
  • Offence on the other hand, informs defence about TPPs (Techniques, Tactics and Procedures). 

Privasec Purple Teaming

Is it possible to calculate the return of investment on cybersecurity controls?

Traditionally, organisations have struggled to calculate the financial losses from cyberattacks/ fraud and prioritise security investments based on Return of investment (ROI). Frameworks such as APRA CPS 234 demand regulated entities to maintain information security capability commensurate with information security vulnerabilities and threats. However, the APRA CPS 234 framework doesn’t provide enough information to articulate cyber risks in financial metrics with which business executives and board are familiar with. FAIR is one framework that helps quantify the risks and measure the expected financial loss due to a cyber attack.

Dollar Value on Cyber Risks