Blog Layout

Securmeo & Cyberette - Shakespearean period drama. #RUCyberReady’s adaptation

Rimesh Patel CEng

Securmeo & Cyberette

<Narration Starts>


Act 1 prologue.

Two households of different stature, finds cyber security understanding and risk compliance through their use of generational technologies to integrate and collaborate with each others. Breaking down silos for better business opportunities. How they get to making the right digital decisions is a tale of woe and tragedy.


Act 1. Local municipality gets hacked and effects both households. Panic and looting ensues across all provinces.

Scene 1. Craziness and miss-information overload reduces digital alertness in everyone and both households continue to fall victim to phishing attacks.

Scene 2. House prices drop , cost of living goes up . Securmeo & Cyberette’s future is grim. Online discount vouchers stop working. Winter freezes damns so no hydro power, cloudy short days and damaged and stolen solar panels (by looters) means no energy. Technology debt worsens.

Scene 3. Random pirates shore the province bring with them cov-eth, but locally sourced coconut water combined with locally sourced berries provides heard immunity.

Scene 4. Securmeo and Cyberette now living off the land, local berries and coconuts, as does all.

Scene 5. Both start thinking of dating online as an escape.


Act 2. Households gather their resources. Need a way forward.

Scene 1. Cyber insurance declined for all due to no evidence of robust security control and risk management policies.

Scene 2. Mandatory security awareness training for all.

Scene 3. Laptops salvaged and re built with latest malware and OS updates, firewalls/vpn enabled by default. Passwords forced to change.

Scene 4. Spring ensues and energy back through solar panels, some are getting online again.

Scene 5. Some vouchers work but have to click and collect. Robbing still strife - (cameo from Robin Hood)

Scene 6. Securmeo & Cyberette’s both create catfish accounts, in attempts to hide real identity and make private bids on food items through local websites.


Act 3. Food shortages continue to force both households to try online shopping.

Scene 1. In desperation for food, Securmeo & Cyberette find each other on same local website and try to buy each others produce but accounts hacked on the local website and further personal losses seen. They are in more debt as credit card details were stored in their browser as were their passwords. They didn’t use a verified password vault and they thought a unbranded open source browser-vault would be secure. Their households remain without food.

Scene 2. Click and collect in more places, things slowly getting back to normal. So it seems..

Scene 3. Summer is here, all time heatwaves, crops damaged.

Scene 4. Water shortages, health effected, coconut water shortages, berries burnt.

Scene 5. Tropical days and nights for many weeks. Pirates throw an online regular pub quiz.


Act 4. Government funding announced. Both find farming produce online and see popup advert for dating app.

Scene 1. Government announces sustainable farming methods. New household websites launched via government funding.

Scene 2. Both households invest in better security controls, such as Identify Access Management, Data Loss Prevention and DDoS attack mitigations. Also now performing verified 3rd party supplier assessment.

Scene 4. Both households restore digital sovereignty.

Scene 4. Both households create new digital strategy and execute via new market place supply chains.

Scene 5. Securmeo & Cyberette’s find produce and haggle prices on these new digital market places , their deal fails with different suppliers, but dating app advert pops up. They both sign up to dating app, realising a failed society, prospects of the dating app lifts their spirits.


Act 5. Both sign up to virtual immersive fair organised by IT Friars.

Scene 1. Family food stocks still running short.

Scene 2. IT Friar launches smart digital business, with subscription smart device services accepting bitcoins and crypto currencies. Along side a marketing event ‘Join a random online fair’ to launch his food subscriptions delivery box every week!

Scene 3. IT Friar sends messenger to both houses to advertise fair. Securmeo & Cyberette’s are interested in attending. They secretly hope others will use the dating app during the virtual fair, they configure their own profiles with likes, needs and wants on the dating app- hierarchy of needs (Maslow Theory). IT Friars business seems to solve the food issues too! Things are looking up for Securmeo & Cyberette.


Act 6. Dating app gets hacked and Bitcoin stolen. Dramatic finale.

Scene 1. Unknown new malware spreads across the internet. Dating app is also effected. 

IT Friar realises his platform is down too, he done no cyber third supplier checks on the open source software used by his provider. Sadly all his customer profiles were compromised, hackers changed customer profile preferences, including mixing up allergen preferences, hackers changed the ordering system too - coffee and cakes subscriptions are mixed - unfortunately Securmeo is allergic to coffee and Cyberette is allergic to icing on the cake, both are allergic, receive incorrect subscriptions boxes. A few hours left before the online fair, so they both eat the contents of the subscription box and alas, are no more – the allergic reactions ‘Kill -9’ them both. IT Friars bitcoin exchange collapses - crypto and NFT markets crash. Future is uncertain and in unchartered territories.

Scene 2. Securmeo & Cyberette therefore never meet online. IT Friars decides to make things right, opens poly-cloud retail-platform using blockchain web 3 technologies and get his platform certified. Both households subscribe, ditch their catfish accounts, follow GDPR and sell to each other and far across all devolved provinces. {Everyone turns vegan, new online-wellness industry booms.}


<Narrator>

So ends the tale of the tragic digital transformation journey of two households. Now aligned in digital harmony, but at the cost of their own MVP’s. Moral of the story, as a business, your actions of doing no cyber diligence impacts others. As a consumer always download your app from a verified certified trusted source, do your own diligence before subscribing. The digital universe is not all coffee and icing on the cake.


So ends #RUCyberReady’s adaptation

<Narration ends>


Disclaimer : Entertainment purposes only. Adaptation of Romeo & Juliet by Shakespeare and Robin Hood. Credits due to Shakespeare and Robin Hood creators.


#RUCyberReady

#RUCyberReady #CyberSecurity #2024

2024! The Year of Digital Codification!

by Rimesh Patel CEng 30 Dec, 2023
What it means for Cyber Security?

2023! The Year Of Articulated Data.

by Rimesh Patel CEng 30 Dec, 2022
What it means for Cyber Security?

2022! The Year of Federated Ecosystems.

by Rimesh Patel CEng 28 Dec, 2021
What to expect in 2022 for federated ecosystems.

Automating Autonomy

by Rimesh Patel CEng 15 Oct, 2021
What it means for Cyber Security ?

Bring Your Own Security

by Rimesh Patel CEng 13 Jun, 2021
Empower your customers and partners, by not being their digital weakest link.

2021! The Year of Cognitive Monetisation.

by Rimesh Patel CEng 28 Dec, 2020
What to expect in 2021 for digital ecosystems.

Owning Vulnerability Management

by Rimesh Patel CEng 17 Aug, 2020
For your customer it means they feel safe and confident that your products or services are less likely to get caught out by the trending hack in the news. For your business, it means you are not the weakest link in the supply chain, and for industry, you can interact with others who also demonstrate good governance a chosen threat and vulnerability management framework. A vulnerability management framework has to consider assets, inherent risks and frequency of threats, including; Secure Development Life Cycle Programme User Acceptance Testing & Penetration Testing Risk Remediation & Ownership Resilience Services Patch Scheduling A vulnerability management programme will unite the above into one programme that will increase your security posture. If you are dependent on your online internet facing servers, laptops or devices, then having a dedicate resource is recommended, you can also look at outsourcing repeatable activities, however assessing each risk should have final sign-off from internal leads only. Internal risk postures are constantly moving as are external ones, so making the assessment on how actual attack vectors are going to effect your core business activities is best done internally as the vulnerability categories for risk remediation is only understood by you - including how they effect your security policy. You might have a vulnerability management policy, especially if you are risk appetite is low or your core business interacts with regulated products like heath devices, smart vehicles, utility services or any critical service. Having a dedicated policy will let you validate you have selected the right framework to make assessments of each vulnerability and making sure old vulnerability patterns are not repeated. A good vulnerability management programme will make sure you own your risk and have the right security controls in place, even if you use compensatory controls, they too will be in scope for vulnerability tests, so you must know how your resilience frameworks take effect if those controls fails. SAIBER Ltd's Vendor Neutral Vulnerability Management package will let you execute vulnerability management efficiently by empowering your resources will the correct mechanisms that consider all the above, including technical assessments. #RUCyberReady

Using Data Telemetry

by Rimesh Patel CEng 10 Aug, 2020
Telemetry is a concept used within communications systems, whether physical or digital that provides remote measurements. For your security staff, it means during an incident response they remain less disenfranchised on the severity of an actual incident. For the business it means during an incident the managers are less disenchanted on what factors to consider when trying to uphold a security policy, and for the industry, it allows us to share security operations data with others in a cleaner way - as we would have specified, using telemetry data, how an incident should be triaged. Combining these methods will not only keep your security operations teams better informed, but also let you increase your security posture throughout the organisation and technology estate - so as you move towards 5G, Cloud services, IoT or other Hybrid systems, you still have the ability to know what to monitor. Network Operations Centers typically use telemetry for performance and capacity bandwidth monitoring and now with the many next gen style non-perimeter-based integration points, the same concepts can be used to enhance security postures for different departmental technologies. Your organisations internal and external activities are likely to be complemented with the below business functions, and it's here that telemetry can enhance data quality ; SMART sensors and ecosystems Security Engineering Solution Design Quality Assurance Spatial Intelligence Object Orientated DevOp Methods Departmental Data Business Workflows Commonly associated with Telemetry are Metrics, Events, Logs and Traces (MELT). Your overall business process that uses technology components should be able to produce basic MELT data - it's this data that will help you gain better efficiencies, and from a security perspective, it is likely here that indicators of compromise (IOC) or indicators of attack (IOA) can be better considered for behavioural analysis and anomalous activity detection. What data will you need to validate that an IOC or IOA has affected your security operations policies, how can that data map to industry cyber categories within the Mitre Attack or Cyber Kill Chain models. These models typically feed off vendor logs; however, you can significantly enhance how these models enhance business resilience through better incident response and management activities - even automation efforts as they allow you to introduce a 'control signal' though the chain of command by a specific MELT ensemble. The combination of telemetry with your own technology platforms can let you compliment your organisations security policies, so when you get an alert, its already qualified. SAIBER Ltd's SME Solutions Package will consider vantage points like these to give you the best security posture you can have. #RUCyberReady

Data Discretion

by Rimesh Patel CEng 03 Aug, 2020
For consumers it means they have better confidence that their business data has been considered to represent data privacy. For businesses it means they can better apply security controls during risk assessments as data is better categorised against actual business data sets, and for industry, it allows us to assess third party suppliers more granularly against data regulations. In practice, the use of data discretion will let you better categorise for cyber solutions such as DLP, IAM, OWASP & WAF, SDLC and even DDOS. Historically you might have used all these solutions to monitor hardware and software compromises only, but now, the data layer of your ecosystem also needs monitoring. It has always been there, we just never had a need to strongly demonstrate how these solutions help with data monitoring, for example, for insurance purposes, how does your system guarantee that data remains within its applicable scope, what mechanisms do suppliers use to demonstrate data process is regulated for applicable laws. It is only when you identify which data categories are applicable to your business processes can you then understand how the different technology abstract layers that you have will allow you to take your quantitative data so you can consider it like qualitative data by using relevant data attributes for predictive, interval, concept or heat mapping activities - at this point you can be sure that your selected cyber security control frameworks are going to better serve you as you know where to implement control mechanisms to mitigate your technology risks which interact with all your data classes, sets and reference categories. Our packages at SAIBER Ltd take into consideration techniques such as data discretion by design already, so you can feel assured your data journey is aligned to your cyber security controls on a granular level for your product design, devops engineering, micro-services, giving you data based security operations so you can reflect this with ease into your polices, governance structure to have the security posture you deserve. #RUCyberReady
Vendor Neutral

Being Vendor Neutral

by Rimesh Patel CEng 26 Jul, 2020
 Executive: Didn't we just spend £millions upgrading IaaS, PaaS and SaaS? You: Well, the vendor needs us to spend a little more to access the full security features and controls that we need.    This scenario is typical of most businesses, and demonstrates that you're only as secure as the products you use, and in some cases the products have become the weakest link in your business. We knew this already, yet somehow, we still manage to fail the external audit or experience the consequences of having mute-security controls that were meant to work 'straight out of the box'.   Being vendor neutral gives you a considered ability for broad compatibility, interoperability and changeability of products and technologies. Your technology selection should complement your proprietary designs with unbiased business practices. It's not always about following others in the market-place on which vendor solutions are used in each industry, but instead, what considerations are involved in your vendor selection process? Will it increase the internal capabilities of your team? will the solution allow you to have better governance or engage the diverse technologies of other economies? at what cost?   Vendor neutrality by design is not new but becoming a rediscovered design principal within cyber security especially as we become challenged to consider other influences within the vendor digital transaction and ecosystem such as privacy or data integrity. Your vendor selection should not limit your core business or have a need to up your resources skillset for the solution to work - you've paid a premium, the security controls within should 'just work' - and indeed some vendors today are giving value straight of out the box as they know your business definition of holistic-layered-defence is better complemented by their solution without any vendor lock-in mechanisms.   Of course, there are times when you must take the vendors lead, but if you can't explain why it helps with risk mitigation or operational success then you're already within the vendor lock-in zone and need to consider your vendor exit strategy.   It doesn't just mean to find the first open-source or open-systems provider in your industry, you have to consider how you are empowered by them to integrate platforms and systems through your business functions - you want to set trends, not follow them and for that you need qualified assistance where our products at SAIBER Ltd have already considered vendor neutrality by design and work alongside your business to ensure your cyber security posture progresses the right way.    #RUCyberReady 
More posts
Share by: