Positive Security News - Edition 4
This edition was a bit of a struggle. My usual news sources didn't deliver. In fact, I reached out to LinkedIn for help and wonderfully, a lot of great content was shared by both people I know and people I don't. Power of the internet, huh?
Creating a positive cyber security narrative in A/NZ I love this article as it really articulates the spirit I'm aiming for. Rather than pushing stories about data breaches to buy new toys or influence board level decisions, we could be talking about how adopting a secure by design approach will enable our organisations to have confidence and resilience when during stages of growth. Source: Arnnet.com Credit: Hein Pretorius
How A New Team Of Feds Hacked The Hackers And Got Colonial Pipeline's Ransom Back Remember the US Colonial Pipeline cyber incident? Around $4.6m was paid to the cyber-criminals in order to remove it's ransomware and enable the pipelines to function normally. Well, feds in the US have managed to recover $2.3m of the ransom. It is unclear how exactly they recovered it, though it seems the cyber-criminals were a little careless somewhere along their operation. It's a positive step but is an exception to the rule - usually such funds are very difficult to recover through Bitcoin. Source: NPR.org Credit: Chris McGarity
Bringing Governance, Risk, and Compliance to Life Another article that reflects how a small change in ones vocabulary and questioning can result in better relationships and ultimately, increased security hygiene in an organisation. Here's my favourite extract: "Instead of asking “What are the risks involved?” or “What risks are present?,” we need to re-frame the question and ask “What are our goals?” or “What are our objectives?” Once we understand what we’re trying to achieve, we can move on to “What will prevent us from achieving this goal or objective?” and “What can we do to prevent that happening?” At no point have we asked about the risks involved, yet these questions will give us just what we’re looking for – identifying risks and formulating a risk treatment plan." Source: Tripwire.com (guest author: Gary Hibberd) Credit: Gary Hibberd
Two UK organisations doing great things in our space CAPSLOCK and TechVets are both helping develop exciting talent in the technology and cyber space, albeit in different ways. Each has identified a unique solution to the purported skills gap within cyber security and are driving positive change by helping people from a variety of backgrounds get into the industry. CAPSLOCK is an innovative alternate to university and other routes into the cyber security job market. They put students through 16 weeks of learning, help get them certified and assign them mentors to assist with career development. They do all of these for less than the cost of a university degree and the students pay nothing until they are earning £27k. In James own words: "The first ever cohort of CAPSLOCK learners graduated last week. These are some amazing people who have spent 16 weeks working hard to enter the industry, and I see them having a great future." TechVets are "A bridge for veterans and service leavers into Cyber and Technology careers". They support veterans with re-skilling and helping them into the tech and cyber industry through their own partner network of companies. At the time of writing there is a community of 6,000 ex-veterans. Resources: CAPSLOCK | TechVets Credit: Alex Martin, James Bore, James Murphy
Huge thanks to everyone who reached out with a positive security news item! Until next time.