Application and Cybersecurity

Connected devices make up one of the largest attack surfaces on the modern Internet. Billions of devices, many with little to no consideration given to their secure operation, controlling everything from sewage treatment systems to safety-critical vehicle functions. As a result, security research on the low-level firmware that control these devices has become more important than ever. But how is a researcher to get access to closed-source firmware for proprietary hardware to begin with? One method that we have been using for some ongoing research is intercepting firmware from updater apps that use Bluetooth to perform over-the-air updates.

  In the rapidly evolving landscape of cloud computing, effective management of access control and security is paramount. As organizations increasingly rely on platforms like Google Cloud Platform (GCP), Microsoft Azure, and Amazon Web Services (AWS), understanding and implementing robust security measures becomes essential. The following insights delve into the latest strategies for streamlining access control and enhancing security across these major cloud platforms.

  As a Senior Crisis Consultant in the cybersecurity industry, I see a shift in how organizations prepare themselves for a potential cyber crisis. Traditional risk assessment methods are no longer sufficient. They often result in measures only being taken for the most likely incidents. However, it is usually events considered unlikely that cause the greatest impact, for which organizations are not prepared. Regulators recognize this, so here is my wake up call: prepare for the WORST… I see two big challenges organizations face: Determining what the worst case scenario could be and to what extent you should prepare. Linking the technical, operational and tactical response to strategic crisis management. Let’s look at how you can start to tackle these challenges.

  People often ask us: what exactly is social engineering, and is there anything I can do about it? A hacker needs information to penetrate a network or system. Passwords, for example. To obtain these, criminals use social engineering. But how does it work? Psychologist Sophie Jellema answers 6 questions about social engineering.

Helping people behave more safely in the digital world How can we help people to behave more securely when it comes to the digital world? This is a question psychologist Inge Wetzer has worked on for two decades. At the ONE Conference 2023, she presents her latest research into raising people’s cyber resilience. Her focus: the role of self efficacy, or confidence in your own ability, and the role of organizational culture. She shares her results on self efficacy below.