Four angels to avoid the risk of Cyber Security Fatigue

Four angels to avoid the risk of Cyber Security Fatigue

Every day we get overwhelmed with information about cyber security. Whether it is security staff monitoring security logs, IT staff constantly patching, or managers hearing about required improvements, the list goes on and on. As a result, people develop cyber security fatigue. Cyber security fatigue can also be defined as virtually giving up on proactively defending against malicious actors. According to a CISO benchmark study of technology vendor Cisco, 42% of

Five questions the board can ask to stay “Left of Bang.”

Five questions the board can ask to stay “Left of Bang.”

Much uncertainty and fear are sown in the media about Ransomware attacks. Whether Ransomware is a big problem remains to be seen. Recent research shows that ransomware has no impact on the economic value of the organization1. The question is more what form of impact we know; technological, political, economic, or social. We know from experience that the stock price is not the only yardstick for determining the effects of

Duurzame CISO is vooral leider in gedragsverandering

Duurzame CISO is vooral leider in gedragsverandering

Dit artikel is gepubliceerd in AGConnect nummer 1/2 -januari/februari 2022 Digital Security is niet langer het werkveld van een enkeling. De bedrijfsrisico’s zijn groot en niet alleen security professionals moeten aan de slag om informatiebeveiliging goed in te regelen, ook de IT’er en alle andere medewerkers. Informatiebeveiliging slaagt alleen als iedereen precies doet wat zij of hij moet doen. Of vooral: Mag. Het belang en het speelveld van digital security

Never trust and always verify – the increasing number of cyber threats & risks

Never trust and always verify – the increasing number of cyber threats & risks

The increased digitization of the world we live and work in, has given rise to an increasing number of cyber threats and IT-risks. Over the past few years, we’ve seen a huge surge in the number, the intensity, and the sophistication of the attacks. But it’s not all doom and gloom. With proper technical solutions such as firewalls, antivirus programs , back-ups and a no-trust attitude, companies can better defend

Why Fear, Uncertainty and Doubt (FUD) fails in Digital Security and being BAD prevails

Why Fear, Uncertainty and Doubt (FUD) fails in Digital Security and being BAD prevails

We all know these cybersecurity specialists or security software sales representatives that want people to act in a certain way or buy certain products by saying things like, “if you don’t do (or buy) this, you will be hacked.” Sadly, this way of communicating is still an often-used approach in Information Security to get the message across or motivate people to “buy” their products or service. We call this approach FUD. FUD

Part 2 Podcast Yuri Bobbert on Oh, Behaav

Part 2 Podcast Yuri Bobbert on Oh, Behaav

In the second part of the Podcast of Oh, Behaav! Yuri discusses several topics from our book “Leading in Digital Security: 12 Ways to Combat the Silent Enemy”, such as; anti-fragility, the influence of a hack on the stock market value of the company, smart utilization of technology and the exploitation of incidents. He also talkes about Zero Trust as a strategy and rethinking what this requires in applying the

Stop Chasing the – CyberSecurity incident – Ambulance

Stop Chasing the – CyberSecurity incident – Ambulance

In the Cyber security arena, we see a lot of self-proclaimed security guru’s in the media these days making a day-job out of chasing ambulances. For those that don’t know the term, an ambulance chaser is somebody looking for a victim and telling him or her what went wrong and why he/she should do better next time. For example, a lawyer who seeks to encourage and profit from the lawsuits

What the hack happened? A CISO perspective on the Cosmos DB vulnerability

What the hack happened? A CISO perspective on the Cosmos DB vulnerability

Recent uproar on the Microsoft Azures database (Cosmos bug) hit the boardroom. A lot of major companies use Microsoft Cloud, so Azure customers were in for a rough surprise. Wiz’s Chief Technology Officer Ami Luttwak (his company found the vulnerability) describes it as “the worst cloud vulnerability you can imagine.”  Bloomberg says Microsoft warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could

The Golden Security Circle

The Golden Security Circle

Our second blog on management models applicable for Digital Security is all about creating a compelling vision. Introduction A common practice in Digital Security is to improve the level of security by implementing a framework (e.g., ISO27001/2, ISF, COBIT, NIST, etc.). Deficiencies in compliance with these frameworks are then defined and improvements can be executed. These improvements are defined in a security plan, which is sometimes misnamed as a security strategy.