REMOTE-WORK RISKS ARE CHANGING - ACT NOW!

SECURITY AWARENESS TRAINING

Security awareness training for compliance and best-practice risk management

SECURITY EVENT MANAGEMENT

It's just a matter of when: Lack of formalised SIEM will lead to system compromise

SECURE CLOUD SERVICES

DotSec provides secure-Cloud services for national and government customers

Slider

DotSec has undertaken four initiatives which will benefit your organisation,  especially if you are experiencing a shift towards en-masse working from home. 

WORKING FROM HOME, STAYING AWARE

Staff working from home for extended periods are more likely to forget the security culture that surrounded them when working on-site.  In many cases, their computers will not be physically secure, nor will they be configured and maintained in accordance with a Secure SOE.  But the real challenge is that these staff will be receiving all manner of COVID-19 phishing emails, and they’re very likely to go web surfing in their spare time, putting them at risk of drive-by and watering-hole attacks.

In the second-last week of March alone, the ACSC and the FBI have warned of an increase in credential-theft attacks related to COVID-19.  And we saw attackers breach Norwegian Cruise Line, shut down health services in Europe, and begin to release confidential information after knocking an Australian logistics firm out of action with (unsurprisingly) yet another ransomware attack.

Our own tests show that when users do not receive security awareness training, between 60% and 80% will fall victim to a well crafted attack.

DotSec provides security awareness training, including phishing and reporting, through either your or our on-line training portal. DotSec’s Security Awareness Courses are customised to include full, customer-specific details so that attendees immediately relate to the information being presented.

All courses are professionally presented and entertaining, and  receive consistently positive feedback.

CALM IN THE EYE OF THE STORM

With the increasing numbers of staff working from home, your sec-ops team are now in fire-fighting mode, and are being overwhelmed with configuration and deployment tasks, and a huge spike in support calls from the huge, newly-deployed pool of work-from-home users. The attackers will know that the sec-ops team in every organisation is now flat-out just keeping the business afloat, and they’ll know that the next few weeks will present them with the opportunity of a lifetime.  According to IBM and the Ponemon Institute, the average time taken to respond to a data breach in 2019 was 279 days, with an average breach cost of nearly US$4M!  For local examples, one need look no further than this helpful summary page. It’s clear that organisations that do not do SIEM well are unlikely to notice a compromise at the best of times, but in today’s now-chaotic world, it’s certain (or pretty close to it) that those businesses will fail to notice an attacker’s activities moving quietly inside the swirling storm. And COVID-19 will not be useful as a mitigating factor when breaches need to be reported on and cyber-insurance assessors begin an audit of the breached organisation’s infosec maturity and adherence to best practices. DotSec’s SIEM deployments are done on a fixed price and will reduce the likelihood that a system compromise will occur and, should such a compromise occur, that it will go unnoticed. Or, if you prefer, DotSec can manage the whole SIEM infrastructure for you!

MATURITY ASSESSMENT AND PRIORITISATION

As the BAU requirements mount, the focus on longer term goals tends to slip.  In particular, it becomes difficult to prioritise compliance and best-practice goals, even though the risk of ad-hoc and short-sighted decisions increases without a solid security framework.

With just an hour of your time, DotSec can help you to identify areas of risk and reset your priorities, by conducting a brief cybersecurity maturity assessment that will allow you to gain a quick understanding of where your organisation should prioritise its infosec efforts.  We use an independent, industry leading solution for our maturity assessments to give you peace of mind and comfort that the assessment isn’t simply a DotSec-canned, pre-sales exercise.

And perhaps best of all in these work-from-home times, we can complete the assessment remotely using the assessment tool’s on-line dashboard and the Zoom on-line meeting service. 

The assessment report is perfect for an executive and Board audience because it is succinct and to the point, with clear summaries and graphics that will allow decision makers to easily prioritise their time, human resources and budget amidst the current noise and confusion.

e-COFFEE CATCH-UPS TO KEEP IN TOUCH

Sadly, it will be a while before we can meet many of our clients face-to-face. While this is disappointing from a purely social aspect, it is also risky from an infosec perspective:  Many is the time that a general or catch-up discussion has led to the identification of an issue that needs to be addressed, or an opportunity for strategic improvements.

In order to fill this gap at least somewhat, we’re going to be conducting on-line sessions using Zoom that  will allow you to chat with out infosec experts (alas, sans coffee) about whatever infosec challenges you may be facing.

Aspects of information security such as phishing, awareness training, vulnerability management and SIEM are likely to be highly relevant, especially where an organisation’s remote workforce has grown rapidly and now includes newly-remote employees who are not infosec experts, who cannot be relied upon to maintain systems securely,  and who may well be spooked into clicking on just the wrong link because of some alarming (or fake) COVID-19 news. 

There is no charge for this service; we’re simply providing it to replace the coffee catch-ups that are likely to soon become impossible, at least for a while. Please contact us and we’ll book something in.

Let DotSec manage and monitor your secure on-line services!

Insurers and major compliance frameworks and guidelines (such as the PCI DSS, ISO/IEC 27001, CPS 234, and the ISM) recommend or demand that systems are monitored and that security incidents are identified and responded to in a timely manner. Rely on DotSec and forget about training, managing and retaining staff, and ensuring that your systems administrators have the time and skills to operate your SIEM/SOAR service effectively.