Automating the JML Process in a Remote Working World with IA-Connect
09/10/2023Press Release: Ultima named as supplier on Crown Commercial Service’s TePAS 2 framework
16/10/2023Let’s tackle the elephant in the room—money. Finances are a frequent topic of conversation, and the world of cyber security is no exception. As someone from Yorkshire, I wholeheartedly understand the importance of being prudent with resources. In today’s landscape, organisations must be more resourceful than ever before.
Paid subscriptions, services, and products undoubtedly play a crucial role in our industry. They bring groundbreaking innovations and the ability to thwart highly sophisticated cyber attacks. However, what if I told you that not everything demands a price tag? Too often, we hear the adage, “You don’t get anything for nothing,”. But there are actions that all organisations can take to bolster their resilience without breaking the bank.
Craft and facilitate a positive security culture.
We’ve all heard “Humans are the weakest link,” perhaps more times than we’d like. The key here is empowerment. Humans are often labelled as the weakest link because they haven’t been adequately empowered. When it comes to culture, it’s a buzzword that can mean different things to different people. Regardless of your organisation’s unique security culture, it’s essential to guide individuals within the organisation to reliable sources of security advice.
Not every report or concern will necessitate immediate action but demonstrating that employees can raise concerns and have them investigated is a pivotal step. Cultivating an environment where individuals feel comfortable raising concerns, even if they don’t fully grasp cyber security intricacies, can lead to empowering people and positive outcomes. What might seem like a minor issue today, such as a new employee they haven’t met, could uncover a more significant threat, like invoice fraud, tomorrow.
Accurately Define Testing Scopes
Testing itself may not be free, but defining the scope certainly is. It’s a common pitfall to either encompass everything or nearly nothing within a testing scope. This can leave you with either too little or too much insight into your security posture, making it challenging to derive actionable insights.
Before delving into scoping, take a step back and consider the importance of creating and maintaining an asset register for your infrastructure. An asset register provides a foundational understanding of your infrastructure, a critical prerequisite for effective scoping.
When it comes to scoping, leverage your asset register to define testing scopes. By doing so, you can maximise the value of your testing efforts and make the most of your investment.
Build your Network of Peers
The cyber security landscape is an extension of the larger hacker community. While hackers are often portrayed as criminals or anarchists, the truth is that this community is built on values, trust, and organisation. Hackers even have their own manifesto, one of which includes the principle that no problem should ever be solved twice.
Chances are that the challenges you’re facing have already been encountered and addressed by others in the industry. Solutions may not always come free of charge, but by tapping into the collective experiences of your peers, you can navigate in the right direction.
The Ultima Resiliency Team is a passionate group dedicated to helping organisations fortify themselves against cyber attacks and social engineering. By following our team members on LinkedIn, you may uncover valuable hints and tips. We also regularly share insights using #UltimaResiliency.
Richard De Vere, Head of Social Engineering
Steven Turner, Education and Coaching
Chris Dyer, Offensive Testing
Lee Drinkwater, Offensive Testing
Bryan O’Sullivan, Cyber Essentials
Infosecurity Europe is one of the largest annual conferences and exhibitions, that hosts unmatched networking opportunities and relationship-building opportunities. Attending the exhibition is free and many vendors provide free talks, seminars and workshops. The event is set to run between 4th and 6th June 2024 at ExCeL London.
Printed Materials
So enough of me saying what everyone can do for free and to put my money (or the lack of), where my mouth is.
As part of The AntiSocial Engineer, we have engaging security education materials. From our Knowledge Lab platform to tailored security training programmes. Keeping it simple, we also provide posters. If you’d like a pack of our posters sent to you free of charge, email URT@ultima.com and we’ll get them shipped out as soon as possible.