www.cyberinsight.co.za - Blog

The Network Perimeter Is Gone

Mon, 30 Mar 2026 09:46:39 +0000

Why Workspace Security Must Evolve

Hybrid work has permanently expanded the enterprise attack surface. The perimeter is no longer where risk lives — the workspace is.

For decades, cybersecurity strategies were built around a predictable structure: protect the network perimeter and you protect the business. Firewalls defined the edge. VPNs extended controlled access. Everything inside the network was considered safer.

But this model no longer reflects how organisations operate today.

Applications now run across SaaS platforms, private data centres, and public cloud infrastructure. Employees work from corporate offices, home networks, client sites, and public spaces. Contractors and third-party partners regularly require temporary access to internal systems.

Sensitive data moves continuously between collaboration platforms, cloud storage, and web-based applications.

The perimeter has not expanded — it has dissolved.

Hybrid Work Has Redefined the Attack Surface

South African organisations have embraced hybrid work to improve flexibility and productivity. However, this shift has fundamentally changed how security risk must be managed.

Applications exposed to the internet are prime targets for attackers. Remote users operate outside the protection of traditional network firewalls, while business-critical applications increasingly run as SaaS services.

Workers, data, and applications now exist everywhere.

Several modern risk factors are accelerating this challenge:

Shadow IT Growth

Employees frequently adopt unsanctioned SaaS tools or collaboration platforms without IT oversight.

Generative AI Adoption

AI tools improve productivity but can expose sensitive corporate information if governance controls are missing

Contractor and Partner Access

Consultants, merger teams, and third-party vendors often require temporary access to internal applications.

Regulatory Pressure (POPIA)

South African organisations must ensure personal and sensitive data remains protected wherever it is accessed or processed.

The Security Complexity Trap

Many organisations attempt to solve these challenges by adding additional security layers:

Zero Trust Network Access (ZTNA)
Secure Web Gateways (SWG)
SaaS security tools (CASB)
DNS filtering and endpoint controls

While each technology solves a specific problem, combining multiple tools often creates operational complexity.

Multiple agents, multiple consoles, increased cost, and inconsistent policy enforcement can create new risks rather than reducing them.

Traditional cloud-delivered security models also introduce performance issues, requiring traffic backhauling and encrypted traffic inspection.

As complexity grows, visibility often decreases.

The Browser Has Become the Workspace

When we observe how work happens today, one thing becomes clear. Most business activity happens inside the browser.

Employees use browsers to:

Access SaaS applications
Collaborate through cloud platforms
Conduct research
Interact with AI tools
Access internal systems

The browser is no longer simply a tool. It is the workspace. This presents an opportunity to rethink security architecture.

Instead of routing traffic through multiple security layers, organisations can embed protection directly into the workspace itself.

A browser-centric security approach integrates secure access, web protection, SaaS controls, DNS filtering, and data protection into a single workspace environment.

This allows consistent policies to follow users everywhere.

Securing the Modern Workspace

Moving security closer to user activity provides several advantages:

Reduced infrastructure complexity
Consistent security policies everywhere
Better visibility into SaaS and AI usage
Stronger control of sensitive data
Secure access for contractors and third parties

This model also supports compliance requirements such as POPIA, ensuring sensitive information is protected regardless of where employees work.

Most importantly, it aligns security with how work actually happens.

Why This Matters Now

South African organisations face increasing pressure from regulators, boards, and customers to demonstrate strong governance and resilience.

At the same time, IT teams must support hybrid work, enable digital transformation, and manage cybersecurity costs.

Simply adding more security tools is rarely sustainable.

A smarter strategy is to simplify security architecture and secure the workspace itself.

Organisations that continue investing primarily in perimeter-based security will see diminishing returns.

The future belongs to organisations that secure the workspace.

Why Identity Has Become the New Cybersecurity Battleground

Fri, 21 Nov 2025 12:34:57 +0000

How identity-based threats are reshaping cybersecurity and why proactive detection is now essential for every organisation.

For years, cybersecurity has focused on keeping the “bad guys” out — firewalls, antivirus tools, and endpoint protection have long been the backbone of defence.
But today, the real front line isn’t at the perimeter anymore. It’s inside your organisation, hidden within the very identities that control access to your systems, data, and applications. Identity has become the new battleground.

The Shift from Perimeter to Identity

As businesses move to hybrid and cloud environments, attackers have adapted. Instead of trying to break through network defences, they’re using stolen credentials, misconfigurations, and weak access controls to log in as legitimate users.

It’s a simple, effective, and frighteningly common tactic.

According to recent Sophos research,

90% of organisations experienced at least one identity-related breach in the past year.
95% of Microsoft Entra ID environments (formerly Azure AD) have at least one critical misconfiguration that could allow privilege escalation.

These aren’t just statistics — they represent a fundamental change in how cyber risk operates.

Introducing Sophos Identity Threat Detection and Response (ITDR)

At Cyber Insight, we’ve seen this trend accelerating across South Africa’s business landscape. That’s why we’re proud to integrate Sophos Identity Threat Detection and Response (ITDR) into our managed security portfolio.

ITDR is a next-generation capability that continuously monitors your environment for identity risks, misconfigurations, and stolen credentials. It combines visibility with action — enabling organisations to detect anomalies, respond automatically, and benchmark their identity security posture over time.

In practical terms, that means:

Continuous scanning of Microsoft Entra ID to detect security gaps and over-privileged accounts.
Dark web intelligence to alert you if employee credentials are being traded or leaked.
Automated responses, such as account locking, password resets, and session termination.
Risk scoring and trend analysis to track improvement and compliance with frameworks like CIS and NIST.

Why This Matters for South African Businesses

Identity-based attacks are on the rise in South Africa, particularly among financial institutions, professional services firms, and mid-sized enterprises.
Cybercriminals know that once they compromise a legitimate account, they can quietly move through systems undetected — often for weeks or months — before deploying ransomware or stealing data.

Unfortunately, many organisations still treat identity protection as a “check-box” exercise rather than a continuous, proactive discipline. This is the gap that ITDR closes.

By combining automated identity posture assessment with human-led response from Cyber Insight’s SOC analysts, we help businesses stay ahead of attacks that traditional tools often miss.

“Cybersecurity is no longer just about malware and firewalls — it’s about securing the people and credentials that power your business,” says Deon Smal, CEO of Cyber Insight.
“With Sophos ITDR, we can detect identity threats before they escalate and give our clients the visibility to take decisive action.”

A Smarter Way Forward

Identity security is not a technology problem — it’s a visibility problem. You can’t defend what you can’t see.

Sophos ITDR gives South African organisations that missing layer of visibility and control. It transforms identity data into actionable insight, empowering teams to:

Understand where risk lives in their environment.
Benchmark improvements over time.
Respond automatically when suspicious behaviour is detected.

By integrating ITDR into our managed detection and response service, Cyber Insight delivers a unified approach to security — one that connects identity, endpoint, and network telemetry into a single, intelligent defence model.

Local Experts. Global Intelligence. Trusted Protection.

At Cyber Insight, our mission is simple: to help organisations build resilience through clarity.

We combine world-class technology from partners like Sophos with local expertise to ensure that South African businesses — from SMEs to large enterprises — can operate confidently in a rapidly changing threat landscape.

Because in cybersecurity, visibility is power. And with Sophos ITDR, that visibility starts with identity.

Want to learn more?

The key roles of honeypots, tarpits and black holes in cybersecurity

Fri, 21 Nov 2025 11:50:27 +0000

The key roles of honeypots, tarpits and black holes in cybersecurity

In the cybersecurity world honeypots represent traps designed solely to lure cybercriminals away from the real targets – sensitive corporate data repositories and vulnerable systems and applications.

Honeypots appear to those with malintent as actual computer systems carrying data and applications. However, they dupe hackers into believing they have identified an authentic target such as a corporate accounting or HR system.

Of course, once the hackers have breached the honeypot’s bogus defences, their activities can be tracked and their techniques and methods analysed. This data represents extremely valuable intelligence that can be used to strengthen the bulwarks of the corporate network.

By design, a honeypot will not attract any legitimate data traffic, so all activities logged are more than likely to be probes or intrusion attempts by cybercriminals.

Did you know that the term “honeypot” comes from the world of espionage? It refers to the romantic relationships cultivated by Mata Hari-type spies who use their feminine wiles to steal secrets from the enemy.

How is an effective honeypot established?

The plan is to incorporate intentional security vulnerabilities or materials that would make the honeypot attractive to an attacker. For instance, the honeypot may be associated with weak, easy-to-decipher passwords, or it may have exposed, open ports.

Honeypots also play an important role in penetration testing, supplying information in the form of forensic evidence that can be used to map existing threats and identify new threats. These may emanate from trusted insiders or external miscreants.

For organisations that view honeypots as valuable armour, there are a number of options from which to choose. The selection, which should be based on perceived vulnerabilities, is not limited in scope. In other words, choose as many as you believe will be necessary given your circumstances.

Probably one of the most common honeypots is the email or spam trap. This honeypot tricks hackers into searching for a fake email address in a hidden location where only an automated address harvester will find it. All messages containing similar content to those sent to the trap can be automatically blocked and the senders’ IP addresses added to a deny-list.

Another honeypot variant is the decoy database which is designed to monitor software vulnerabilities and identify attackers who take advantage of insecure system architectures or use techniques such as privilege abuse, SQL injection or SQL services exploitation.

“Spiders” in cybersecurity terms are web crawlers in the form of programs and automated script that browse the Internet in a methodical, automated manner searching for targets. A spider honeypot is therefore intended to trap web crawlers by creating web pages and links only accessible to crawlers. Detecting these spiders is central to blocking malicious bots and ad-network crawlers.

In addition to individual honeypots, there are complementary techniques and processes designed to frustrate the activities of hackers such as honeynets which expand the honeypot concept by incorporating a series of networked honeypots.

Then there are “tarpits” or mechanisms designed to slow the progress of hackers by purposefully delaying network connections, thereby presenting less-attractive targets.

“Black holes” also play a role in cybersecurity. They are defined as invisible places on the network where incoming or outgoing data traffic is silently discarded without the source – the hacker – being aware that the data did not reach its intended recipient.

Let me end with a word of warning: While a honeypot will most likely trick attackers into believing they've gained access to a real system, should the hackers realise the deception, they could create spoof attacks to distract attention from their real intentions or feed fake information to the honeypot for analysis.

This why honeypots should always be professionally configured and never be considered as permanent replacements for proven security systems and controls.

Significant security benefits from a 2FA and password management partnership

Fri, 21 Nov 2025 11:48:07 +0000

Significant security benefits from a 2FA and password management partnership

We are being encouraged to adopt two-factor authentication (2FA), the process of adding an additional layer of security when accessing accounts and services online. It requires an additional login credential – beyond just the usual username and password – to gain account access. Getting that second credential requires a second device; your cell phone, for example.

With 2FA, your on-line transaction and your account are protected by both your password and your phone which is used to verify your actions, usually by a one-time pin (OTP) code which is sent via text, voice call or mobile app.

Many millions of users around the globe now use 2FA to guard against the activities of hackers and cybercriminals.

In the US, the National Cyber Security Centre (NCSC) recommends 2FA for “high value” and email accounts. It is increasingly obvious, notes the NCSC, that email provides a vulnerable ingress route for cybercriminals to reset passwords on other accounts.

In the UK, the finance sector has acknowledged the increasing propensity for cyberattacks linked to online transactions and has worked with regulators to introduce what they call strong customer authentication (SCA) in this high-risk sector.

Verison’s 2021 Data Breach Report emphasises that “strong authentication is necessary as passwords alone provide weak protection because they can be guessed and phished and, once stolen, tried against a range of accounts in the hope of securing a hit”.

There are industry watchers who believe the adoption of 2FA is an important step towards a truly password-less future. They say that password authentication is plagued by problems resulting in poor user experiences - mainly because passwords are easily compromised.

However, as true as this might be, rest assured the market is some way off the ubiquitous adoption of password-less authentication. Why? The short answer is it isn’t easily achievable. There are challenges which include today’s complex and hybrid IT environments, compliance standards and regulations that must be addressed, not to mention the costs associated with administering and managing a password-less environment.

The immediate solution lies in the adoption of an effective password management solution which, when operated in tandem with 2FA, is an excellent way to secure access to accounts and services online. A password management solution is able to creates strong, unique passwords that will stand up to a battery of tests.

Marrying 2FA and password management takes cyber security to the next level. It permits full control over an organisation’s credentials – who is using them and when. This is because access to passwords is now permission-based.

Significantly, password management systems and 2FA secure your data because even by knowing your master password (under which all individual passwords are amassed), nobody (including hackers) will be able to access your account.

This is known as the "zero knowledge" technique, designed to keep data safe even if the company is hacked. It’s a technique that makes the task of breaching security far less appealing to those with malintent.

The combination of 2FA and password management is particularly important for secure network onboarding. This is when a new employee or guest user – often with multiple devices – has to gain access to the corporate network for the first time. Security concerns are always heightened then.

Security is also critical during the offboarding process, following the resignation, termination or retirement of an employee who subsequently leaves the company.

It is accepted that current and former employees – with or without malicious intentions – are often responsible for putting businesses at risk due to their actions. In fact, research indicates that employees – past and present – are responsible for around 80% of serious security breaches. In most cases best operating practices were not enforced.

Looking ahead, password management should be seen as essential and must apply to every employee, from the first day of onboarding, through to the last day before retirement. When teamed with 2FA, effective password management enables employees to safely share credentials while maintaining excellent standards in terms of password hygiene.

Get Started Now

Disturbing victor in 2022 business risk survey

Thu, 20 Nov 2025 11:57:37 +0000

Disturbing victor in 2022 business risk survey

It was expected that the effects of the Covid-19 pandemic and surges in Delta and Omicron infections would have resulted in Business Interruption (BI) maintaining its top spot in the 2022 rankings of the acclaimed Allianz Risk Barometer survey.

The annual Allianz survey and subsequent report identifies the top corporate risks expected for the next 12 months and beyond, based on the insight of more than 2,650 risk management experts from 89 countries and territories.

In the past, BI has scored well, as it is synonymous with many of the top ranked risks faced by businesses around the globe.

However, this year expectations that BI would once again feature at the top of the list of the most serious risks to business were wide of the mark.

For only the third time in the 11-year history of the Allianz Risk Barometer, BI has dropped to second place.

What tops the Risk Barometer charts this year? It’s the risk from Cyber Incidents.

Significantly, according to Allianz, the threat of Cyber Incidents ranks as a top three peril in most countries surveyed and “cyber perils” are the biggest concern for companies globally in 2022 as ransomware and other disruptive forms of cyberattacks continue unabated.

According to companies surveyed, the threat of ransomware attacks, data breaches or major IT outages concern companies even more than business and supply chain disruption, natural disasters or the Covid-19 pandemic, all of which have heavily affected firms in the past year.

In its report on the Risk Barometer, Allianz highlighted the surge in ransomware attacks as the top cyber threat facing organisations in 2022.

It noted that recent attacks have shown worrying trends such as “double extortion” tactics combining the encryption of systems with data breaches; exploiting software vulnerabilities (for example, the Log4J and Kaseya attacks) or targeting physical critical infrastructure.

The report underlines the role of cyber security which it says ranks as companies’ major environmental social governance (ESG) concern with respondents acknowledging the need to “build resilience and plan for future outages or face the growing consequences from regulators, investors and other stakeholders”.

According to Scott Sayce, Head of Cyber at Allianz Global Corporate & Specialty (AGCS) a key business unit of Allianz Group, ransomware has become “big business” for cyber criminals, who are refining their tactics, lowering the barriers to entry for as little as a $40 subscription.

“The commercialisation of cybercrime makes it easier to exploit vulnerabilities on a massive scale. We will see more attacks against technology supply chains and critical infrastructure,” he warns.

Here at Cyber Insight, we continue to advise South African businesses of the dangers they face from the main ransomware categories - Crypto, Locker, Double Extortion and Ransomware as a Service (RaaS).

We’ve explained how Crypto ransomware variants are mainly spread via email while the Locker alternative takes the distinctive route of locking its victims out of their devices.

We’ve described how Double Extortion ransomware is able to launch devastating, multistage attacks on target organisations, while RaaS, “the business for criminals, by criminals” provides ransomware to affiliates on a monthly fee basis.

Is there a counter to the ransomware scourge? Cyber Insight’s recently-launched plan for Secure Future Protection provides insight into processes and policies designed to assist with the implementation of solutions aimed at constantly improving cyber resilience.

One of the keys to the plan for Secure Future Protection is the professional implementation of a stringent, secure email gateway designed to prohibit malware and spam as well as bad URL/IP addresses from entering users’ mailboxes. The plan includes personalised support to guide you through the implementation and optimisation phases of email security.

Get Started Now

Integrated Leadership: The Missing Link in Cyber Resilience

Wed, 17 Sep 2025 14:17:40 +0000

Treating cybersecurity as a business asset, not just a technical function, is the key to sustainable resilience.

In too many boardrooms, cybersecurity is still seen as a technical matter — a job for IT teams to manage quietly in the background. Firewalls, antivirus, SOC dashboards: tick the boxes and move on. But in today’s world of AI-driven attacks, ransomware campaigns, and regulatory pressure, this view is dangerously outdated. Cybersecurity is not just a technical issue — it is a business resilience issue.

Fragmented Ownership Weakens Resilience

When ownership of cybersecurity is fragmented — with IT fighting threats in isolation while leadership assumes everything is “covered” — resilience breaks down. Attackers move faster, more creatively, and at greater scale than ever before. Without integrated leadership, organisations end up reacting to crises instead of preventing them.

Burnout Is a Systemic Risk

Cybersecurity teams face relentless pressure: rising volumes of alerts, a global talent shortage, and the impossible expectation of delivering 100% protection. Burnout is not just an HR concern. Exhausted teams miss threats, make mistakes, or leave — creating blind spots just when attackers are looking for them. Resilience depends on supporting the people who defend it.

Boards Must Engage

True resilience requires cybersecurity to be discussed in the same breath as financial continuity, compliance, and reputation. Boards must demand clear reporting, ask the tough questions, and treat cybersecurity as a core business risk. Without this engagement, organisations risk underestimating exposure — until it is too late.

Cybersecurity as an Asset

Cybersecurity should not be written off as a cost line. It is an investment that protects continuity, valuation, and customer trust. Just as companies insure their physical assets, they must strategically invest in digital defenses. Resilient organisations already understand that strong security is a competitive advantage, not just an obligation

How Cyber Insight Helps

At Cyber Insight, we help organisations embed leadership into their cyber resilience strategies:

vCISO Services → Bridge the gap between boards and technical teams with governance, reporting, and risk alignment.
Managed Services → Reduce the operational burden with Managed Detection & Response (MDR) and Managed Security Services (MSS).
Tailored Security Stacks → Best-of-breed technologies aligned with growth and risk appetite.
Local SOC with Global Intelligence → South African-based operations with global visibility, ensuring leadership has confidence and clarity.

Conclusion: Moving as One

The most advanced firewall cannot fix a leadership blind spot. True cyber resilience requires leaders, teams, and technology to move as one. Organisations that integrate these elements will not only withstand today’s threats but also emerge stronger, trusted, and future-ready.

At Cyber Insight, we do not just secure systems. We empower leadership to own resilience.

Your Company's secrets. Are they as secure as you believe them to be?

Mon, 25 Aug 2025 13:11:38 +0000

How open-source intelligence (OSINT) gives cybercriminals the tools to uncover vulnerabilities, exploit employees, and launch devastating attacks.

Currently, almost every malicious cyberattack involves open-source intelligence or OSINT. This refers to the collection and analysis of data gathered from open or overt and publicly-available sources to produce actionable intelligence.

The concept of OSINT was initially used to address matters of national security. In the United States, for example, the process of gathering OSINT falls within the ambit of Department of Defence and the State Department.

OSINT is defined by political scientist Jeffrey Richelson as the process of “procuring verbal, written or electronically-transmitted material that can be obtained legally”.

The emphasis on the legal gathering of OSINT is obvious when studying the six categories of information flow that are formally identified as OSINT sources:

1. Conventional media such as newspapers, magazines and radio/TV broadcasts.

2. Online publications, blogs and discussion groups as well as YouTube, Facebook, Twitter, Instagram and other social media websites.

3. Public government data contained in reports, budgets, hearings, telephone directories, press conferences, websites and speeches.

4. Professional and academic publications as well as data acquired conferences, symposia, academic papers, dissertations and theses.

5. Commercial data, including imagery, financial and industrial assessments and databases.

6 Grey literature, including technical reports, working papers, unpublished works and newsletters.

When did OSINT gain its nefarious image?

OSINT is distinguished from research in that it applies the process of intelligence-gathering to “create tailored knowledge supportive of a specific decision by a specific individual or group”.

In recent times individual hackers and groups of cybercriminals have increasingly used OSINT to support targeted and often highly effective attacks on companies and individuals worldwide. The favoured weapons are phishing emails designed to establish a foundation for the launch of company-wide ransomware attacks.

While there are many intelligence-gathering tools and techniques used by cybercriminals, the preferred choice is Google. So much so, that “Google dorking” and “Google hacking” are part of the criminals’ lexicon.

Google hacking involves the use of cleverly-crafted queries to find or “mine” specific information that will seldom appear in a regular Google search.

According to YouTuber Craig Hays, adding in search operators such as “inurl” and “filetype” along with sensitive keywords such as “password”, “secret” or “confidential” can return interesting results.

In an online article, he lists two examples of his own work as a penetration tester.

“I’ve shown leaked password files both on Amazon’s S3 simple storage service and on a traditional website. Below that I’ve done a search on the code hosting site github.com for the phrases ‘BEGIN RSA PRVATE KEY’ and ‘AWS_SECRET’. The credentials you can see give you VPN access into someone’s corporate network and API access to someone’s Amazon web services account.”

He goes on to explain how he used Shodan, a search engine for Internet-connected devices, to find RDP (Remote Desktop Protocol) servers that are publicly accessible from the Internet.

“Once they [cybercriminals] get in they’ll have a foothold on a network to start poking around, elevating their level of access, stealing data and installing ransomware on anything they can see,” he says.

This begs the questions: What information can be found on the Internet about your company and employees? Could confidential data on emails be found by web crawlers or could key metadata attached to documents and images be used to gain insight into the internal structures of your organisation?

As we’ve noted, apparently innocent online data may be used by hackers to exploit vulnerabilities within your company. For example, the advertising of job vacancies may present attentive hackers with opportunities. If you are hiring SQL database engineers, for instance, hackers will realise that there are SQL servers that could be hacked within your company.

If information finds its way on to the Internet about the hobbies or interests of senior executives, it may be used by hackers to launch phishing attacks. Perhaps a CFO has a penchant for water-skiing. He or she may be asked to click on bogus websites featuring the latest boating and skiing equipment - with disastrous results.

Securing a company’s secrets is the task of experienced professionals who are trained to look at apparently-harmless company data through the eyes of the cybercriminal and use knowledge gained through the study and evaluation of countless security breaches to protect and fortify your organisation.

What constitutes a comprehensive patch management policy?

Mon, 25 Aug 2025 13:03:00 +0000

From Log4Shell to remote workforce vulnerabilities — why timely updates and automated patching are critical for cybersecurity resilience.

By definition, a patch is a set of changes to a computer program or its supporting data designed to update or improve it. Significantly, patches have become synonymous with fixing security vulnerabilities and other “bugs”.

Patch management is the process of overseeing the systematic deployment of these updates and fixes in order to correct errors or improve the cybersecurity associated with operating systems, software applications and embedded systems.

The goal of a comprehensive patch management policy is to help protect every asset within your environment, irrespective of category, from exploitation.

With the recent and ongoing increases in the discovery of malware and other high-risk vulnerabilities in many computer systems, a comprehensive patch management policy is now essential to ensure that new patches are deployed as soon as they become available.

Such a policy should be able to identify the most critical challenges facing your security team – challenges that need to be addressed as a matter of urgency – and differentiate them from tasks that should be evaluated as part of your long-term strategy.

Without a comprehensive patch management policy in place, there is a strong chance that you could “shut the stable door after the horse has bolted”. In other words, a patch or update may well be applied too late to prevent a virulent bug from infiltrating your systems, stealing confidential data or inflicting severe damage.

The recent Log4Shell bug represents a case in point. Unfortunately, the vulnerability was revealed before a patch was made available so there was little that could be done by security managers and IT staff other than slog through the Log4Shell vulnerability patching process “after the fact”.

Fortunately, Cyber Insight was one of the first companies to offer a free vulnerability scan specific to Log4Shell which proved to be of great assistance to many IT specialists who were able to return to their festive celebrations without too much delay, secure in the knowledge that any possible security holes were covered and the hackers were being kept at bay.

Nevertheless, events such as the arrival of Log4Shell have highlighted the importance of maintaining an up-to-date software inventory to assist with the management of software updates and patches.

A comprehensive, fully automated patch management policy should also incorporate the management of software licences for third-party applications in Microsoft’s 365 Admin Centre. This process should include subscription management as well as the supervision of routine invoicing and payment procedures. Nothing should be overlooked or “allowed to fall through the cracks”.

Such a policy ought to also apply to software-as-a-service apps that you may purchase directly and, where appropriate, cover app and subscription management through third-party app providers’ portals.

With the concept of the remote workforce expected to gain broad acceptance in 2022, it is necessary to keep corporate endpoints secure thereby ensuring employees’ protection from the latest vulnerabilities no matter where they are located.

With legacy on-premises security systems often struggling to cope with the work-from-home boom, a comprehensive patch management policy is increasingly necessary to handle the patching and configuring of remote systems at scale and orchestrate feature/functionality updates.

Such a policy, well implemented, will help all workers gain access to the latest, most secure software products and computer systems currently available thereby maximising efficiency and optimising productivity.

Password protection is more critical than ever. Here are ten top tips

Mon, 25 Aug 2025 12:21:12 +0000

Why weak passwords still put global giants at risk — and how you can strengthen your own defences with practical steps today.

If you believe that the tech giants like Reddit, Wikipedia and Amazon are at the cutting edge when it comes to cybersecurity and password hygiene, think again.

Acclaimed author Jordan True, who focused the spotlight on a 2019 University of Plymouth research project, reveals that these colossuses of the IT industry have not been too scrupulous when it comes to accepting poor passwords from users in the past. Perhaps they have upped their game in recent times?

“This is incredibly alarming as it perpetuates the use of weak passwords,” she warns. “Nearly every common password was accepted [by the tech companies mentioned] which included repeats of the username, the user’s own name and, of course, the all-time classic, ‘password’.”

Cybersecurity has always been important, but it has become critical today as cybercriminals continue to develop and perfect new and innovative ways to hack accounts and steal your personal data.

So, do you think you can do better and pull one over on the tech gurus? It’s easier than you might think - but only if you closely follow the rules. Here are ten top examples:

(1) Do not re-use passwords. It might be tough to remember a different password for each account or application, but that’s what password managers are meant for.

(2) Use randomised passwords. Family and other familiar names are easy to hack. Be creative and dream up some unique words. Better still, make sure these words are not found in the Oxford Dictionary.

(3) Use more than eight characters in a combination of letters (upper and lower case), symbols and numbers. The longer the password the better.

(4) Do not use personal information.

(5) Don’t document (write down) passwords where they might be discovered by colleagues, associates or curious visitors.

(6) Be wary of unfamiliar devices or devices that you do not control. Your password may be compromised by a keylogger.

(7) Change passwords on a regular basis. It might be a chore, but its easily done if you put your mind to it. Make a date with your computer.

(8) Do not use default passwords. On many systems, a default administrative account exists which is set to a simple default password. These are easy to hack.

(9) Boost corporate cybersecurity by storing user passwords in a way that prevents them from being obtained by attackers, even if the system or application is compromised.

(10) Use two-factor (or multi-factor) authentication where possible. Google has introduced the practice, and it’s one of the best examples of password hygiene around.

At Cyber Insight we encourage companies to introduce and enforce strong password policies while following stringent password protocols. They should be made applicable to all stakeholders - including employees, associates, customers and suppliers – and overseen by effective password management solutions.

Cyber Insight’s plan for Secure Future Protection includes guidelines for enhancing password policies and advocates the application of next-generation tools that can discover and prevent weak passwords while defending against “password cracking” and other authentication-based attacks.

Does ransomware’s evolution point to a cybercrime apocalypse?

Mon, 25 Aug 2025 11:20:11 +0000

From the AIDS Trojan to RaaS, tracing the rise of ransomware and its devastating impact on global industries.

One of the first ransomware attacks ever documented was the AIDS Trojan – also known as the PC Cyborg Virus. Conceived in 1989, it was released on 20,000 infected floppy diskettes labelled “AIDS Information – Introductory Diskettes” and disseminated to attendees at the World Health Organization's AIDS conference in Stockholm.

The trojan hid directories and encrypted the names of the files on target computers. To regain access, victims were required to send $189 to the PC Cyborg Corporation.

The AIDS Trojan, designed and developed by Harvard-trained biologist Joseph Popp (who never faced legal consequences for his actions), is seen today as the prototype for all subsequent ransomware attacks.

With the popularisation of the Internet in the mid-2000s, cyber criminals realised that ransomware could be monetised on a much wider scale and they began using asymmetric RSA (Rivest–Shamir–Adleman) encryption as their encoding medium.

The GPcode, which initially spread via an email attachment purporting to be a job application, used a 660-bit RSA public key cryptosystem, while the GPcode.AK – following hot on its heels - appeared using a 1024-bit RSA key.

From 2011 ransomware attacks skyrocketed. Around 60,000 new ransomware variants were detected that year, a figure that doubled in 2012 and quadrupled by 2015.

Today there are countless strains of ransomware, although from 2016 onwards variants seem to have coalesced into two main categories, “crypto” and “locker”. More recently “double extortion” and ransomware as a service (RaaS) have grown in popularity within the cybercriminal fraternity.

Crypto ransomware variants are mainly spread via email. Generally, this is the attackers’ modus operandi: They first identify a target, probably an employee in a specific company.

They will undertake research. For example, if the criminals discover the target’s Facebook account, they might realise that he – or she – is an animal-lover and is interested in animal welfare.

It then becomes a straightforward task for the criminals to send a well-crafted email focusing on issues related to animal welfare to the target who, in many cases, will naively open its attachment (containing the ransomware) without realising the huge risks associated with this simple action.

Locker ransomware, on the other hand, does not encrypt files. It takes the distinctive route of locking its victims out of their devices. Cybercriminals will demand a ransom to simply reopen the virtual door.

The first hint of a further ransomware evolution came when cybercriminals began to encrypt network accessible resources. In 2017, WannaCry ransomware infected more than 200 000 computer systems in 150 countries, causing billions of dollars in damages.

It was the speed at which WannaCry spread that represented a watershed in the cybersecurity environment and marked the first of what became known as fifth-generation cyberattacks. Another fifth-generation variant was NotPetya, the first nation-state-sponsored ransomware attack.

Since these perceived achievements, cybercriminals have again raised their game, Double extortion malware is now able to launch devastating, multistage attacks on target organisations.

It works by first exfiltrating or removing and storing confidential data from the organisation – not encrypting or deleting it. If the target fails to meet demands, its data and the proprietary information contained therein is leaked online or sold to the highest bidder.

Fifth-generation ransomware and double extortion techniques are changing the threat landscape and priming it for RaaS.

RaaS, as described by cyberthreat researcher and author Jeff White, is “a business for criminals, by criminals”. RaaS businesses provide ransomware to affiliates, usually on the basis of monthly fees and agreements, “like a perverted version of a media streaming service delivering new content directly to their subscribers,” he explains.

White adds that through RaaS, cybercriminals are able to tailor their ransomware attacks to address certain target groups. “This flexibility increases their capabilities and allows them to adapt through trial and error until they find the right mix.”

Is the globe, thanks to RaaS, gearing up for a cybercrime apocalypse? And is your organisation in its path?

Reports highlight a number of industry sectors that have been preferred ransomware targets in 2021. Construction companies were hardest hit – according to one survey - largely as a result of lax cybersecurity in this sector. Also on the list are the manufacturing, consumer goods and services, finance, insurance, travel and hospitality, healthcare and education sectors.

According to Tiago Henriques, a director at cybersecurity insurance company Coalition, ransomware attacks are often successful because "bad actors know that causing business disruptions [particularly in these sectors] can be a strong motivator for companies to pay ransom demands to get back up and running.”

Get Started Now