Now that the media hysteria has abated on the topic of DDoS, it seems timely for us to provide some commentary on this long standing topic from the perspective of security professionals.
The recent Distributed Denial of Service (DDoS) attacks on NZX, Stuff, RNZ, and many more have had the media bombarding us with updates and semi-new information aimed to keep us, the general public informed. Reading some articles on RNZ, Stuff, and NZHerald provide similar information on the attack.
There is no denying that the threat of sophisticated cyber-attacks are real, and while raising awareness about what is currently happening is a good thing, doing so without care may not be helpful. Read More
There is a debate at work about what to call what we do. Actually, it’s not really a debate, more sort of a code of silence, or an agreement not to mention the subject in polite company lest it offends. When the subject comes up there is a sort of shuffling of feet, nervous laughter, “ahem”s and a subject quickly changed. But in Axenic’s spirit of transparency let’s get this out in the open: is what we do information security or cybersecurity? Certain people (I’m not naming names but they have numbered among our more beardy team members) have had such strong views that even using the word “cyber” at work is like a red rag to a bull. Actually, while I’m being honest, I have to admit that even though I am amongst the least hirsute of our team, I had strong leanings that way. Read More
Over the past few years, I’ve led and been involved in many security audits on both sides of the table, which has helped me develop some insights worth sharing. Sometimes these auditing engagements are seen as something to just get through, however, there were a few organisations which really made the most of the exercise and applied the impartial information learned to gain a more accurate understanding of their real risk exposure. After all, that is the primary reason for performing these assurance activities, isn’t it? To ensure the implementation of the most relevant controls, for managing the highest rated risks, occurs within resourcing and budgetary constraints.
So, how can you ensure your organisation gets the most out of its next security audit? Here are my top 5 recommendations: Read More
We’ve been seeing a bit of a buzz in the technical security press about a new method of phishing that bypasses many key security controls. Using a rogue Azure app, the attacker tricks the user into granting the app permissions to access their Office 365 email account and all of the information associated with it. Patrick Gray at Risky Business has been writing and talking up a storm on this one, and we believe that he is right to do so. In fact, we thought this was interesting and scary enough to let you know so you can understand what’s going on and maybe do something to prevent it. Read More
It is official! The Axenic team has moved offices. We are excited to have settled into our new space which is now located on level 7, 44 Victoria Street Wellington. Over the last year at Axenic our team has been growing and we needed some more space. It feels like a while ago when we said farewell to the old office and packed up back on Saturday 15th February. A lot has changed since then including a stint at home for all of us during Covid-19 Level 4 and 3 restrictions. However we are happy to be back in our new space, it has 3 large meeting rooms, a decent boardroom, not to mention the central CBD location. Moving is an exciting change and sometimes we forget the importance of security when the move-in day arrives. In this blog we discuss building security and other important considerations when moving offices.