31 Really Simple Kick-Ass Things I Learnt About Cybersecurity 6

Okay, so you may have noticed that I’m writing up my notes from Sibos 2016. Given the SWIFT related hacks, cybersecurity was obviously hot, and there were plenty of sessions covering the topic. I know that this is a couple of weeks late, but I think the following cybersecurity list is really useful and simple to digest for the regular reader. Here goes…


  1. Cybersecurity is all about understanding 3 key areas: People, Process and Technology
  2. Perpetrators of cyber attacks have various motivations: financial gain, personal disagreement, ideological (political, religious), nation state, revenge, the buzz, blackmail, debt…
  3. Common forms of cyber attacks include: data breaches, phishing, business email compromise, ransomware
  4. Physically act out all of the possible cybersecurity threats that might occur at your organisation and see how your teams react. Based on the exercise build procedures around how to react in a real life cyber-attack situation
  5. Malware is Malicious Software – Its a big deal! You click a link and BANG the malware infects your machine in many cases without you even knowing
  6. Malware can be used by the attacker for a variety of purposes – from recording keystrokes on a keyboard to physically recording and watching you at your workstation
  7. When it comes to cybersecurity you need a corporation wide strategy and visibility, not a siloed approach
  8. You need to understand normal, so that you can detect and respond to the abnormal
  9. You need to respect privacy laws and ensure that you treat people in your organisation with respect
  10. There is software available that can see you’re in the UK office (by your user-id), and raise a red flag if you’re also showing up in another location
  11. Two factor authentication helps to drastically reduce the cyber crime threat
  12. Cyber crime is a professional operation, with online marketplaces where you can buy/sell stolen data
  13. Cyber criminals collaborate to such an extent that they fix each others software bugs!!
  14. Cyber crime awareness should NOT be an annual exercise, you need continuous cyber crime education
  15. Regularly spear-phish your employees, and educate the ones that fail
  16. Cyber-crime is an evolving and ever changing threat, you need to constantly fine tune your whole security environment
  17. Create layers of security at your organisation, so that in the event of a breach the attacker(s) are continually facing one barrier after another – and therefore being slowed down
  18. Create events or notifications so that you proactively know when one fence/layer has been breached
  19. Hackers are often able to breach networks by exposing weak passwords
  20. In many cases hackers sit inside target environments (for up to 2 years!) just watching whats happening, collecting data and getting ready to pounce
  21.  You need to understand the risk points across your organisation? What are your crown jewels, and are they adequately protected?
  22. How you react, response and time, to a cyber-security threat is critical – plan for it
  23. LinkedIn is increasingly being used by hackers to build up an understanding of organisational structures (particularly finance related departments), who works where, what do they do, who reports into who…?
  24. Facebook is then used to understand more about specific individuals – what they like, dislike, where and when they go on holidays, business trips
  25. Your workforce needs to be ready to question, and say NO to your leadership team – including the CEO
  26. Your employees need to understand the importance of controls, and sticking to them even if they are under pressure from senior leadership folks
  27. Your third party vendors need to be vetted – for example, see how your third party support teams react by pretending to be the CFO (as part of a pre-agreed exercise with the CFO, of course – hehe) and demanding something like a password reset and start getting angry at the support desk analyst if they refuse to do so by asking verification details
  28. Industries need to collaborate and share information about any attacks – often hackers will attack bank A, and then immediately attack bank B – you can help each other out by looking out for early signs, similarities in approach
  29. SWIFT have launched a Customer Security Programme
  30. Recurring simple cybersecurity themes that you need to be mindful of:
    1. Governance – does your leadership team recognise the importance of cybersecurity, and the risk of not doing anything about it
    2. Culture – does your team have a culture of sharing passwords, do they understand the importance of a strong password
    3. Awareness – do you know about spear phishing, how to spot a suspicious email?
    4. Data – could somebody tailgate into your company building and steal confidential reports from the printer, or written passwords on some PC workstations?
    5. Legacy – are your legacy systems adequately protected?
  31. Cybersecurity is everyone’s responsibility

Thanks for stopping by – Take a look around…!!

6 thoughts on “31 Really Simple Kick-Ass Things I Learnt About Cybersecurity

  1. Pingback: Two Factor Authentication Explained in About 5 Minutes

  2. Pingback: Ignoring These 7 Cybersecurity Infographics Is Criminal !

  3. Pingback: How YOU Can Be Hacked in 7 Cybersecurity Infographics

  4. Pingback: Medicine in the 1840s and Cyber Security Hygiene

  5. Pingback: My Fintech Notes from the World Economic Forum 2017

  6. Pingback: 7 Cyber Security Themes To Impress Your Boss With

Leave a Reply




This site uses Akismet to reduce spam. Learn how your comment data is processed.