Navigating ICS Security: Having your Action Plan Ready

| | CMA, ICS, ICS Security, OT
Trust, respect, understanding. These are all two-way relationships that must be earned over time. Whilst someone being hired in a senior position will likely already have a certain level of each, part of your job is to continuously cultivate all three of these elements with colleagues no matter your grade ... Read More

Navigating ICS Security: Best Practices for ICS Decision-Makers

| | ICS Security
As a security consultant, I’m not going into an environment to design and build an organization’s network from the ground up in most situations. For the majority of the time, I’m working with legacy environments where some old technologies might be phasing out and newer ones joining the mix of ... Read More

Key Cloud Security Challenges and Strategies to Overcome Them

The cloud has changed how we use and consume IT services. Where data resides along with how it is transferred, stored and processed has fundamentally changed and with-it new risk management challenges. Let’s talk about some of those challenges. First and foremost, the cat is out of the bag. We’re ... Read More

Android Banking Trojans: History, Types, Modus Operandi

One sunny morning, my breakfast was interrupted by a phone call from a friend who is an entrepreneur engaged in the transportation of various goods. He said that $11,000 disappeared from his bank account during the night. The bank support service could not help. They advised my friend to report ... Read More

Malware in the Cloud: Protecting Yourself Based on Your Cloud Environment

| | Cloud, IaaS, paas, SaaS
In some ways, the cloud has made security management easier, as many cloud providers have taken the responsibilities traditionally associated with local server management out of your hands. But in other ways, the security management conversation has become more confusing for decision makers, as “cloud” is a very broadly defined ... Read More

Navigating ICS Security: The Value of Frameworks

Since the implementation of the General Data Protection Regulation (GDPR) on 25 May 2018, organizations and even private citizens have globally begun to re-assess what it means to ‘take security seriously’ and to better understand the massive difference between security and privacy. What you may not be familiar with is ... Read More

Honeypots: A Guide To Increasing Security

Honeypots are not a new idea. They have been part of the cybersecurity world for decades and have frequently gone in and out of “fashion” over that period. Recently, though, they have become an increasingly important part of vulnerability management. That’s for a couple of reasons. Honeypots offer real-world data ... Read More

AWS vs. Azure vs. Google – What’s the Difference from a Cloud Security Standpoint?

When mainstream cloud computing first began to appear on the horizon, (Amazon launched its Elastic Compute Cloud product in 2006.) many organizations were initially hesitant to entrust their most valuable data and processes to a technological innovation named after something that appears so delicate. Oh, how times have changed. Today, ... Read More

TikTok Lawsuits Show The Need For Increased Scrutiny of Apps

TikTok, the popular video posting app, has come under increased scrutiny. Recently, two lawsuits filed against the platform accused TikTok of privacy violations. According to a report from Reuters, a plaintiff accused TikTok of creating an account without her knowledge or consent in one lawsuit filed in California. The lawsuit ... Read More

Farewell, Mr. Robot

This is now the third and last blog I will write for State of Security on the topic of the groundbreaking, maverick TV series ‘Mr Robot.’ As this week, the credits rolled one final time on the shows mind bending and utterly bizarre (even by its own standards) conclusion. A ... Read More