There is a debate at work about what to call what we do. Actually, it’s not really a debate, more sort of a code of silence, or an agreement not to mention the subject in polite company lest it offends. When the subject comes up there is a sort of shuffling of feet, nervous laughter, “ahem”s and a subject quickly changed. But in Axenic’s spirit of transparency let’s get this out in the open: is what we do information security or cybersecurity? Certain people (I’m not naming names but they have numbered among our more beardy team members) have had such strong views that even using the word “cyber” at work is like a red rag to a bull. Actually, while I’m being honest, I have to admit that even though I am amongst the least hirsute of our team, I had strong leanings that way.
Over the past few years, I’ve led and been involved in many security audits on both sides of the table, which has helped me develop some insights worth sharing. Sometimes these auditing engagements are seen as something to just get through, however, there were a few organisations which really made the most of the exercise and applied the impartial information learned to gain a more accurate understanding of their real risk exposure. After all, that is the primary reason for performing these assurance activities, isn’t it? To ensure the implementation of the most relevant controls, for managing the highest rated risks, occurs within resourcing and budgetary constraints.
We’ve been seeing a bit of a buzz in the technical security press about a new method of phishing that bypasses many key security controls. Using a rogue Azure app, the attacker tricks the user into granting the app permissions to access their Office 365 email account and all of the information associated with it. Patrick Gray at Risky Business has been writing and talking up a storm on this one, and we believe that he is right to do so. In fact, we thought this was interesting and scary enough to let you know so you can understand what’s going on and maybe do something to prevent it.
It is official! The Axenic team has moved offices. We are excited to have settled into our new space which is now located on level 7, 44 Victoria Street Wellington. Over the last year at Axenic our team has been growing and we needed some more space. It feels like a while ago when we said farewell to the old office and packed up back on Saturday 15th February. A lot has changed since then including a stint at home for all of us during Covid-19 Level 4 and 3 restrictions. However we are happy to be back in our new space, it has 3 large meeting rooms, a decent boardroom, not to mention the central CBD location. Moving is an exciting change and sometimes we forget the importance of security when the move-in day arrives. In this blog we discuss building security and other important considerations when moving offices.
“How does driving a 1,300km journey during the COVID-19 lockdown relate to PCI compliance?” I hear you say…
As those of you who know me, or have seen me present will know, I love a good metaphor.
Over Easter weekend I had the somewhat surreal experience of driving the 1,300km journey from home to Auckland International Airport and back again during New Zealand’s level 4 COVID-19 lockdown. On the trip home I was reflecting and couldn’t help thinking about the similarities between the lockdown, making this a safe compliant trip and PCI DSS compliance.