Search
Type and hit enter
Free Cybersecurity Training If you are student or someone with a limited budget, finding the extra money for training can be challenging. In this post I will share some of my trainings with you , which I believe it will help you Don’t forget the bookmark this page as I will continue to update is […]
10 Cybersecurity Myths You Need To Stop Believing 01. No one cares about you or Your business is too small for a cyber attack! 02 . Your Anti-virus is good enough 03 . Your Passwords are Strong and hard to guess 04 . Your industry doesn’t have any cyber threats 05 . Bringing your own […]
The world has changed a lot since the first case of COVID was found in Wuhan, the virus did not just effect our day to day life’s but also our work . As a board member of an organization how much do you understand about Cybersecurity ? Do you have the right advisors who can help your board to be cyber aware and empower the right person to help the organization stay secure ?
If yes answered any of this questions as yes then you are reading the right blog post. This blog post is going to be about how Boards of any size of a company can ensure their CISO /CIO or IT teams are doing the right thing to protect their business. Let’s start !
We all know that there are two type of organizations
Any company regardless of their size should assume breach and take the right approach to minimize their effect in case of a cyber attack. While there is two types of organizations of course there is also two types of boards.
It’s a famous saying by entrepreneurs that they hire are smarter people then themself , while I saw many hiring managers they do the opposite, also at a board level!. Someone with good connections can be easily hired in C -Level Technical positions, and in my career I helped many of those to get back to their business through Incident Response teams 🙁 A good example for this can be the famous SolarWinds attack , where the ex CEO and current top executives blamed an intern for using a password “SolarWinds123” ! Don’t you think it was a lame excuse ? So what are you doing not to be in the same sport as those executives ?
By now any board member should know that Cybersecurity is not just a cost center and a technical element. IT is a “key” component that can transform business and if the technology is used correctly IT is actually a profit center . Look at companies that invested in the cloud way before COVID, and how easy they transformed from working in the office to remote !
Boards should support innovation, and innovation is mostly done with technology. While Technology is important , securing it is of course as important , that’s why ask Boards should tasks their executive management to have Incident Response in place, foreseen any possible cyber attack and in case it happens how to get back online as soon as possible , and while the tech teams will be busy doing that they should know how to communicate this with their customers / partners /media and of course the regulators / government. Boards needs to be minded innovative and resilient.
Ok then, what are the 4 key questions boards needs to address ?
1- How can IT help to make revenue ?
Your Digital transformation program is not just about technology, but also Risks. While Technology is implemented used, risk management should identify any possible gaps , and any gaps which can not be mitigated should be known by the Board,
2- What is your Cybersecurity Strategy ?
In other words what does cybersecurity mean to your organization?
As the board you need to know the consequences if your organization is breached, how to respond to not just the attack but also customers, share holders , partners , and more ! The Boards needs to approve the “Cyber Risk Framework ” The possible exposers needs to assessed for impacts based on metrics such as response time, cost and legal or compliance implications, and planned for to attract investment commensurate to a risk-based assessment.
Any board should know need what information is business critical, you need to be able to answer the below questions with our any hesitation :
All the answers for the questions above will give you “satisfaction” on how your critical information , assets and data are secured. The board should have confidence on what is done in the IT space and how it effects the organization.
And the final step about the stagy will be about how the budget is aligned and how the recourses has been allocated to make the Cyber Strategy a successful. In other words the ROI needs to be clear.
3.As a board, what is our plan to develop in the areas in which we’re lacking?
Appointing ownership for the cyber security project is important . Its also important to know / understand the legal implications of cyber risks , the ownership of the Cyber plan, ( The Chief Information Security Officer – CISO) should be empowered to implement the strategy with success and reach to any of the board member as necessary , when needed.
4. Does the board has the right committee to understand cyber matters ?
Most of the boards have external advisors , and its really important to select the right advisor who understands not just business but also Cybersecurity to its core.
I saw many “external board advisors ” which are again assigned based on “recommendations” which is not wring for sure, but if the recommendations comes from a board who is not aware that they are “cyber ready’ then the recommendation is not going to be right !
Again through my career I met many advisors wondering how they were advising others while themself had no clue of even the basics of Cybersecurity . For sure they were excellent communicators using the right buzzwords , based on some articles they were reading.
There will be more blog post in the near future about this topic, so please keep an eye at my LinkedIn page or here to read more.
If you think you need help to understand Cybersecurity better, you might read my new book , which you can see the details below :
Continue reading 4 Cybersecurity Questions Boards Need to Address and Beware of!
CISOs End to End Security Operations This is the second part of the article, you can read the first part from here Leading auditing and compliance initiatives A CISO and an organization’s security team are tasked with leading auditing efforts of the company’s security systems and ensuring that a company complies with all the security standards and regulations that govern […]
A short summary of a CISO’s role definition, and the six critical responsibilities underpin Chief Information Security Officer’s success, here free to download or browse at LinkedIn with out any download need .
Download right from this blog : A CISO’s Role in Security Leadership
View via LinkedIn : Click Here
Continue reading A CISOs role in Security Leadership – 6 Critical Tips ( Free PDF)
CISOs End to End Security Operations The Chief Information Security Officer (CISO) ensures the end-to-end (E2E) security operations of an organization. Together with their security team, they handle all security operations, enforce policies, and evaluate and address system vulnerabilities to ensure that a company’s information assets are safe from both internal and external threats. This chapter will cover a typical […]
A phishing attack is an attack vector that cybercriminals use it mainly for identity theft, which they manipulate users to hand over their personal and sensitive information. It is a sort of social engineering attack which is mainly initiated via email. For instance, in many cases, cybercriminals sent out warnings to users manipulating them to change their passwords, but redirecting them to a fake website in an attempt to harvest their credentials.
No matter how secure your network or computers system and software, the weakest link in security posture, the people element can be exploited. Since it is easy to impersonate people acquainted, and get the information needed. Thus, traditional security solutions are not enough to reduce these attacks.
Sometimes, cybercriminals launch phishing attacks to collect information for a sophisticated and successful enterprise attack. Since, humans element is the weakest link in the security chain, that over 95% of successful cyber attack results from human error.
It is possible to reduce the risks of phishing attacks by checking your emails with care and looking at the signs for phishing scams. Also, it is important to be careful while browsing online and see phishing signs.
Beware of emails asking for confidential information or login credentials. Legitimate organizations like financial institutions never request sensitive information by email.
Even if it appears to be from a known, trusted source, never click on links, download files or open attachments in emails or on social media. Call the sender and verify email before doing anything on it.
Never click on links in an email to a website unless you are absolutely sure that it is authentic. When necessary, type the URL into an address bar in the browser to see it is a real website.
Today many web browsers already include security features to help you stay safe online. These built-in browser tools can block annoying pop-ups, send Do Not Track requests to websites, disable unsafe Flash content, stop malicious downloads, and control which sites can access your webcam, microphone, etc.
● Chrome: Settings > Advanced > Privacy and security
● Edge: Settings > Advanced settings
● Firefox: Options > Privacy & Security
● Safari: Preferences > Security and Preferences > Privacy [2]
Visit web addresses that start with HTTPS. HTTP (Hypertext Transfer Protocol) is the fundamental protocol for sending data between your web browser and the websites you visit. And HTTPS is just the secure version of this. (The “S” simply stands for “secure”.) It is often used for online banking and shopping because it encrypts your communications to prevent criminals from stealing sensitive information like your credit card numbers and passwords.[2]
Check for the HTTPS and green padlock icon in your browser’s navigation bar. If you do not see it, then the site you’re on is not using a trusted SSL digital certificate, you should never submit sensitive information, such as credit card details.
Moreover, you should never use public Wi-Fi spot for important transactions such as banking, shopping or entering personal information, instead use your mobile connection for phishing protection.
As they are not professional proofreaders, cybercriminals often make mistakes in phishing emails. Therefore, phishing emails are generally obvious due to plenty of grammar errors, redundant words in capitals.
Read your email carefully, and find out if the content has grammar errors for phishing protection. Also, email content can be intriguing to arouse the interest of the users for manipulating them into clicking on the fake link in the email content. If you suspect the content, delete it.
Cybercriminals often use shortened links to manipulate you into thinking you are clicking a legitimate link, however, you can inadvertently be redirected to a fake web address. You should always place your mouse over an address link in an email without clicking, to see if you’re actually being sent to the right website.
If you click on the fake link, you can inadvertently be directed to a fake web address in which once you have entered your credentials such as name, surname, email address and passwords and so on, cybercriminals get your all details. At the same time, you can download a malware from this fake page, which can result in giving your entire system into the hands of cybercriminals.
Usually, threats and urgent messages such as “change your password quickly” especially if they are coming from a legitimate company are a sign of phishing attacks. Please, be reminded once again not to respond to suspicious emails asking for personal information, or demand you act quickly to do something even it is coming from a legitimate source. Cybercriminals can send forged emails using fake email IDs or by hacking into email accounts since they try to get your personal information and use any means necessary to get you to respond.
Most urgency email easily to lure victims to click on the embedded link. Below are examples of subject lines to be cautious of [3]:
● Urgent Action Required
● Your Account will be Deactivated
● Change of Password Required Immediately
● Password Check Required Immediately
Continue reading How to protect yourself from phishing ? 6 Effective Tips
Windows 11 Shut Down shortcut Did you ever wonder how you can shutdown your Windows 11 ( and 10) with a single click ? Its really easy , lets do it in 3 very easy steps 1. Right Click any space in the desktop, Select New then shortcut as shown in the below screenshot 2. […]
Ransomware Attacks Ransomware attacks have been the most prominent threat to enterprises, SMBs, and individuals alike in the last decade. In the last few years, organizations the world over have experienced a sharp uptick in ransomware attacks. From CryptoLocker to WannaCry and NotPetya, ransomware attacks highlights the evolution of ransomware over the years. Ransomware Definition […]
VMware error ” Unable to open kernel device “\\.\VMCIDev\VMX ” Are you getting the bellow error and don’t know how to move ahead, below is an easy fix for your problem ” Unable to open kernel device “\\.\VMCIDev\VMX” Module DevicePowerOn power on failed. ” Steps to fox 1> Open your default VM’s location […]