Security awareness training is one of the most powerful security controls that a business can deploy to reduce cyber risk, as cybercrime continues to proliferate and evolve.

To mitigate this, educating your staff is key.  When your staff are trained to identify and confidently respond to the various attack vectors used by cybercriminals, they will be in a much better position to defend and safeguard data assets and stop attackers from breaching your network.

We can provide:

• Boardroom to basement– A programmatic approach to cybersecurity awareness training Providing end to end management across all delivery methods and media.
• Phriendly Phishing– A Phishing Simulation platform to harden the defences of your most valuable assets – your staff!
• Individual instructor ledtraining courses both onsite or remote.

The time is now to invest in your staff. Our specialist trainers are here to help you build a cyber resilient workforce to better protect data assets and stop attackers in their tracks.

If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.

The post Educate your staff – Reduce your cyber risk appeared first on Sense of Security.

Our Head of Research Willem Mouton will be jointly presenting with one of our Senior Security Consultants Hamed Merati on the topic of “Breaking Bad (passwords)“. In 2020 password security remains one of the single biggest threats facing all organizations. The aim is to highlight and share a statistical analysis of corporate compromises based on passwords and password policies encountered during security audits over the last 24 months.

Also, our COO Murray Goldschmidt, who is ranked as a top speaker at RSA this year, will be presenting on  “Securing your M&A activity with cyber security due diligence“. The presentation will focus on a case study of a Cyber Due Diligence assignment that changed the position of an astute Buyer & saved them from certain losses. Financial, Tax and Legal DD’s all presented low risk, but within 6 months the target was breached & lost all of its IP. We describe the makeup of a Cyber DD Program and what metrics to use to make informed M&A decisions. Cyber DD should precede all other DD activities. 

Willem and Hamed’s presentation will be held on Friday, 17 July from 12.05 pm – 12.35 pm. Murray’s presentation will be held on Thursday, July 16, 2020 from 12.05 pm – 12.35 pm.

For more information about this years ‘virtual’ RSA APJ Conference visit https://www.rsaconference.com/apj.

You don’t want to miss out

REGISTER NOW!!!!

See you ‘virtually’ in Singapore!!

The post Sense of Security will be represented by three team members at RSA APJ 2020 appeared first on Sense of Security.

Much like other IT aspects, mobile applications are not without their weaknesses as well.

Compatibility for different types of platforms, backwards-compatibility with older versions, weak or no integration of platform security features, insufficient protection of private information and insecure corporate service access are major concerns when it comes to secure development and usage of Mobile Applications across all platforms.

Because of these technical and business risks, secure mobile application and web service design, development and testing procedures should be used by business managers, software developers, auditors and security engineers.

Download the below datasheet to get a better understanding  of securely developing your mobile applications.

[contact-form-7]

If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.

The post Secure Mobile Application Development Training appeared first on Sense of Security.

The post Join Alastair MacGibbon and Murray Goldschmidt for our interactive Cyber Dialogue Q&A webinar on the new normal of business and cyber security. appeared first on Sense of Security.

Addressing security in a fast-moving DevOps environment is essential, not just for the long-term success of your service delivery lifecycle (SDLC) but for the protection of your entire stack of tools and processes.

The full-day (or two-day) training tutorial examines ways of integrating security into DevOps environments by looking at opportunities at each stage of the development cycle.

Above all, the core focus is on automating repeatable security tasks allowing “low-hanging-fruit” issues to be remediated without human intervention.

Download the below datasheet to get a better understanding around DevOps Security Automation Training.

[contact-form-7]

If you have any questions or would like to discuss your security training needs contact us today or call 1300 922 923.

The post DevOps Security Automation Training appeared first on Sense of Security.

The post Working from home and your Cyber Security appeared first on Sense of Security.

[contact-form-7]

The post Cyber Security for Smart Grids appeared first on Sense of Security.

Windows 10 is the platform of choice for large scale, corporate controlled, end user OS deployments. Referred to through many names incl Enterprise Roll-Outs, Standard Operating Environments (SOE), Golden Image deployment etc they all relate to the same thing. A standardized deployment that needs to be secured at creation and then managed for the lifetime in operation. Large corps & govt tend to use the same formula. Create an image. Add in some enterprise mgmt features, end point security & full disk encryption. Harden. Test it (maybe). Operate it in the field. Deal with any fall out. These are high cost, time sensitive, task management centric projects. Using an outsourced partner to design, implement & manage the process adds in an element of supply chain risk – making the entire solution susceptible to long term time-in-market attacks. This includes a timeless opportunity for total environment-take-over. It is our experience that organisations are short-changing themselves by doing very limited testing of the system prior to deployment. At best this is limited to a hardening review.

This presentation describes a case-study for why testing is required to address a stream of risks and how this saved a large corporate from deploying an image that was certain to result in 10,000+ machines being remotely controlled by an adversary.

To learn more download our presentation here. For more information call us on 1300 922 933.

The post Presentation: RSA USA 2020 – Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed appeared first on Sense of Security.

A common cyber-attack technique is to lure a victim to browse to an attacker controlled website that is hosting malware or the like. One way to lure a victim is to register a DNS domain that resembles that of a major brand, and then either entice the victim to visit the website, for instance via an email message, or to simply wait for the victim to mistype or misspell the major brand’s website address. This registering of a similar DNS domain is commonly referred to as domain squatting. People are encouraged to be suspicious of emails received from unknown senders, but what happens when an email appears to come from a known person or organization, and the emails and its attachments are in line with the expected content. Again, research into similar topics isn’t new. However, by utilizing domain squatting the registering of DNS domains can be extracted by examining email flows, and the email content categorized by applying topic modelling on their contents. This allows for specifically crafted spear-phishing emails that match both the expected email sender and the topics of correspondence, which drastically increases the chances of a successful phish.

In this session, it will be demonstrated how old school domain squatting can be modernized to include OSINT gathering and the delivery of weaponized documents using email messages. The result is scarily accurate corporate relationship and supply chain mappings, as well as re-purposing actual business documents into spear-phishing attacks.

To learn more download our presentation here. For more information call us on 1300 922 933.

The post Presentation: RSA USA 2020 – What Was Once Old Is New Again: Domain Squatting in 2020 appeared first on Sense of Security.

Our Practice Manager Jeremy du Bruyn and our Head of Research Willem Mouton will be jointly presenting What Was Once Old Is New Again: Domain Squatting in 2020.  In this session the presenters will demonstrate how old school domain squatting can be modernized to include OSINT gathering and the delivery of weaponized documents using email messages. The result is scarily accurate corporate relationship and supply chain mappings, as well as re-purposing actual business documents into spear-phishing attacks.

Also, our COO Murray Goldschmidt, who is ranked as a top speaker at RSA this year, will be presenting on  Preventing an Enterprise Win10 Rollout Being Remotely Controlled and Ransomed. A case-study for static and dynamic testing of Win10 enterprise rollout images. How this saved an organization from deploying an image that would have resulted in 10,000+ machines being remotely controlled by an adversary for ransom. Hardening reviews, configuration management, app whitelisting effectiveness, encryption recovery, and the ability to detect and defeat sleeper malware are described.

Jeremy and Willem’s presentation will be held on Thursday, February 27, 2020 from 8:00 am –8:50 am in Moscone West 3004. Murray’s presentation will be held on Thursday, February 27, 2020 from 2:50 pm –3:40 pm in Moscone West 2006.

For more information and to secure your spot for Jeremy and Willem’s presentation visit https://www.rsaconference.com/experts/jeremy-du-bruyn#upcomingsessions or for Murray’s presentation visit https://www.rsaconference.com/experts/murray-goldschmidt#upcomingsessions.

You don’t want to miss out

See you in San Francisco!!

The post Three Sense of Security team members will be presenting at RSA USA 2020 appeared first on Sense of Security.