The week in security: Are you looking for security guidance from the right places?

While most companies recognise the importance of cybersecurity standards and guidelines in improving their security postures, few companies are actually using the ASD’s Essential Eight guidelines to direct their security efforts, according to a new end-user survey.

This leaves them more exposed than they should be to the depredations of insecure Android apps that, a recent review has concluded, are laced with critical vulnerabilities thanks to their dependence on open-source applications that are not always updated as frequently as they should be.

Most CISOs aren’t as good at explaining these issues to executives, one cybersecurity consultant and CISO has warned, leaving them holding the bag when things go wrong.

Such shortcomings highlight the importance of embracing technologies like robotic process automation to improve the handling of routine security issues and allow CSOs to focus more time on executive education and other value-added activities.

They may also want to focus more time on auditing the often-lax security controls of their routers and those of their key suppliers. After all, routers are emerging as a favoured vector for attack by cybercriminals and new hacking techniques are regularly emerging to exploit them.

This, as the FBI reported that remote desktop protocol (RDP) attacks are on the rise and security experts began a post-mortem of the latest Facebook account hack.

Dissent is common in today’s geopolitical landscape, but the growing exposure to cybercrime has drawn together a range of perspectives as ASEAN members committed to working together to fight cybercriminals.

They may find value in talking with established Australian security firm archTIS which listed on the ASX to gain new momentum for its efforts to extend its TOP SECRET level data-security tools to new government agencies – and new governments.

Transformation remains a crucial force for modern businesses, but it’s important that businesses recognise the need to transform securely.

Microsoft promises it has done away with passwords for logging into its Azure cloud service.

Firefox was also thinking about passwords, offering a service to check whether your email addresses have been compromised in a past data breach.