Welcome to the new 57 cyber warriors who joined us last week. 馃コ Each week, we'll be sharing insights from the MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage. Want to receive our weekly newsletters on LinkedIn? Subscribe here.
This week we鈥檙e focused on鈥︷煋?/h3>
The brilliant basics of cyber hygiene. Or getting the basics right. Or whatever you like to call it. 馃
Actually, we鈥檙e not just talking about getting the basics right; we鈥檙e talking about getting the basics right, and then continuing to keep them right, through the power of the human ability to observe and assess what technology is doing.
Can鈥檛 tech verify its own efficiency?
During a panel discussion about cyber hygiene, Rasha Abu Alsaud (EVP and CISO at Saudi National Bank) said:
鈥淚 think it鈥檚 important that in addition to the reliance on technology, manual validation needs to be practised as well, to check the effectiveness of the controls in place.鈥?/p>
In the era of AI and automation, the notion that we still have to manually validate technological processes in cyber is still highly relevant.
Yes, the tech can report on its own processes. But then the question is whether those reports are always accurate 鈥?and what happens if technology is left to self-perpetuate its own inadequate reporting and its own inefficient processes.
The basics of cyber hygiene
The basics of cyber hygiene are widely agreed to be:
馃搶Using strong passwords (and changing them frequently)
馃搶Keeping on top of software updates
馃搶Not clicking on potentially nefarious links
馃搶Using multi-factor authentication to protect data and third party entry points
And these basics apply to both organisations and individuals.
Many cyber hygiene tasks can be automated 鈥?and many vendor products today provide regular automated reporting on hygiene too. But what if those reports are missing crucial details鉂?What if they鈥檙e reporting on outdated information about endpoints, users, or critical data鉂?/p>
And what if those errors don鈥檛 get picked up and fixed, so the accuracy gap gets bigger and bigger with every automated report that鈥檚 produced?
Cyber hygiene audits, led by people 馃懆鈥嶐煉拣煈┾€嶐煉?/h4>
Cyber hygiene isn鈥檛 just one process, and good cyber hygiene can鈥檛 be determined by one piece of reporting software. It鈥檚 lots of different technologies, lots of different manual processes, and lots of different automatic processes 鈥?that all come together as one bigger picture.
For example, cyber hygiene includes鈥?/p>
- How data is encrypted and stored
- How you document processes and tasks, and how employees access that documentation
- Visibility over third party apps and users
- Authentication processes
- Patching
鈥nd more.
Different technologies can audit how well these various aspects of your organisation鈥檚 overall hygiene are being monitored and protected. But to get a clear view of that overall hygiene, you need a human to audit the audits; to work through those reports, pick up on inconsistencies or missing information, and make sure that the tapestry of your security system isn鈥檛 missing any crucial threads.
Automated auditing is good. Manual auditing is also good. And together, automation and human validation make for much greater cyber resilience.
Do you use human validation to check your cyber hygiene?
1. NO - it鈥檚 all automated 馃枾 vote
2. YES - a combination of automated manual validation 馃懆鈥嶐煉火煈┾€嶐煉?vote
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 02 August 2023.
Catch you next week,Steve DurningExhibition Director
P.S. - Mark your calendars for the return of MEA from 馃搮 14 - 16 November 2023. Want to be a part of the action?
Click To RegisterGamaCopy mimics the Russian Gamaredon APT and launches attacks against Russian-speaking targets
Git leak && AWS AKSK && AWS Lambda cli && Function Information Leakage && JWT secret leak
From the making of badusb to the anti-kill CS online
Anti-Anti-Virus Basics - Basic Knowledge
Database入门:Master the five basic operations of MySQL database and easily navigate the data world!
评论已关闭