Posts by John Reeman
Cyber Resilience – Are you prepared?
In this 4 min video clip, I share my top 5 practical strategies that you should be adopting as an organisation to remain cyber resilient. Whilst there is no silver bullet these should reduce risk and keep you safe from cyber crime attacks such as ransomware.
Read MoreEverything you need to know about IRAP
Introduction In this article I will take you through everything you need to know about an IRAP assessment and how to successfully achieve IRAP Accreditation; what it is, what’s involved, why it’s important and a checklist of things you will need to do to kick start your IRAP journey. What is the Information Security…
Read MoreGenerative AI – AI for the future
I recently attended a very informative and interesting talk on “Generative AI – AI for the Future” hosted by KWM and Professor Genevieve Bell from the Australian National University. A lot has been written about AI and many will be excused from thinking that AI is a modern innovation or simply ChatGPT but the history…
Read MoreDEF CON 31 – New Novel WFP filter attack for privilege escalation
I recently returned from the DEF CON 2023 conference in Las Vegas and amongst many of the briefings that I attended the talk by Ron Ben Yizhak was particularly interesting. His talk was called “#NoFilter – Abusing Windows Filtering Platform for Privilege Escalation”. Whilst privilege escalation attacks are fairly common against the Windows platform…
Read MoreWhy you need Azure Conditional Access Policies
Overview Having undertaken a number of Red Team assessments over the last 5 years, one of the common things that is uncovered during these assessments is the lack of robust Microsoft Azure AD conditional access policies. Microsoft Azure AD Conditional access is a premium feature and disabled by default. To enable it you need a…
Read MoreData Privacy – It’s time to act
What is the Australian data privacy act? The Privacy Act 1988 was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations that handle personal information. The Privacy Act includes 13 Australian Privacy Principles…
Read MoreCyber insurance premiums soar
Cyber attacks are not going away anytime soon and in the wake of the Optus, Medibank and more recent Latitude Financial breach, the demand for cyber insurance has increased, despite premiums soaring as much as 300%. Many small to medium size businesses are feeling the affect and may now find it impossible to obtain cyber…
Read MoreKeeping your service provider honest!
We all expect our service providers to do the right thing, abide by contractural terms, provide support when they are meant to and be available when in need. However, sometimes that doesn’t always happen and so how do you keep your provider on the hook if things do go awry? In this example I’ll look…
Read MoreTick Tock its time to stay safe!
The Australian government is likely to follow other countries (USA, Canada, UK) in banning the use of TikTok for all government employees. Should we be concerned? A lot of the rhetoric around banning TikTok at the moment is certainly being driven by the geopolitical situation with China and the western world. TikTok is certainly not…
Read MoreExport your passwords from LastPass
Unless you have been living under a rock for the last few months you will know that LastPass has suffered a major breach. If like me you feel you can no longer trust LastPass to safeguard your crown jewels then this article explains how to: Export your passwords from LastPass Delete and permanently erase all…
Read More