Risk - dotSec - Cyber security specialists

TPSP AOCs save you money!

a tpsp WILL SAVE YOU MONEY! Protecting sensitive information has become a vital aspect of running any business, and one area that requires a high level of vigilance is payment security, especially for businesses that handle credit card (also known as cardholder) data. These businesses must adhere to the Payment Card Industry Data Security Standard […]

DotSec’s AOC saves you money!

DotSec’s AOC saves you money! Payment card information remains one of the most targeted forms of data. For Australian organisations that store, process or transmit cardholder data, PCI DSS compliance is essential — not simply as an annual requirement, but as a way to reduce risk and improve the security of systems that support payment […]

Hey nice business!

Hey, nice business! Lack of awareness has led some organisations to believe that ransomware and extortion attacks are uncommon. This in turn can lead to a perception that the level of business risk does not warrant expenditure on improving cybersecurity maturity. Consequently many organisations are poorly protected and open to compromise, and are unable to […]

Relax! it’s not my first time!

Oh for heavens sake! Can we all agree that the Optus event doesn’t really matter? I mean, it really does matter, of course! But still, it kinda feels like deja view all over again [1] and I can’t help but think I should relax! It’s not my first time! Once upon a time… [2] Five years […]

Cyber insurance: A risky business

Cyber insurance. A risky business! As the frequency of cyber attacks increases and incident recovery becomes more expensive, it is important for businesses to have cyber insurance to reduce the potential losses associated with such events. In fact, such coverage is something we expect will become mandatory for all kinds of contracts and agreements in […]

It’s in the trees! It’s coming!

It’s in the trees! It’s coming! * Since March, we’ve been very busy providing incident-response and recovery services for organisations that have fallen victim to cyber crime. During that time, we have observed: Similarities in the security services, infrastructure and practices that were in place before the target organisations were compromised. Similarities in tactics and […]

Sophisticated, state-based actors?

Sophisticated, state-based cyber actors? As you will be aware of by now, the Prime Minister warned Australians of “sophisticated, state-based cyber actors” targeting Australian organisations and all tiers of government. But is the sky really falling and if it is, will we all be equally devastated when it crashes down? And what are the risks […]

Scareware v1 – Just silly… probably

Scareware v1 – Just silly Probably Along with lots of other people on the Internet, you’ve probably received an unsolicited email, not only threatening you but claiming to have stolen your password and hacked your web cam. The emails generally go along the following lines: While poorly worded, the email can certainly appear alarming and […]

It’s not what you know…

SOC and SIEM. It’s not what you know. (Actually, that’s exactly what it is!) Monitoring eCommerce sites for compromise DotSec knows that securing eCommerce sites properly can be tricky. Various best-practice guides to securing eCommerce software such as Magento do exist (see [1], [2] below) but despite the efforts of all concerned (including system owners, […]

Security for Australian law firms

2023 State of Cyber Maturity for Australian Law Firms The 2023 State of Cyber Maturity for Australian Law Firms survey invited legal professionals to share their approaches, motivations, decision making, and management towards cyber security. DotSec commissioned independent market research firm Momentum Intelligence to conduct the survey in collaboration with Lawyers Weekly. The survey was conducted on behalf […]