ROI

Open Security News week 9-2024

Good cyber security is and will be hard work. Almost every security professional uses the CVE system. But be cautious: The CVE system is broken and the database of existing CVEs is full of questionable content and plenty of downright lies. Cyber solutions can be often simpler and the best solution is rethinking if the solutions you use are really solutions. Frequently, numerous security solutions end up exacerbating security risks rather than mitigating them, sometimes making avoiding the solution altogether a more prudent choice. Why is good cyber security still so hard to accomplish?

Continue reading “Open Security News week 9-2024”

Open Security News week 47-2023

Machine Learning (AI) is one of the most powerful technologies of our time. But machine learning is a complex technology that brings a lot of new cyber security and privacy risks. Cyber security is a field where commercial vendors of security solutions proclaim breakthrough innovations every week. But don’t fall for it: there is no magical new tool for old and new threats. Good cyber security is and will be hard work. Now and in times to come.

Continue reading “Open Security News week 47-2023”

Open Security News week 40-2023

Reducing cyber security risks is complex. The most simple solutions are the best. Finding simple IT solutions is hard. We need to stop reinventing the wheel. Creating software that meets trivial security and privacy design rules has proven to be very difficult. So improve existing solutions instead of creating new solutions that will fail again. Use of proven open solutions (FOSS). We need to use solutions that are transparent, and we can trust. Cyber security is vital for privacy protection.

Continue reading “Open Security News week 40-2023”

Open Security News week 35-2023

Security by design is not a product. Nor a simple straight through process. Security by design can be viewed as a core philosophy to do the right things from a cyber security perspective in every action performed when developing and producing a new product. Too many organisations are depending on vulnerable vendor solutions for security protection that over promise but under deliver. Cyber security is a wicked problem, so learn from mistakes already make by others.

Continue reading “Open Security News week 35-2023”

Open Security News week 27-2023

Good cyber security is still a cost factor for companies. For too long we refuse to create simple systems for simple problems that can be easily adjusted and are resilient for common cyber security threads. We, security experts, are trained and brainwashed by commercial vendors to advocate for complex, expensive cyber security solutions that are costly to implement and lack transparency. Most cyber security improvements programs end with more paperwork and more new fancy software tools, without increased security resilience. We need to break out of this cycle.

Continue reading “Open Security News week 27-2023”

Simplify Cyber Security: A Practical Manifesto

Automation has changed our lives. Computers and all kinds of software enabled devices make our daily lives easier. Every year computer devices get more powerful, less expensive but also get more vulnerable to cyber security risks. Too often cyber security breaches have a severe impact on our safety and privacy. But most cyber security accidents are hidden from the public eye.

Continue reading “Simplify Cyber Security: A Practical Manifesto”

Open Security News week 23-2023

There are many myths about security, and how difficult it is. Cyber security is a complex domain. There is no perfect solution. Never. However there are simple solutions that do work. Often the best cyber security solutions are open well known solutions which everyone can use. Good solutions are not subject to a hype. Open solutions are transparent, so everyone can use and improve these solutions. 

Continue reading “Open Security News week 23-2023”

Open Security News week 14-2023

Cyber security is not a solved problem. As technology continues to advance, so do the methods and techniques used by cyber criminals to breach security systems and steal sensitive information. I love new technology and love solving new cyber challenges that come with new technology. So I asked GPT-4 what kind of security challenges we need to manage in the near future. I was surprised by the accuracy of the answer:

GPT-4 could be used to generate highly convincing phishing emails, fake news articles, deepfake videos which could be used to deceive individuals and organizations into divulging sensitive information or taking harmful actions. This could result in data breaches, financial losses, or reputational damage. Most cybersecurity issues with GPT-4 are not yet known.”

So think if a good cyber awareness course is on your agenda for this year. GPT-4 generated hacks and content will harm you sooner or later. Be prepared!

Continue reading “Open Security News week 14-2023”