Doing X things to protect your organisation is not the best cybersecurity strategy.

It is no longer a case of do these ‘X’ number of things and your business, organisation or self will be secure from a cyber event.

We have all seen, read or been told that you need to do this or don’t do that (I even wrote an article recently on just that) to fix your cybersecurity.

This attitude is wrong.

All it does is focus you on the ‘X’ number of things that are considered important, it does not fix the overall problem of digital protection, cybersecurity and protecting the organisation’s data against a cyber event.

Today’s threat market is all about two things:

Risk management

Managing the risk to your organisation is totally dependent on the organisation.   Get it wrong though and the organisation is open to litigation, compliance and reputation challenges.

Defining the risk and then mitigating, reducing or ignoring the risk depending on your organisations risk posture.

That risk posture has to have a basis in fact.   Every organisation is different, therefore every organisations risk posture will be different.

“She’ll be right”, “it will never happen to us” and “we have nothing worth stealing” are stupid risk postures and should be avoided at all costs.

Lets take patching – you can not implement a patching process if you have not looked at the associated risk of applying, waiting or ignoring a patch to software or operating systems.

Some patches are critical and the risk to the organisation outweighs the impact of a cyber event.   These need to be applied immediately.

Other patches could mitigate some risks to a system and can be applied as part of the patch process.    We recommend within 15 days.

There are also patches out that would have minimal impact on a system.   If the system was not patched and it was compromised they would not get access to critical data.   These can be applied based on the organisations risk posture.

Looking at the overall risk to an organisation will drive the security around that organisation and the underlying risk associated with a breach can be discussed as part of the overall business risk assessment.

Using frameworks

When used correctly a framework increase the awareness and security around an organisation.

We use NIST, but any framework will do.

A framework allows an organisation to take the blinkers off and focus on the organisation as a whole.

It is a holistic approach to protecting the organisation from a cyber event because it looks at a number of related but often overlooked,  important features of digital and cyber protection.

Each of the components of the framework allows the organisation to implement change in a managed and focused way.

It allows an organisation to improve security, with each change benefiting the organisation.

It is a process, not a knee jerk reaction to the next threat.

Business security is not about implementing a decent firewall, installing end point protection and sitting back because you think you are safe.

Business security is about education, policies and procedures, business continuity, visibility and viability.

This solution cannot be achieved through reaction, it needs to be a proactive process embraces by all members of the organisation.

What every CEO and CIO should know about cybersecurity

The problem with cybersecurity is it is not sexy.

In most cases it is down right boring.

Although not sexy and down right boring it is still something that every CEO, manager, owner and board member has to focus on.

With all of the automated attack vectors available to the cyber criminals, we can no longer say we are not a target. We cannot say we have nothing worth stealing.

The more and more reliant business has on the digital world the greater the chance that a cyber event will cripple the organisation.

What are the main things that every management type needs to focus on when it comes to prevention of a cyber event.

Here are a few!

The cost of a cyber event.

The cost of a cyber even can range from lost time and functionality within the organisation to more money than the organisation can find to pay for the breach.

Cryptovirus is an example of lost time and functionality. If you do not have a functioning and tested backup of the data, you have to rebuild the offending device but you will also have to also replicate all of the data.

A full blown breach by a dedicated black hat hacker can steal everything and then use your system as a platform to target your clients, suppliers and staff. When that happens you realize that you are NOT too small to be a target

How they get into your system

The go to weapon of most cyber attacks is social engineering. Two parts of a very effective attack strategy. The technology to effect change, follow a link to an infected website, click on an ad in social media or open an attachment in an email, combined with getting you to trust them where you let them in.

Either way they are now in.

Risk and problems just compounded.

Simple ransomware for instance, the initial encryption of data is only one of the stages of the attack. What about stage 2,3 and 4.

Wannacry showed us that a combination of 2 attack vectors allowed a single infection to traverse a whole network. One computer is a problem for any organisation. All of the computers is a nightmare.

The protection challenges

In most situations managers, owners, executive and board members do not understand the digital realm. Risk management of data (a critical component in today’s business world) is often overlooked and considered an ICT problem.

Its not! Today’s digital security challenge is everyone’s issue and the sooner it gets noticed as a business risk and treated as such the faster we will see a reduction in attacks.

From the largest organisations to smallest single entities, we all keep critical data in places that are easily accessed, relatively unprotected and mobile.

What are you doing to manage the expected cyber events that could cripple your organization?

There is no single, simple fix. If there was everyone would be safe.

It is a complex issue and one needs to dedicate some time, money and expertise to understanding the issues and risk associated with a cyber event.

Come to one of my intensive workshops it will open your eyes on your business requirement to be safe as an organistion.

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.
He was Runner up in the 2017 worldwide Cybersecurity Educator of the Year award and has been nominated for the 2018 Cybersecurity Educator of the Year award.  
He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

Cyber event – Why does it take so long for answers?

Have you ever thought to yourself – that hack – Cyber Event –  happened 6 weeks ago why do we not yet know what happened?

The problem with today’s cyber events is actually how complicated and complex that hack or breach was to achieve.

Like every criminal they like to cover their tracks and there are a huge variety of ways to do that in the digital world.

How many out there have fudged on our profiles – old photos (missing the gray hair), wrong birthdays, wrong year of birth.

So the first problem – who just hacked my system?

Everything can be fake.

If you, an honest law abiding citizen, can lie on your profile why then can’t the bad guys.

We only lie about our profile out of vanity, they do it because they are legitimately trying to hide.

This is the first hurdle when it comes to identification.

Little or no information.

In addition they use what we call handles – think old radio speak “over and out rubber ducky”.

Today’s handles are a little more complex, or they convey some level of anonymity.

The calling card of a cyber event

The calling card of a cyber event

The second problem – what system did they use to hack my system?

The internet is full of systems, information and attack weapons that are easy to use, have large quantities of how to’s, help and videos.

That is just the internet.

If you want to know more get onto a chat room on the dark web and see what happens.

In addition to this there are also a vast range of ‘Proxies’.

These are devices and systems that have either been hacked and the owner has not discovered it or have been put together in other countries and locations specifically used as a way to hide the next attack.

The third problem – what has actually been stolen?

Everything today is data.

If I steal money from your credit card or bank account it is noticeable in the real world. I can see that someone has removed money from my possession, in some way. Stealing money from you then comes down to making you trust the transaction.

If I can steal $20 from you with an illegal pay wave transaction will you notice it?

But data is different. When i steal data from you, the information stays in the same place.

I am stealing a COPY of that information.

What I now do with that information will not have an impact on the original copy of the information.

If I have removed that data, how do you know that I have done that?

Each one of these steps can take hours, weeks, months or years to unravel. In that time the general public, industry, regulators, government and press are screaming and carrying on. To find out what happened.

Roger Smith is funny, scary, on point and is focused on one thing – increasing everyone’s awareness and understanding of the problems and issues associated with the digital world.
He was Runner up in the 2017 worldwide Cybersecurity Educator of the Year award and has been nominated for the 2018 Cybersecurity Educator of the Year award.  
He is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one on Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.

 

Why Securing your data is so important!

Like all organisation in today’s business world, we all collect information!

That information is used in your core business.

Your core business requires you to collect information.

This information is used in your client relationship management system for sales and marketing, your messaging system including email, your R & D, your accounting and financial system and your HR and pay systems.

Today, all this information is digital.

If you do not keep your information safe and secure it can have an impact on everything you do.

You can lose your clients!

You can lose your money!

You can lose your edge in your industry or

You can even lose your ability to function as a business entity.

No business entity!

No pay packet!

So it is in everyone’s best interest to keep that information or data safe.

As an organisation you may have put in second generation firewalls, intrusion detection systems, anti-virus, SPAM detection and management systems to protect your information from outside the organisation.

Technology is important but there is something that is more important.

That critically important part is to educate your most valuable asset, your staff and users, and give them the knowledge to help themselves.

We want to help you understand why it is so important to protect yourself in the digital world.

Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.   
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI.   He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.
What is the difference between a Penetration Test and a vulnerability scan?

Ransomware for Medical devices – what happens then?

One of the biggest problems with our bright new shiny digital world is everything we do or use today has some level of digital components.
We know that everyday computers, smart devices, mobile devices and gaming platforms, are digital in nature.
We forget that Fitbits, Internet of Things devices and medical devices also have some level of digital incorporated into them.
So what happens to these devices if they become infected with malware, even worse if that malware is a ransomware.
If I had a pacemaker installed in my body and the medical staff lost control of it (that is what malware and Ransomware does, removes their control and gives it to someone else) I think that I would get a little panicky.

Definitely a WTF moment.

Most medical devices are either WiFi or blue tooth enabled.   That makes them relatively easy to break into.
Researchers have been looking at compromising medical devices and in 2015 there were 25 known vulnerabilities in some of the most popular devices.   What about the unknown ones, how many of them were there?
We all saw what happened with IOT devices when Mirai was released on the internet late 2016.   It compromised a certain level of device that had a hard coded username and password in the system.
We also saw what happens when the wannacry ransomware hit and the fall out from that in May 2017.

Now imagine a wannacry variant that targets your pacemaker.   “Give us $1000 or we stuff around with your heart!”  That would certainly make your life pretty interesting.
What’s to stop it happening?   Whats to stop it happening right now?
I keep coming back to people taking responsibility for the code they write.   I think we need to have a serious look at our new and shiny world and do something about it.  Before it is too late and people start dying!

We need to think things through.

Think like the bad guys.
Oh, and before you say “why would they target my pacemaker?” In most cases it is because they can.
Roger Smith is a highly respected expert in the fields of cybercrime and business security and is a Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity) on Cybercime, Cybersecurity and the hacking techniques used by the digital criminal.
He is an Amazon #1 selling author on Cybercrime with his best selling book, Cybercrime a clear and present danger, going to number one in 3 sections of Amazon.   
He is the primary presenter for the Business Security Intensive (BSI) and author of the Digital Security Toolbox which is given away for free at the BSI
He is a speaker, author, teacher and educator on Cybercrime and an expert on how to protect yourself, your staff, your clients and your intellectual property from the digital world.


What is the difference between a Penetration Test and a vulnerability scan?

Duty of Care in a cybercrime world!

We are all connected in today’s world through the invisible and mostly unknown world of the internet.
We practically do everything in “cyber” space.   From ordering food, organizing a date to storing our whole lives in bits and bytes.
Email, social media, web and mobility are all driving our world.
Everything is connected to the internet!
So who is responsible for making sure all that information, all of those little bits of information is safe.
Is it the person who supplies that information?
Is the organisation collecting it and storing it?
Is it the Governments responsibility?
We all know that it can’t be the people who are are collecting and storing the information.   The giants of the internet tell us they are just a platform!
We click through all of these legal documents, acceptable use policies, that have been designed to protect them from practically every eventuality.
SME’s don’t have that luxury.   Our reputation is our only constant and we need to keep it safe.   When it comes to SME’s, ask these questions.
What is the difference between a Penetration Test and a vulnerability scan?

What is the difference between a Penetration Test and a vulnerability scan?

If you are collecting that information – What’s your duty of care?   

Have you done everything in your power to protect that information?
Have you done everything to comply with all of those regulatory requirements that make doing business difficult?
To support your clients, customers and staff are you protecting their information?
If you are supplying the information – what is your duty of care?
Have you asked the simple question, how much information am I putting out there.   When I take a photo and upload it to social media have I removed the geo tags.
When I get into a conversation with someone on social media am I checking their “humanness”, are they really that person?
Am I mistrusting everyone, am I paranoid about everything, am I aware of some of the things that can significantly impact my life, both in the real world or in the digital.
These are the questions that we need to ask and here is some advice.
In today’s world have you done this?
  • “TRUST NO ONE”
  • Be aware
  • Get paranoid and
  • Use some common sense.

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Stopping Cyber Events, It’s all about focus

Until the people in charge, managers, board members realize that

  • cyber crime is not going away,
  • no one is immune and
  • protection is everyone’s problem but needs to be addressed from the management down

We will continue to have spectacular cyber events.

Spectacular cyber events that cross over from the internet into the real world.

Stop the blame game and focus on the solutions.

The solutions need not be expensive, but they have to be implemented.

They are your first line of defence.

In today’s social media driven world any mistakes will be highlighted, in some cases spectacularly.

People no longer keep they mouths shut.

They open their mouths for political gain, to score points, to settle old scores, for just plain vindictiveness or they are just being idiots.

The information will come out.

The information will come out whether you want it to or not.

I was told something a long time ago.

It was called the today tonight test.

and i think that it still applies today.   If i had made a mistake and someone put a TV camera and microphone in my face would I still be able to say that i acted in the best interests of what ever i am talking about.

If i could then OK, if not why not?

Armed with this piece of advice I have kept it in mind with everything that I have done since.

I think it is about time that government officials, politicians, board members and C level executives went back to applying the same principle.

If you stuffed up, admit it, take the bumps and bruises and get on with fixing the problem.

The Japanese attitude of fixing the problem not assign the blame is really important in today’s world.

The rain of cyber events

We are all still looking to assign the blame

In the last cyber attack (wannacry) the blame game has once again come to the fore.

  • Stop thinking that the cyber event will not happen – it will
  • Stop thinking that the cyber problem is going to go away – it will not
  • Stop thinking that investing in cyber event prevention is too expensive – it is not
  • For F!?k sake, Just stop

Today’s cyber criminal needs you to think that the operating system is fine even though it hasn’t been updated or patched in years.

Needs you to think that easy to remember passwords are not a problem.

Needs you to think that your staff are informed or trained enough to prevent a cyber event – they are not

Needs you to not invest in better security around everything digital.

Needs you to think that the whole cyber problem is an IT problem.

The cyber criminal is happy that you think that, because that is how they get in.   Once in, well we saw the repercussions on the weekend of the 12 May 2017.

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Why Business Security is a specialised field

I am sorry, but if I hear another IT person or manager express that they do not know how they were target by malware when they have Anti Virus I am going to scream.

The issues and problems associated with Business Security needs to have a different and more refined and robust focus than normal IT.

They need to focus on what the bad guys are actually capable of.

Normal IT, in most organisations, have a primary focus of keeping the lights on, making things work and keeping it functional.

We have to stop thinking that Business Security is the realm of IT, because it is not.

Business Security is a whole of business process and HAS to be treated that way.

This is why you need a professional who is focused on the security component of an organisation.

Someone who can cross all of the areas of the business and get all levels involved in the process.   For small and medium business, this is an expense that few can afford.

The ways that a system and organisation can be compromised are numerous, and in most ways are practically invisible to small and medium sized organisations.

There are also numerous reasons that they are targeted, but automated systems are the primary contender.

The only reason they are targeted is that they are connected to the internet.

The bad guys need no other excuse than you have a digital device and it is connected to the internet.

In addition small and medium organisations do not have the three things that are vital to protecting the organisation:

  • Skills
  • Time
  • Money

Investing in these things are normally outside the purview of ordinary business.

Its not from want or trying.

Most want to be secure.

They just do not know how to get to that next level, and if they knew would not have the above resources to make it happen.

Cybersecurity / Business Security is a typical catch 22 situation.

Professional Business Security Support

You need to invest in the skills, time and money but do not have the skills, time and money within the organistion to be able to apply what you need.

This is why you need a framework.

A framework that is going to apply a progressive protection strategy around the business.

That framework can be any of the available frameworks but for small and medium business i think that mine would be a great place to start.

My framework puts technology, management, adaptability and compliance into a system where each additional components makes the organisation just that little bit more secure.

Try it here

In addition a managed Security Service Package is a great way to make your money, expertise and time go a lot further.

Most MSSP’s will look after all of those critical components of an organisation.

They have the skills to do it, they have the expertise to make it more secure than an untrained person and will definitely make your money go a lot further.

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

What are the riskiest network TCP / UDP ports and how do you secure them?

Vulnerabilities do not rest on TCP ports, they rest on services.

Any TCP port can be open but if there is no corresponding service using that port an attack on the port will most probably fail.

There are exceptions to this – TCP Port knocking and encryption allow a port to be open but will register as closed.

All hacking / malware attacks are targeted at those services and each of those services can have different applications behind them.

A little background – A Quick introduction to hacking.

Vulnerabilities are discovered and used in attacks based on a number of things:

  • application, – what is the application that is using the TCP port, Apache and IIS have different vulnerabilities and they both can be as unsafe or as safe as each other.   It depends on the attacker, defender, version and the installation process
  • version, – one version will be more secure that the previous one – In the labs we demonstrate a problem with VS-FTP version 2.3.4 it has a back door hard coded into the software.   Anyone who knows that can use it to compromise the server it is installed on.   By upgrading to 2.3.5. you remove the vulnerability and the back door.   With the introduction of IOT the main vector of attack are port 80 attacks and hard coded default usernames and passwords
  • installation process – the installation process for a number of applications have a default username and password.   If these are not changed then the system is vulnerable.   Tomcat and vnc are examples of known default usernames and passwords.
  • interaction within the application and the operating system. – there are a number of applications that are vulnerable when installed on a specific type of operating system.  Code red – targeted port 80 (HTTP) to attack the SQL components of a web server on port 1433 (MSSQL)

Fingerprinting and scanning

This is the process of finding out what application and services are behind the port.

It also tells us what version is running.

A simple NMap scan will deliver this information to anyone who knows how to use it.

A simple Nessus scan will reveal even more!

User rights and shell

A hacker needs 2 things to be dangerous.

He needs to have the authority – administrator (god) access and he needs to create a shell, something to run commands, scripts or applications in.

You can still do damage to a system if you have less than admin access but it is only to the application that is running – compromising tomcat will give me access to the web server component of a system.  There are ways to escalate the user from a service to the administrator.

If you do not have the ability to gain a shell then most attacks will not work.

In the world of penetration testing we can discover hundreds of vulnerabilities but only one or two or ten will enable me to compromise the system with both administrator access and a shell.

They are the only ones we report, resolve and remediation.

Hackers use Google and YouTube

Most hackers will find information on what they are targeting, how to do it and what they need to do through a basic search.

So with that all being said – here are the top 20 ports with their corresponding application. Insecure network services

TCP PortsPort numbers

  • 21. TCP – Ftp – file transfer protocol – one of the oldest ports on the internet and is used to transfer information from one system to another over a TCP connection.   Can be used in Command and Control of malware.
  • 23 – TCP – telnet – the most basic of shells, can be used to transfer commands and scripts from computer to computer.   Unencrypted and easily captured.
  • 25  TCP – SMTP – email servers – exchange, sendmail, and any system that has been designed to send email as part of its system requirement.
  • 69 – UDP – TFTP trivial file transfer protocol – used to update and transfer information from computers to routers.   Information can be intercepted because it is a UDP connection.
  • 80. TCP – HTTP – hyper text transfer protocol – Apache, iis
  • 143 – TCP – imap – mail protocol
  • 110 – TCP – pop3 – mail protocol
  • 443 – TCP – HTTPS secure hypertext transfer protocol
  • 53 – TCP/UDP -DNS domain name service – bind, windows
  • 8080 – TCP – tomcat  management –
  • 161 – TCP – SNMP –
  • 3389 – TCP – RDP – remote desktop protocol
  • 4444 – TCP/UDP – metasploit
  • 1433 – TCP – SQL
  • 137,138,139 – UDP – netbios
  • 1723 – TCP – VPN PPTP
  • 9100 – TCP Internet Printing
  • Gaming ports – inbound and outbound – some games install and connect to a web based server on a specific port based on the game.   The game allows an attacker to use the game as a platform to store and activate malware.

There is no way to secure individual ports and their applications except to make sure the application and operating system are up to date.

There are a number of ways to protect an organisation:

a second generation firewall / next generation firewall will inspect packets at the network, data and physical level as they enter and leave and compare that information to its database.

If an attack is indicated it will either stop it or move it to a sandbox.

The other ways are through logging, auditing and reporting.

Depending on the size of the organisation a SIEM maybe necessary, but a process of alerts is vital to catching the initial components of a breach.

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Why do i need a Managed Security provider?

Why are we the weakest link in cybersecurity – we just don’t care!

The threats are NOT imaginary.

The threats are real!

The visibility of the wannacry attack actually highlights how vulnerable the world is with its reliance on all things digital

Zero day exploits and known vulnerabilities are available for every operating system, including IOT devices.

 Anything with a digital signature can be hacked.

Where it all breaks down is that in most cases there is a human who is attached to the device.

A human who has the ability to veto all security measures in their hurry to do something, anything with the device.

How often have we seen the “updates available” on our server, laptop, smart device or application and have been in too much of a hurry to apply them.

In most cases it would take 10 minutes out of our busy daily schedule, 10 minutes where we have to find something else to do – not screen related.

cybersecurity We are so busy that we cannot find that 10 minutes?

Most systems are now being designed to make it obvious, and will persistently tell us that we need to update.

What do we do?

We complain that we do not have enough time.   We are too busy.   We cannot stop for that brief space of time to increase our security.

The SMB patch for wannacry has been available since march, that is almost 8 weeks before the cryptovirus attack, but the impact was significant because we were too busy.

I thought that we had learned from the “code red” attack in the early 2000’s, that patching is a very important part of digital security, obviously not!

“Code Red” crippled the internet because of un patched SQL servers, the patch had been available for 3 months prior to the release of the virus.

Most of the problems with security in the digital world is US.

We are too focused on our tools to see the underlying features that have actually been put in place to protect us.

There is a quote I often use in my training “THERE IS NO PATCH FOR HUMAN STUPIDITY”

 We are the weakest link in cybersecurity, in the digital chain where we should be the strongest.

In most cases we are very stupid!

Roger Smith is the CEO of R & I ICT Consulting Services, Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime, Presenter for the Business Security Intensive, author of the Digital Security Toolbox and Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world.