Why IT should not self-assess your cyber risk: conflict of interest. Please contact us for an obligation-free conversation about current cyber risk trends and things you can do to reduce your business risk. Please follow us for more useful cybersecurity tips for business owners. 🛡 #cybershields #Ransomware #infosec #cybersecurity #ITsecurity #DataProtection #AIsecurity #CyberCrime #CyberAttacks #Phishing #RiskManagement #DataBreach #Passwords #NetworkSecurity #CyberSecurityAwareness #InformationSecurity #DataPrivacy #Cloud #CloudSecurity #Malware #SecurityAwareness #DataSecurity #CyberNews #SecurityControls #AccessManagement #ITRiskAssessment #ITrisk #SmallBusiness #risk #directors #businessowners #businessowner #Australia #CyberRisk #Melbourne #Sydney #cisos #ciso #technology #information
Cyber Shield Advisors
Computer and Network Security
Black Rock, Victoria 243 followers
Helping business owners reduce risk and protect assets from ransomware.
About us
We offer cybersecurity risk assessments and advisory services to business owners. We work with you and your MSP/IT Provider to provide an independent cyber risk assessment, using industry-standard cybersecurity global frameworks, to provide prioritised actionable recommendations to improve your resilience. We are a small business, we understand SMB and SME priorities. B2B.
- Website
-
https://csadvisors.com.au
External link for Cyber Shield Advisors
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Black Rock, Victoria
- Type
- Self-Owned
- Founded
- 2024
- Specialties
- Cybersecurity Health Checks, Cybersecurity Assessments, Cybersecurity Improvement Plans, Cybersecurity Advisory Services, and Cybersecurity Risk Assessment
Locations
-
Primary
Black Rock, Victoria 3193, AU
-
Melbourne, Vic 3000, AU
Updates
-
Moved your business to the cloud? Criminals can still get to your data in the cloud, so please take a few minutes to read this very valuable article. It's worth noting who CIS is: they produce world renowned security standards and is the only framework based on actual cyber security breach data. Their safeguards for small and medium businesses (SMEs) provide protection against 85% of the known attack methods (in the Mitre ATT&CK framework). Feel free to reach out to us for a free and obligation-free conversation: your proactive curiosity will reward you as you learn ways to responsibly reduce your cyber risk. Independent risk assessments will help you sleep better at night, and reduce your business insurance premiums. #CyberShields #InfoSec #InformationSecurity #DataProtection #CyberSecurity #ITrisk #Australia #Breaches #Hacks #StopRansomware #Ransomware
Find out how you can use a defense-in-depth strategy to strengthen your security posture against ransomware and other cyber threats. Learn more here. https://bit.ly/42tZb7w #cloudcomputing #cybersecurity #ransomware
-
If you are or know a business owner impacted by this Crowdstrike incident, please make them aware there are phishing campaigns offering free help, links to websites to download "fixed" Crowdstrike agents. Don't go to any of those sites, don't click on any links. Be careful of "free help." Affected business owners should work only with Crowdstrike support directly, or their IT provider. You should have received an email from Crowdstrike, double check it's validity, verify all links. Very sensitive encryption keys and potentially Microsoft account admin passwords will be shared in the recovery process so it's important to only work with Crowdstrike support directly or their IT provider. Do not accept free help offers (sadly) from friendly strangers. This highlights our supply chain risk, even from trusted software suppliers. Please make sure you take backups and test recovering from your backups, regularly. Software can break, it's not infallible. In summary: 1. This is not a Microsoft Windows issue. 2. The cause is a Crowdstrike antivirus agent, affecting only windows systems. 3. Crowdstrike is popular in business systems, not home PCs. The vast majority of consumer home pcs are not affected. 4. Crowdstrike released a defective update, which caused their agent to crash these business systems. 5. Crowdstrike released a fix yesterday afternoon, and published a workaround for their clients to rollback the defective update. 6. Hackers and scammers are jumping on the bandwagon, sending phishing emails to download code to fix it automatically. Do not click any of those emails... You may receive these to your personal email address. Delete the email immediately. ****If you run Crowdstrike, it means you're a business and you should contact Crowdstrike directly via your support portal, or your IT provider if they manage your systems for you. If it's been more than 6 months since your last Cyber Risk assessment, please schedule a new one, with an experienced assessor today takes you beyond the Australian Essential 8. #CyberShields #CRWD #InfoSec #InformationSecurity #DataProtection #Cybersecurity #ITrisk #EssentialEight #BusinessRisk #BusinessOwners #Directors #Australia
-
CSA is aware of a cyber incident experienced by Crowdstrike customers, causing a Denial of Service. Crowdstrike have released a statement that they have not been hacked, and that the cause is a defect in their software which has been fixed. Crowdstrike customers can follow the steps in their support portal to restore service. At a high level, IT teams will need to boot Microsoft Windows into safe mode, have your Bitlocker keys handy for this, then delete a single file in the Windows/system32/drivers/Crowdstrike folder, and reboot the host. This will force the Crowdstrike sensor agent to download the latest fix. The recovery steps cannot be performed remotely, so end users will have to be guided by support, and provided their Bitlocker keys. Also be ready to restore from backups as the Microsoft system crash loop may result in hardware failure and data loss, whether on prem or in the cloud. CSA clients that use Crowdstrike are operational as we were able to lend support to IT very quickly, thanks to the quick release of workaround information from Crowdstrike. This is a reminder that software is fallible, defects do get released, and therefore it is important to have an updated incident response plan, that backup recovery is frequently tested, and that table top exercises are regularly conducted. Thoughts are with all those IT support teams that will be working over the weekend and coming week to restore services and work with remote end users to get them all back online to service customers again. Feel free to reach out if you need assistance or guidance. #CyberShields #CRWD #infosec #InformationSecurity #DataProtection #RiskAssement #SupplyChainRisk
-
Here are 5 simple things you can do now to protect yourself (business, and family) from this hacking group: 1. Apply patches as soon as they are available (including your antivirus, operating system, all applications, internet router); 2. Use MFA - try advanced MFA like USB keys as they are phishing resistant; 3. Segment your network: - In the office: keep sales/admin, production, development and test on separate networks. - At home, put all your IoT smart devices on a separate WiFi network from your phones/laptops/PCs. Those smart devices are insecure, hardly ever patched, and can provide a gateway to your family privacy. 4. Monitor logs - check logs for unusual / unexpected logins. 5. Backups - check your backups, test your backups. It is very unusual for multiple countries to publicly call out China for backing a hacking group (APT40) - so please protect your valuable assets with these simple steps. #CyberShields #Ransomware #infosec #cybersecurity #ITsecurity #DataProtection #Australia #Melbourne #Sydney #InformationSecurity #BusinessOwners #Directors #SMB #SmallBusiness #SmallBiz #CISOs #CIOs
Today, we released a Joint Cybersecurity Advisory with international partners about a People’s Republic of China (PRC) state-sponsored cyber group, APT40, and the current threat it poses to Australian networks. APT40 is conducting regular reconnaissance against networks of interest in Australia looking for opportunities to compromise its targets. The group uses compromised infrastructure, including small-office/home-office (SOHO) devices as operational infrastructure, to launch attacks that blend in with legitimate traffic, challenging network defenders. This regular reconnaissance allows them to identify vulnerable, end-of-life or no longer maintained devices on networks of interest, and rapidly deploy exploits. APT40 continues to find success exploiting vulnerabilities due to systems being unpatched. We strongly recommend implementing the ASD Essential Eight mitigation strategies, as well as additional relevant mitigations from our Strategies to Mitigate Cyber Security Incidents guidance. Mitigation that can reduce the effectiveness of the activity includes: • Logging and detection – maintaining comprehensive and historical logging information across web servers, window events and internet proxy • Patch management – implement a centralised patch management system to automate and expedite the patch process. • Network segmentation – segments networks to limit or block lateral movement by denying traffic between computers unless required. To read the advisory and learn more about how to identify, prevent and remediate APT40 intrusions, visit https://lnkd.in/g8YnRnG6. This advisory has been jointly issued by Cybersecurity and Infrastructure Security Agency, National Security Agency, Federal Bureau of Investigation (FBI), National Cyber Security Centre (UK), Communications Security Establishment Canada | Centre de la sécurité des télécommunications Canada, National Cyber Security Centre (NZ), Bundesnachrichtendienst (BND), Bundesamt für Verfassungsschutz (BfV), National Center of Incident Readiness and Strategy for Cybersecurity + National Police Agency (Japan), and National Intelligence Service + National Cyber Security Center (Korea).
-
Q: Why have your IT security independently assessed/audited? A: a self assessment/audit is a conflict of interest. Assessment & audit standards mandate that an independent 3rd party perform the assessment and audit. That is why accounts/books and workplace safety are independently assessed & audited. Why not your IT systems too? The other reasons? Not only is an independent cyber security assessment recommended by ASIC, auditors, insurers, investors, creditors, but if done properly, the assessor / auditor will not try sell you additional software. It'll be up to your IT provider to implement the assessor's recommendations, resulting in a win-win for you and your IT provider. So if your IT provider resists an independent cyber security assessment, please remind them of the conflict of interest and if they still resist or object, it might be time to find a new IT provider that is open minded and has the growth mindset to better serve your business cyber security needs, a provider that has your best interests in mind, not their own revenues ahead of your assurance and peace of mind. A good IT provider would welcome the opportunity of independent advice. Please reach out for an obligation-free discussion about safeguarding your IT. 🛡 #cybershields #cybersecurity #itsecurity #infosecurity #informationSecurity #dataprotection #STOPransomware #STOPbreaches #Essential8 #directors #owners #smallbusiness #smallbiz #Australia #Melbourne #Sydney #audit #ITrisk #CyberSecurityRisk #BusinessRisk #GRC
-
Recent breaches are a stark reminder for directors to reduce risk: basic security is not good enough. You independently assess your finances and workplace safety - it is time you independently assessed your IT security too. ⏰ 🛡🌩 #cybershields #MFA #ransomware #STOPbreaches #cybersecurity #informationsecurity #dataprotection #riskreduction #reducerisk #cyber #STOPransomware #Australia #Melbourne #Sydney #AWS #Azure #GCP #SmallBusiness #SMEbusiness #businessowner #businessowners #directors #board #audit #ITrisk #CyberRisk #Essential8 #EssentialEight #hack #companydirectors #founders
Please urgently enable MFA
Cyber Shield Advisors on LinkedIn
-
With increasing data breaches in the cloud, company directors increasingly face liability risk for assuming "IT have it under control." Here are some Friday-tips to help company directors reduce risk, and personal liability and improve the duty of care in storing customer data. Please reach out for a no-obligation discussion to understand a 3rd party cyber security risk assessment and how it can reduce your risk. And follow us for more tips to reduce your cyber risk. 🛡 👨💼 👩💼 🏭 #cybershields #ransomware #STOPransomware #cloudsecurity #dataprotection #itsecurity #cybersecurity #CompanyDirectors #Directors #Owners #CyberSecurity #InformationSecurity #CybersecurityRisk #Breaches #StopBreaches #DirectorLiability #DirectorRisk #SupplyChain #SupplyChainRisk #RiskReduction #ReduceRisk #BoardRisk #BoardMeeting #BoardAgenda #follow
Tips to Reduce the Risk of Supply Chain Ransomware Attacks
Cyber Shield Advisors on LinkedIn
-
🔐 Here are some simple tips to improve your cybersecurity. When was your last independent IT security risk report? #itsecurity #cybersecurity #cybershields #stopbreaches #CISOs #CIOs #CTOs #smallbusiness #smallbusinessowners #owners #directors #Australia #Melbourne #Sydney #StopRansomware
"Medium-sized businesses aren’t equipped in “any shape or form” to deal with their increasing cyber vulnerability."
Cyber Shield Advisors on LinkedIn
-
Are you curious how hackers identify and target your staff, then get in to your systems and steal your data, destroy your small business? This should be an enlightening (free) webinar to attend and learn, and Australia timezone friendly: https://lnkd.in/gttarUNw #cybershields #itsecurity #cybersecurity #itsecurityrisk #dataprotection #datasecurity #infosec #stopransomware #stopbreaches
Navigating the SMB Threat Landscape: Key Insights from Huntress’ Threat Report
thehacker.news