All the experts agree – cyber security should be an organisation-wide concern. And yet, in my experience too many organisations, and too many people in those organisations think that cyber security is solely the concern of (a) the security team, or (b) the IT/digital team. In case you need convincing my favourite response is that if there is a cyber-attack (or incident) then it is not the IT team’s job that is at risk, but part of the organisation (if the HR system is compromised it is the HR team who won’t be able to work, not the IT or security teams). Who knows what the impact is of an attack? It’s not IT, that’s for sure. And who is best placed to balance off the needs of the organisation with the cyber risks? It’s not security: if you left it up to me, I’d turn everything off! That’s the only way to be sure (and I get no benefit from it being on, so…)
All going well, by this stage in November we would have been sitting back reflecting on another wonderful Kawaiicon event. As in previous years, the whole Axenic team was looking forward to attending it. However, Kawaiicon 2021 was unfortunately postponed until mid 2022. Just like many events this year, the organisers had to make the tough call of postponing for public health reasons.
In lieu of that, we thought we would pull together a shortlist of some virtual conference material that you can check out instead – it should help feed your cybersecurity knowledge hunger!
Hot off the virtual press is our latest monthly cybersecurity update. Our popular round-up of some of the cybersecurity-related events over the past month that caught our eye. This edition includes our thoughts on the recent Kaseya hack, an emerging job sector for Ransomware-as-a-Service (RaaS) Negotiators and what not to post in online forums when you have access to classified information. Read up on all this and more in the latest newsletter here.
There is a debate at work about what to call what we do. Actually, it’s not really a debate, more sort of a code of silence, or an agreement not to mention the subject in polite company lest it offends. When the subject comes up there is a sort of shuffling of feet, nervous laughter, “ahem”s and a subject quickly changed. But in Axenic’s spirit of transparency let’s get this out in the open: is what we do information security or cybersecurity? Certain people (I’m not naming names but they have numbered among our more beardy team members) have had such strong views that even using the word “cyber” at work is like a red rag to a bull. Actually, while I’m being honest, I have to admit that even though I am amongst the least hirsute of our team, I had strong leanings that way.
A new decade is always something to celebrate. We can now look back on our twen’teens with nostalgia, and talk about all the security threats of the past years. Nation-state attackers, critical infrastructure attacks, fiery banking trojans and the rise of ransomware.
But enough about these threats of the past. Instead, this blog will discuss some of the new-school threats that may surface now that we are in the roaring twenties.
We’ve recently created a new section on our website for case studies. Our customers were telling us that they wanted to hear more about what we’re doing and how we help different organisations. Of course, due to the nature of our work, a lot of this information is confidential and protecting this is always our top priority. However, we are able to share some information and have developed the first of what we believe will be many case studies in collaboration with our client and partners. Our first one showcases how Axenic worked with Not For Profit organisation the Human Rights Measurement Initiative.