On Sep 15, 2020 Gartner released a list of the top 10 security projects that security and risk leaders can deploy to mitigate risk in the current environment and drive business value. The ones we are glad got highlighted as a top priority are DMARC and Automating Security Risk Assessments. …

You invest X million dollars protecting your assets, and then you multiply it by Zero! Cyber Security is multiplicative, not additive. More and more tech is being bought, and more being produced each day, to secure ‘crown jewels’ of organisations. I like keeping things simple, so I’ll say it like…

Whether you are on-premise or in the cloud, your worst enemy is phishing. It’s not how secure you ‘crown jewels’ are, it is how securely you are using them at each step! It really doesn’t matter where your server is or your application is, whether on-premise or in the cloud…

B2C has been taken away by Whatsapp, Facebook, Google, Netflix — you get the drift. B2B on the other hand is as yet an open opportunity today. I say that B2B leaders in telecom companies need to think like VCs because they need to make bets on multiple companies and…

Cybersecurity risk scores or security ratings are either hated or loved by security professionals — with very few on the middle ground — because ratings are objective. Business needs to know where they stand in terms of security risk, and a risk score quantifies that. What you can measure, you…

A layered security mechanism to protect your most used digital asset: Email. The Swiss Cheese Model for Email Security. Since time immemorial, layered security or layered defence strategies have been used for protecting castles, cities, kingdoms and nations. You have a castle which has the outer city walls. You breach…

You could be too important for your emails to be missed and other reasons. Your DMARC policy is on the highest enforcement, and yet your emails are getting spoofed! This is called DMARC Override. It is frustrating — we know. Why is it happening? Here’s why: Imagine you are the…

Decrypt VoLTE calls with minimal resources. It’s a new attack that lets hackers decrypt VoLTE encryption to spy on calls! A small group of academic researchers from Ruhr University Bochum and New York University Abu Dhabi revealed an attack they’ve called ‘ReVoLTE’ that could allow remote hackers to break the VoLTE encryption to spy on targeted…

‘Permission Phishing’ or ‘Consent Phishing’: When hackers phish without stealing credentials, but with permissions instead. ‘Permission phishing’ is aimed at stealing permissions, and not at stealing passwords. The apps seeking permission appear harmless, but once permissions are granted, it can wreak havoc and gives access to hoards of sensitive data. In simple words, a hacker leads you to an app that asks you to grant permissions, and once permissions are granted, all underlying data and your authorisation are available to the hacker instantly and remain available until the token or permission is available to the hacker.