It is not just about training your staff with a blanket awareness programme. Every organization is different in its nature of business, in breadth and in depth. It is ineffective to have one cyber training framework for the entire organization.
We need business centric awareness at the board and senior management levels; operational centric training for the mid-level and technical oriented training for the specialized groups.
Many organizations continue to focus on achieving high compliances rather than addressing their operational vulnerability. It is important to know that scoring high compliances does not imply high security posture.
Deep Vulnerability Assessment and Penetration Testing (Deep VAPT) is key. It is important that Deep VAPT be performed regularly by world-class professionals from countries at war. Such groups typically come with strong experiences in countering state funded threats and attacks.
Unlike the past, advanced threats today are highly sophisticated and stealthful. Alongside that, mainstream protection technologies have also evolved from primarily signature based filtering to various forms of advanced, non-signature centric detection. Unfortunately, the fundamental is still about detection. With millions of new advanced threats being developed and proliferated daily in the internet, most of such threats are not detectable in the first place.
Non-detection centric strategies become critical. Such strategies should be deployed to augment the chosen detection technologies to complete the protection framework.
A 9-layer, ultra-deep-scanning anti-malware & sanitization powerhouse augmentable by uni-directional data diodes with Wintel based proxies
A 1G high-end cross-domain and data diode solution with Linux based proxies for CII protection with patented segregation technologies
A SCADA monitoring platform that specializes in real-time behavioural analytics of OPC data passively extracted from control systems
A low-cost, ITIL/ITSM compliant all-in-one Enterprise IT Operation Management platform
An end to end open source software consulting provider specializing in compliance, support, security, management and governance of open source
A platform-agnostic hardware-isolated computation and storage system with HW root of trust
An independent assurance services consultancy focused on providing corporate governance, risk management, and internal audit for exchange listed companies
A 100G ultra-high-speed NetFlow-based network behaviour and performance monitoring appliance
An effective emergency cyber incident response service with dynamically up-to-date global malware intelligence knowledge base
An online cyber incident response planning platform as an critical & integral part of corporate ERM & BCM