Security is more than User Education – it’s About Cultural Change
It is often said that users are the weakest link in the security chain. But every obstacle presents an opportunity and so does this one.
Ashwin Pal | 10 Aug | Read more
Stories by Ashwin Pal
Security in 2020 – Data Security is Key
Gone are the days when data was confined to the data centre and we could put a virtual fence around it and protect it. Now data is everyone with multiple copies of it. This causes a massive headache for CISOs who are tasked with protecting this data from falling into the wrong hands. The question then arises, with data literally everywhere, how do we achieve this?
Ashwin Pal | 02 Aug | Read more
A Quick-fire Guide to Secure Code Development
The value that applications and databases present to attackers has seen a move from network based attacks towards web application and database attacks. We are starting to see more and more high profile web based attacks. The Ashley Maddison hack is one that is fresh in my mind. At the end of the day, our adversaries are after the data that our organisations hold for financial gain. As with anything else, our adversaries are using the easiest path to get to this data and in most cases this tends to be web applications and heir back-end databases. Why – because web applications are always available to anyone, anywhere and we have seen way too many examples of insecure code development and basic coding errors that lead to compromised web applications and subsequently databases.
Ashwin Pal | 20 Oct | Read more
The Internet of Things (IoT) – Threats and Countermeasures
IoT seems to be buzz word in IT and business at the moment. Simply put, IoT is defined as everyday objects with computing devices embedded in them that have a means to send and receive data over the internet.
Ashwin Pal | 20 May | Read more
A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles and Mandatory Data Breach Notification Scheme
On 13th of February, 2017 the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill establishing a Mandatory Data Breach Notification Scheme in Australia. The purpose of which is to protect the rights of individuals and strengthen community trust in businesses and agencies.
Ashwin Pal | 26 May | Read more
Five Key Challenges Facing CSOs Today
2012 has been a tough year for IT security and the trend seems to be continuing into 2013. We have now become accustomed to groups such as Anonymous that have wreaked havoc on a number of large government and corporate organisations. A new frontier in cyber threats has opened. The driver for cyber intrusion is no longer fame, but theft of intellectual property, financial information, blueprints and other classified information for financial gain.
Ashwin Pal | 10 Jul | Read more
Big data and its security implications
There has been a significant amount of talk about big data lately in the media particularly at the RSA security conference. However, many people are still unclear as to what constitutes big data and furthermore what its implications are to us as security professionals. Within this brief article, I shall try and address both these points.
Ashwin Pal | 08 Mar | Read more
Ransomware – a brief overview
There have been a number of ransomware attacks on Australian businesses lately. Awareness of this threat is increasing, but a number of small businesses, in particular, are still in the dark around what this is and how to protect themselves against it. Within this brief article, I shall try and cover both these points.
Ashwin Pal | 08 Mar | Read more
The security perils of social networking
The last few years has really seen the explosion of social networks. Examples include Facebook, Linked In, Twitter to name a few. A lot of us are using it and employees are demanding access to it at work.
Ashwin Pal | 06 Dec | Read more
Near field communication – the security risks
Near field communication (NFC) is a type of contactless, wireless technology used for sending information or making payments. By embedding an NFC chip inside a smartphone, a company can create a virtual wallet where users store credit card information and can pay at a store simply by waving their smartphone over a credit card reader.
Ashwin Pal | 01 Nov | Read more
BYOD – what’s all fuss the about?
BYOD (bring your own device) seems to be the buzz word at the moment. It’s almost impossible to pick up an IT magazine and not have an article in there on BYOD.
Ashwin Pal | 15 Jun | Read more
Advanced Persistent Threats (APTs) — a Synopsis
A lot has been written in the media recently about APTs, but there seems to be a level of confusion out there about what this phenomenon is and how this could affect us. Within this brief article, I shall try and shed some light on the phenomenon that is APTs.
Ashwin Pal | 29 Feb | Read more