Last week I was helping a customer with their incident response policies and processes. All was going well, and then SOAR came into the conversation. SOAR is another one of those vendor/analyst-invented acronyms and stands for Security Orchestration, Automation, Response. Wow. That sounds great. If there is an incident, it…

Starting on 2 November 2022, I began to see posts like: “We’re seeing some incredibly targeted phishing attacks happening this morning. They’re referring to specific email chains that have happened in the past. It looks like a data breach [..] is being used to harvest actual emails to make a…

In short… …because your infrastructure and security measures differ from what was claimed on the cyber insurance questionnaire. Why is there a difference? It’s bad enough to be a victim of a cyber attack. …

The government and law enforcement are not going to save you from cybercrime. This was the blunt message from Sandip Patel KC. While this may sound hysterical, Sandip has experience. In his time as a prosecutor, he secured convictions for high-profile cybercriminals, including: Jake Davis — the LulzSec administrator from…

So you’re thinking about ISO 27001:2022… the international gold standard in security certifications. So what does it take to achieve the certification? Is it easy, or is it the gold standard for a reason? The Process There’s a strain of modern marketing that sells — “Get X super-fast”. Here’s the shortcut. It’s…

Why Do We Do Cybersecurity? While this question could descend into idle navel-gazing, it’s one we regularly ask at Fresh Security. The answers are pretty predictable: It’s the right thing to do — “You’re always going to pay for security… the question is whether that’s before or after a breach.” We’ve been breached. We need…

Every new Fresh Security customer receives a handwritten Thank You note. Each note is unique, written in black ink on handmade paper with a thin Nile Blue border. The envelope is lined with Nile Blue tissue paper, handcrafted in England. …

Recently I conducted a roundtable with a room full of IT resellers. One who had been in the industry for over 10 years shared a story about what it’s like to work in IT today. “When I started, it was common to have 6–9 months to figure out a new…

After every shock or atrocity, there is a time of recoil. A moment of — What was that? This pause happens whether it’s an event of world significance, a purely personal one, or a cybersecurity incident. What happens next is crucial. Recoiling is OK, as long as the next step…