Make your basics brilliant

Welcome to the new 57 cyber warriors who joined us last week. 🥳 Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 keynote stage. Want to receive our weekly newsletters on LinkedIn? Subscribe here.

This week we’re focused on…📣

The brilliant basics of cyber hygiene. Or getting the basics right. Or whatever you like to call it. 🤔

Actually, we’re not just talking about getting the basics right; we’re talking about getting the basics right, and then continuing to keep them right, through the power of the human ability to observe and assess what technology is doing.

Can’t tech verify its own efficiency?

During a panel discussion about cyber hygiene, Rasha Abu Alsaud (EVP and CISO at Saudi National Bank) said:

“I think it’s important that in addition to the reliance on technology, manual validation needs to be practised as well, to check the effectiveness of the controls in place.”

In the era of AI and automation, the notion that we still have to manually validate technological processes in cyber is still highly relevant.

Yes, the tech can report on its own processes. But then the question is whether those reports are always accurate – and what happens if technology is left to self-perpetuate its own inadequate reporting and its own inefficient processes.

The basics of cyber hygiene

The basics of cyber hygiene are widely agreed to be:

📌Using strong passwords (and changing them frequently)

📌Keeping on top of software updates

📌Not clicking on potentially nefarious links

📌Using multi-factor authentication to protect data and third party entry points

And these basics apply to both organisations and individuals.

Many cyber hygiene tasks can be automated – and many vendor products today provide regular automated reporting on hygiene too. But what if those reports are missing crucial details❓ What if they’re reporting on outdated information about endpoints, users, or critical data❓

And what if those errors don’t get picked up and fixed, so the accuracy gap gets bigger and bigger with every automated report that’s produced?

Cyber hygiene audits, led by people 👨‍💼👩‍💼

Cyber hygiene isn’t just one process, and good cyber hygiene can’t be determined by one piece of reporting software. It’s lots of different technologies, lots of different manual processes, and lots of different automatic processes – that all come together as one bigger picture.

For example, cyber hygiene includes…

• How data is encrypted and stored
• How you document processes and tasks, and how employees access that documentation
• Visibility over third party apps and users
• Authentication processes
• Patching

…and more.

Different technologies can audit how well these various aspects of your organisation’s overall hygiene are being monitored and protected. But to get a clear view of that overall hygiene, you need a human to audit the audits; to work through those reports, pick up on inconsistencies or missing information, and make sure that the tapestry of your security system isn’t missing any crucial threads.

Automated auditing is good. Manual auditing is also good. And together, automation and human validation make for much greater cyber resilience.

Do you use human validation to check your cyber hygiene?

1. NO - it’s all automated 🖧 vote

2. YES - a combination of automated manual validation 👨‍💻👩‍💻 vote

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 02 August 2023.

Catch you next week,
Steve Durning
Exhibition Director

P.S. - Mark your calendars for the return of Black Hat MEA from 📅 14 - 16 November 2023. Want to be a part of the action?