Cloud based email open on PC Education

Business Email Compromise Check List

As part of my Cyber SOC GitHub repo I’ve put together lots of resources to try and help people with some common cyber security tasks, applicable to CISOs through to SOC analysts.

I also want to highlight one of the most common incident types if you are an Office 365 customer is a business email compromise scenario, so I’ve put together a high level view of the steps you might want to take after a BEC event is discovered:

Read more “Business Email Compromise Check List”
Education

Supporting the Cyber Leadership Challenge

Earlier this year I had the honour of supporting the Cyber Leadership Challenge as a judge at the BT Tower! I’ve been a judge at Cyber 912 previously but I’ve always been doing that virtually, so it was great to be able to goto the event not via a webcam! The Cyber Leadership challenge is a national cyber emergency competition for UK university students. The students work in teams through an evolving national major cyber incident, so they will likely be thinking through areas many don’t give two seconds thought to, such as:

Read more “Supporting the Cyber Leadership Challenge”
Leadership

What if breach communications were honest?

Armed with my trusty sidekick, this morning I thought I would see what an LLM would make if I asked it to create public comms for common cyber incidents…. for basically every scenario… it really wanted to tell everyone no data was accessed! Which is amazing, because in almost every incident I’ve seen: Data is accessed!

In a business email compromise (BEC) scenario…. the clue is in the name, it’s already a compromise of confidentiality!

Read more “What if breach communications were honest?”
Threat Intel

An evolution of threat actor

Motivation and a diverse network of people and capabilities can go a long way, then add in digital skills and winning steak… and you have: scattered spider!

There’s a big difference between zero day spraying the internet and planting webshells or copying someone’s open S3 bucket and say…. doxing staff, their families and attacking them and their assets in the real and digital worlds.

I think people won’t broadly grasp the effects that can be achieved (harm) when the adversary is motivated, dedicated, capable, resourced and has very little moral qualms.

There is no magic bullet to defend against an adversary like this, you need a whole of organisation defence (and to pursue even more than that!).

Read more “An evolution of threat actor”
Education

Avoiding an infinite incident response cycle!

Incidents are a part of life, but so is understanding the scope and bounds of an incident. One subject that comes up form time to time is how to define what is and is not ‘part of the incident’. Not everyone uses the same terms, language or definitions (which is true of many things in life). But when it comes to cyber incidents on the ground, details matter, but so do decisions!

Is the role of incident response to solve all security challenges and gaps in an enterprise? Should the recovery phase mitigate all threats? should the entire business be changed due to an incident and is that the role of the response team? When do you define what is and what is not part of the response vs what is a business change project?

Read more “Avoiding an infinite incident response cycle!”
Leadership

Cyber Leadership – Real Life Incidents over the years!

Introduction

I’ve been around a bit now, I started ‘playing’ with technology very young as a kid! Wolf 3D/Doom era etc (ok even before that but whatever) …

In my professional career I’ve worked with literally hundreds of companies, from mega to small, from household names that sell games consoles through to orgs that sell you yummy food! I’ve worked across loads of industries from government through to manufacturing. I’ve dealt with major incidents for the finance sector, healthcare but also, I’ve been inside a range of networks for some time.

Read more “Cyber Leadership – Real Life Incidents over the years!”
Copyright (c) Xservus Limited