During a recent grey box web application penetration test, our experienced testing team uncovered a significant vulnerability, here is what we did...
During a recent grey box web application penetration test, our experienced testing team uncovered a significant vulnerability, here is what we did...
Businesses need to stay informed about the latest developments in cybersecurity. Read on to explore the future of cybersecurity in 2023 and beyond.
Multifactor Authentication (MFA) is becoming an essential and mandatory step toward significantly reducing risk. But what is MFA and how does it...
Discover three common mistakes in cyber incident response planning and how you can avoid them.
Learn the difference between business continuity, contingency planning & disaster recovery, and why it’s important for your business to plan for...
Businesses have started to realise the importance of a robust cybersecurity function. So how much does cybersecurity cost?
Businesses in the e-commerce industry need to prioritise their information security. Learn about five key ways to safeguard your online business.
Use these 10 tips to protect your business from cybersecurity attack. Learn from the experts in cybersecurity services to boost your cyber defenses!
We take a close look at some of the most common cybersecurity myths. Believing in these myths can put your business at risk, so they’re well worth...
What is an API? And how do you secure it? Post the Optus Data Breach it is essential your business knows how to secure its APIs from cyber criminals.
A complete guide to role-based access control. Learn why role-based access is important, its benefits, and how to implement it effectively.
This month Optus fell victim to a major cyberattack, here is everything you need to know about it, as well as steps you can take to avoid being next.
What are zero-day vulnerabilities? Understand what they are and how best to protect your SME business against them.
The Essential Eight was introduced by the ASD and published in 2017. Read this article to learn more about what it is and how it can help your...
Worried about a data breach? Here is an expert guide on how to respond to a data breach to help you out.
Multiple vulnerabilities have been discovered in Microsoft products.
A Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution.
Discover the most common remote working cyber security risks and how you can protect your business. We look at remote working cyber security.
What’s the difference between a CIO and a CISO and what does it mean for your business? Find out the best way to build your cybersecurity structure.
Cyber threats are growing rapidly, find out what the key threats to your industry are.
A cybersecurity vulnerability if exploited can compromise the entirety of your organisation, find out what the signs are.
Social Engineering is a severely damaging major cyber security threat, find out about the different types and how they can be prevented
The threat landscape is getting more complex, find out what the latest cybersecurity trends are so you can plan for the future.
Human errors in cyber security are much more common than you might think. Here are some of the most common cyber security mistakes.
When facing a cyber attack, there are a number of general steps that your business needs to take in the event of a cyber attack.
Both in-house and outsourced solutions can develop a comprehensive cyber security plan for your business, so which do you choose?
What is SOC as a service? Find out with this simple guide and discover some of its many benefits. SOCaaS is one of the best ways to protect your...
The importance of awareness and education when it comes to cyber security and how your business can improve it amongst its employees.
What is a cybersecurity framework, and why are they so important? We take a look at some different frameworks and find out why they’re a big deal for...
Understand Cybersecurity-as-a-service (CSaaS), and why this could be the best option for businesses today as they face a rising risk of data breaches.
Is dark web monitoring worth it? We take a look at what it is, how it works, and whether or not you should be investing in dark web security...
Find out if your business is vulnerable and start identifying cybersecurity risks today. Here’s what to look out for!
Every organisation should have a Cybersecurity Emergency Plan that helps them identify, contain and eliminate cyberattacks.
A penetration test is an effective method of simulating a cyber attack on your organisation, but how is it done? This article aims to answer this...
Understanding the impact of cybercrime on a business and the benefits of a cybercrime business continuity plan are vital. We can help | StickmanCyber
Learn how threat hunters identify suspicious activities and behaviors, as well as locate threats that may have already breached a business's systems.
Understanding different types of hacking is the key to developing protocols to keep your business safe from malware, phishing, VoIP hacking & more.
Learn how to prevent hacking for SMBs, and how SMB cybersecurity might look different compared to larger companies.
Learn the importance of having a strong cybersecurity strategy in place, and the steps to develop a strong cybersecurity strategy
Learn about the top cybersecurity best practices for employees, so that the information security of your business is upheld.
What is Cybersecurity as a service? Answers to this and other questions about CSaaS here | StickmanCyber
Learn more about Proactive Cybersecurity Measures: How to Prevent Cybersecurity Attacks.
Learn about the changes to the ISO 27001:2022 standard’s eventual release later this year and the recently implemented changes to ISO 27002.
Learn how the two information security standards, ISO 27001 and APRA CPS 234 can benefit your business and what makes them different.
With the alarming increase in cyber threats, it is crucial that businesses implement Identity Access Management solutions, here is an introduction.
Threat hunting helps organisations identify security threats that get past their initial endpoint defences. This article explores its benefits.
Learn why cybersecurity is especially important for your business in today's world.
Learn more about cybersecurity governance, risk, and compliance (GRC) with StickmanCyber.
Is your company in alignment with accepted cybersecurity compliance standards? Learn more at StickmanCyber
Learn more about cybersecurity and why cybersecurity is important. StickmanCyber can help
Confused about the difference between Cybersecurity and Information Security? Learn more about them here!
A proactive approach to cybersecurity is essential. With modern organisations inundated with a variety of threats, you need comprehensive solutions...
As hackers become more sophisticated and data breaches become more widespread, board members become more involved with cyber security. Just one...
An astonishing 9.1 billion data records have been either lost or stolen globally since 2013. Over 1.4 billion were lost just in March 2017 alone....
Penetration testing should be a vital part of an organisation's cybersecurity strategy, read this article to find out why it's so important.
We live in the era of cloud computing. Consumer and business computing has been severely influenced by the emergence of cloud computing and cloud...
Hacking will happen. Being proactive is the only way to stay safe. There is only one way to achieve complete cyber security: by planning ahead.
ISO 27001 is the de-facto international Information Security Management System (ISMS) standard and is deployed globally, read this article for a deep...
Cybercrime is on the rise and is expected to cost roughly $6 trillion annually through 2021, according to Cybersecurity Ventures.
Penetration testing should be a part of your software development lifecycle, this article aims to explain why businesses should prioritise it.
Cybersecurity is thought of as the responsibility of the IT team, however, cybersecurity should be everyone's responsibility across an organisation.
Get an accurate estimate of the PCI DSS compliance cost - the different factors that determine total cost, and how to calculate the cost for your...
DoS, or denial of service attack, is an attempt to suspend the services of an online host by flooding the target with excessive and unnecessary...
Achieving and maintaining ISO 27001 certification gives your clients a guarantee that your organisation has used best-practice information security...
A Cybersecurity Strategy is a plan of action designed to maximise the security and resiliency of your organisation, why is it important?
This article explores how companies can benefit from adhereing to the 14 domains outlines by the ISO 27001 certification.
The General Data Protection Regulation (GDPR) will forever change how organisations process customer data, defined as “any operation or set of...
Know about a few common threat hunting misconceptions that businesses typically come across, and the truth behind them all.
Qualified Security Assessor (QSA) are firms certified by PCI SSC to assess PCI DSS compliance. Here are some of the frequently asked questions about...
Organisations can take years to recover from a data leak on the dark web. Here are five key ways to keep your information away from the dark web.
Know what is dark web monitoring, and the five key benefits it can bring to your organisation in terms of preventing misuse of business-critical...
Understand the top 5 privileged access management best practices that help organisations ensure that access to business systems is managed securely
Find out the common dark web misconceptions and know what is the reality about the dark web and how it operates.
Know what is the dark web, what activities happen in the dark web, and in what cases it might be a danger foor your organisation.
Understand the top five privileged access management challenges and how to get around those in your organisation.
Make sure your teams are prepared to deal with cybersecurity breaches in the right manner, with these 5 key incident response best practices.
Know what is Privileged Access Management - the basics of privileged accounts, the difference between PAM & IAM, and why businesses should focus on...
Understand 2 of the most well-known incident response frameworks that organizations use to create standardized response plans - NIST and SANS
Here is a basic 5-step incident response template that you can use as a base to build your incident response plan customised to your unique business...
Understand what is incident response, its key elements, why it's important and who is responsible for incident response within the organisation.
Understand the complete threat intelligence lifecycle, from planning to execution and feedback - and know how to do it for your business.
Here are four questions your organization needs to ask third-party vendors and partners, to ensure APRA CPS 234 compliance.
An APRA CPS 234 checklist to give organisations a ready reckoner of all the related requirements they need to keep up with.
Understand what is APRA CPS 234, understand if it applies to your organisation, and which elements to focus on, to ensure compliance.
Understand the different types of phishing attacks, the difference between them, learn how they work, and the best ways to combat them.
Get a closer look at how and where actionable threat intelligence can be leveraged to ensure cybersecurity within your organisation.
Understand one of the oldest social engineering attacks in the book. Know what is phishing, how it evolved, and how to prevent phishing attacks.
Understand the 22 key ISM cybersecurity guidelines to help intelligently set up your cybersecurity systems and strategy.
Here's a list of 8 systems & policies that can be put in place so organisations prevent social engineering attacks, beyond what individual employees...
Understand Wireless Network Penetration Testing, what it entails, and how it can secure your business against cyberattacks.
Here's a list of 6 quick things to remember so you can identify and prevent social engineering attacks.
Understand the Information Security Manual recommended by the Australian Signals Directorate, its core principles & a maturity model for...
Everything you need to know about the PCI DSS standard, how it applies to your business environment, and how a QSA can help you get compliant.
Internal networks & applications must be secured against breaches. Here's all you need to know about internal penetration testing & how to get it...
Know what is social engineering and how it works. Know the common types of social engineering attacks and how to prevent them.
Trusting the wrong person, or failing to choose a CREST accredited partner can lead to these 5 common penetration testing risks. Take a look.
Everything you need to know about Web Application penetration testing and why it's important to get one done, to secure your business.
Follow this PCI DSS compliance checklist comprising of 8 actions that will help your organisations get ready for the final audit
Understand the differences between penetration testing & vulnerability scans, & how to best utilise both to improve your network and application...
Understand the differences and know how to make the right choice between the NIST framework vs. ISO 27001, for your business.
Understand the top five PCI DSS benefits, and know how to continuously ensure compliance with some top tips.
Understand the different types of penetration testing know which one your business requires.
Here are some of the reasons why Penetration Testing is important at different stages of the software development lifecycle, to create a secure...
Know the 6 core NIST framework benefits and understand the impact a strategic cybersecurity management approach can make on your business.
How to align your business processes with the NIST framework? Here are 5 steps to nail the NIST framework implementation for your organisation.
All about CREST & the top 5 benefits of a CREST accredited partner for penetration testing - trained testers, increased customer confidence & more.
The PCI SSC has designed different questionnaires for different merchant types. The 9 types of PCI DSS Self-Assessment questionnaires you need to...
Proactively identify cybersecurity gaps and fix them before they are exploited by malicious actors - understand what is a pen test & how it's done
Get experts on the job and ensure effective but cost-effective cybersecurity - that and a few other compelling reasons to outsource your...
Regardless of how many transactions you handle, PCI DSS is a must. Here are 5 consequences your business might face for PCI DSS non-compliance.
Here's all you need to know about the NIST framework functions - explained by a team that's helping businesses align with the NIST framework
Know the 12 key PCI DSS requirements. Understand how to identify which merchant level your business falls in & the relevant compliance tasks you need...
We take a look at the 7 common ISO 27001 misconceptions and share why it's important and how to simplify compliance and certification proocess
From complex threat environments t evolving cybersecurity requirements - we dive into 4 key reasons why every organisation needs to have a CISO on...
Know what is the NIST framework, understand its components, and how it can help businesses secure their assets, systems, and processes.
Understand the CISO role in depth we look at 10 key functions that a CISO performs and how that's crucial to ensuring cybersecurity for your...
Take look at the ISO 27001 controls and understand how it resolves key organisational challenges around information security management
Understand what is a CISO, what is their role in an organisation, and why they are crucial to a robust cybersecurity setup for your business.
Everything you need to know about PCI DSS - history, what is PCI DSS compliance, the kind of data it protects, and understanding if your business...
Are your IT systems and processes secure? Understand what is ISO 27001 certification and the six key benefits it delivers for your business.
Here's why you should hire a cybersecurity firm to help secure you business-critical information and prevent disruption.
Know how managed security operations can help ensure proactive protection against cybersecurity threats.
Find out the benefits of having a cybersecurity firm that offers holistic security services.
Know what is threat intelligence when it comes to cybersecurity. Understand why it's important, how it benefits your business and more.
Know why threat intelligence sharing is a good way for organisations to gain the upper hand over cybercriminals, and learn the best practices for...
Access a broad range of expertise with a certified Cybersecurity Consultant as part of your cybersecurity team from StickmanCyber.
Understand how to securely use communication channels like Zoom in the WFH scenario brought about by Covid-19
A look at the PCI SSC guidelines on remote PCI DSS assessments
Let's take a look at what PCI DSS compliance is, and how your business can get compliant
An in-depth look at Penetration testing, why it's critical, and how StickmanCyber's expert teams conduct penetration testing for businesses.
StickmanCyber is a CREST ANZ member company with proven technical capabilities, high quality of service, and a commitment to integrity.
Security vs Compliance Security and compliance very rarely intersect – but are often misconstrued as being two sides of the same coin. Many...
Implementing the right cybersecurity team structure is crucial to managing your security risk and cost. Here is how to put together the perfect team.
Cyber security remains a growing area of risk for Australian organisations this year. We predict seven key cybersecurity trends for 2019, ranging...
A customer recently asked me to obtain written assurance (from a technology vendor) that this vendor’s technology has never been breached and will...
DDoS – Distributed Denial of Service (attack) is similar to road traffic jams during public riots or demonstration that cause gridlocks. In a DoS...
The risk of cyber-attacks for small and medium-sized enterprises (SMEs) Many small and medium enterprises are of the misconception that they are an...
During my professional journey as a project manager, I developed several business cases for approval. Most were approved. Some weren’t.
ISO 27001 designation formally confirms that the organisation meets physical, legal and technical controls that put Stickman on the same level as the...
Consumer-grade mobile applications have recently enjoyed excellent cut-through, whether in the consumer or business worlds.
Learn how to best invest in cybersecurity when your business has a limited budget, to ensure your information is secure.
SMBs have the exact same cybersecurity concerns as larger enterprises—perhaps even more so. Melinda Emerson writes in The Huffington Post that...
Understand DevSecOps - what it means, and how it ensures that cybersecurity is baked into the design and deployment of new software products.
Learn how to determine your cybersecurity budget, and then know the steps to ensure that you get the maximum ROI from your cybersecurity investments.
New Payment Card Industry Data Security Standard (PCI DSS) requirements officially went into effect. Here's what it means for your company.
Data breaches are costly – very costly. In fact, the average data breach sets Australian businesses back $2.82 million AUD. So it’s no wonder why so...
What is vulnerability management, what it entails, and what steps should businesses take to make sure the process is as effective as possible
Australian organisations are feeling the sting of cyber crime more than ever. Threats like malware, ransomware, DDoS and phishing attacks are running...
More than half (55 percent) of SMBs will experience a cyber attack during any given year. Even worse, 60 percent will go out of business within six...
PCI DSS is to ensure all companies that Process, Store or Transmit credit card information maintain a secure environment and protect cardholder data.
Know the cost of cyberattacks, how much businesses spend on average, and which factors to consider when deciding your cybersecurity investment...
Recent cyber attack statistics have created anxiety for businesses of all sizes. But they’re especially unsettling for smaller businesses because 43...
From penetration testing to vulnerability scans and threat hunting - a look at how cybersecurity monitoring & detection can effectively stop...
Cyber security is a concern for businesses of any of size, but it’s especially pressing for smaller companies. That’s because they tend to be more...
Know aspects of cybersecurity monitoring and detection crucial for SMBs - access control, threat monitoring, recovery planning and more.
Understand how the ISO 27001 certification can help your organisation stay safe from cyberattacks, by developing cybersecurity best practices.
Here's how StickmanCyber’s Penetration Testing identified a WannaCry vulnerability for a client, and 10 steps to help you stay secure in a similar...
Working with third-party vendors? Here's how to choose the right vendors, assess if they are PCI DSS compliant, and what steps to take if they are...
Your business has unique requirements & a generic cybersecurity strategy cannot prevent attacks. Here's how the cybersecurity by design approach can...
A quick look at everything you need to know about PCI DSS compliance in the cloud, and the roles and responsibilities of your client service...
Europe takes the lead on personal data protection. The changes are coming to Australia, and here’s what you need to know. The world is a global...
Learn why penetration testing is required to ensure your cloud is secure.
New Australian data retention laws came into effect on 13 October 2015. Here's everything you need to know.
Get a team of qualified and experienced professionals for specialised, comprehensive and practical approach towards PCI DSS compliance.
ISO 27001, written formally as ISO/IEC 27001, is an international standard for information security management. It includes a number of policies and...
Follow these guidelines to choose the right PCI QSA for your company.
Here's everything you need to know in regards to security penetration testing for PCI DSS compliance.