News Cybersecurity CEO accused of running malware on hospital PC blabs about it on LinkedInThe Register – Brandon Vigliarolo Cybersecurity experts issue response to Trump order targeting Chris Krebs, SentinelOneCyberscoop – Greg Otto Marks & Spencer breach linked to Scattered Spider ransomware attackBleepingComputer – Lawrence …
Please welcome our newest member from Australia, Norman King!
Norman has 25+ years of experience working as a technology professional. As CTO, he has been part of the leadership team at iPartners since the company began operations in 2017. He has overseen the development of the platform from inception to a market-leading product in the alternative assets space, for the financial services sector. The company continues to grow with over $5B of FUM transacted via the platform. Norman ensures the organisation maintains an optimal cybersecurity posture.
Prior to 2017 he was CTO at VentureCrowd for three years, when he joined shortly after returning from living and working in Canada.
It is good to have you, Norman! We look forward to the expertise you bring and enabling you here at CyAN. Do not hesitate to reach out or explore Norman’s profile to grow your networks mutually.
News Ransomware Gangs Innovate With New Affiliate ModelsDark Reading – Alexander Culafi FBI: US lost record $16.6 billion to cybercrime in 2024BleepingComputer – Sergiu Gatlan Attackers hit security device defects hard in 2024Cyberscoop – Matt Kapko Ripple NPM supply chain attack hunts for private keysThe …
You’d think nation-state cyber attackers would be too busy targeting military secrets, critical infrastructure, or global financial systems to bother with your local optometrist, small engineering firm, or boutique consultancy. But you’d be wrong. As Rob Lemos in his recent Dark Reading article “Nation-State Threats …
On April 10, 2025, the German CDU/CSU centre-right and SPD centre-left parties announced their coalition agreement (PDF link, German language) for the 21st German legislative session. The 146-page document contains a wide range of policy and ideological commitments, and a “wish list” of objectives that will be subject to budgetary and legislative realities and negotiation. Due to Germany’s influence in Europe and on the global stage, both economically and politically, the incoming government’s positions bear close inspection for anyone with an interest in any of these positions.
CyAN’s comments on the document relate to our mission of enhancing information security, trust, safety, and resilience, and fall into 5 rough categories:
The coalition has expressed its desire to cut through bureaucracy, and to push increased digitalisation of records, services, and processes, in order to bring German digital capabilities up to speed and in line with other, more digitally integrated and agile countries in the European Union.
CyAN believes that improved digital services bear both opportunities and risks for German citizens, business, and society as a whole. Countries like Estonia and the Netherlands have shown that a strong culture of online services can foster entrepreneurship, digital education, and democratic engagement.
At the same time, we hope that this will not conflict with Germany’s traditionally strong focus on individual rights, particularly in the fields of privacy and criminal law. Numerous countries have shown that it is possible to reconcile digitalisation and both economic and political agility in the online sphere with freedom of conscience and expression, and respect for citizens’ natural rights.
We are encouraged by the parties’ expressed desire to:
The coalition agreement includes the following objectives:
CyAN applauds the inclusion of these elements as important steps in more effectively defending German citizens and society against electronic and information-borne threats.
The agreement makes mention of increased use of data-based surveillance and law enforcement techniques. It states that “the tense relationship between security requirements and data protection rules must be reevaluated”, and proposes the introduction of a mandatory 3-month archival duty for IP addresses and ports. Law enforcement surveillance of “data sources” is to be enabled.
This raises significant concerns for privacy and the respect for the value of end-to-end encryption. CyAN has in the past commented extensively in opposition to proposed laws in the EU as a whole, France, Sweden, the UK, the US, Japan, and elsewhere that seek to undermine encryption through backdoors or other measures. We believe these simply do not work, and bear great risk of damaging both online democracy and electronic commerce, not to mention the individual right to the privacy and integrity of one’s own data.
We also believe that the focus on law enforcement, and the implication that privacy rights should be reviewed raised the spectre of law enforcement-deployed spyware (“Staatstrojaner”). Tools such as the NSO Group’s Pegasus spyware have in the past been used by multiple authoritarian governments against dissidents. Spyware used without strong legal guardrails, and without very clear constitutional controls and judicial oversight has no place in a liberal democratic society. CyAN urges exceptional caution in the adoption of such tools, as they bear the danger of a “slippery slope” that leads to an erosion of rights to digital privacy and online freedom of expression.
On a positive note, the agreement specifically mentions both net neutrality, and the need to “protect fundamental digital rights”. We believe that the fact the new government is stresses the importance of these concepts sends an important signal.
The coalition wants to combat threats to constitutional order, including extremism. It aims to fight deepfakes and hateful content more effectively, building on Germany’s already strong legal provisions against hate speech and hateful symbols, such as StGB § 86a and § 130. Platforms are to be held liable for violations, and the EU’s Digital Services Act will to be implemented quickly and effectively. The coalition wants to pass a law against digital violence.
While CyAN welcomes moves against illegal hateful and violent content online in the interest of public safety, great care must be exercised to ensure that these do not conflict with freedoms of expression, conscience, and privacy. The agreement mentions stronger controls over media. This must not open the door to censorship of legitimate content in the interests of vague public security without very clear, consistent, principles-based rules and constitutional review.
In conclusion, the German coalition agreement contains a wide range of elements related to digital security, stability, and rights. CyAN firmly supports those policies which improve agility, individual rights, societal resilience, and prosperity. We also caution against any half-baked measures that sacrifice vital rights as part of a drive for security and safety that is not founded on evidence-based policies, and which risks compromising basic principles as well as impacting trust and safety online.
News Former cyber official targeted by Trump quits company over moveNBC News – Kevin Collier MITRE’s CVE program given last-minute reprieveitNews – Raphael Satter Whistle Blower: Russian Breach of US Data Through DOGENarativ – Zev Shalev Midnight Blizzard deploys GrapeLoader malwareBleepingComputer – Bill Toulas 4chan …
The cybersecurity world runs on shared language. We don’t often talk about it in those terms—but that’s exactly what the CVE (Common Vulnerabilities and Exposures) system is. A global taxonomy of flaws. A universal index of weakness. The quiet backbone that lets defenders coordinate responses …
This is the fourth episode of a story related to individuals who, in a matter of moments, transition from “employees” to “rescuers” in the immediate aftermath of a destructive cyberattack.
What I will call the “Heroes”!
“The problem is that sometimes operations and security don’t go together. You have to serve the business first, which is what makes the company make money. Our mission is to make operations and production work. But on top of that come the security requests. The issue is that we didn’t have the substance or the importance of what this was going to bring us. We know it’s important, but day-to-day activities take precedence..”
Excerpt From the Interview
My book is dedicated to encouraging companies to consider the human aspect in the context of cyber attacks. But coaching has only been part of my professional practice for the past 4 years. For over 25 years now, my career has been centered on helping customers strengthen their data resilience. This scenario is freely inspired by one of my corporate clients …
Typical identification factor: “It only happens to others!”
Once upon a time, there was a company with an exacerbated DNA of self-confidence, where all the energy was devoted to more business, faster, and where the only valuable thing was to say yes to business. Yes at all cost. Moreover, anyone who says no or tries to make sense is eliminated by the organization’s dynamics.
This scenario presents a lose-lose situation for the company. Despite recognizing, at the conscious level, the importance of IT security and attempting to implement a resilience strategy, the resources allotted are insufficient. The initiatives are never completed. Led by its instinct, the company prioritizes business over cybersecurity, creating a paradoxical corporate stance on cybersecurity.
This mindset frustrates those responsible for cyber resilience and embeds the notion that security measures are “costly and time consuming,” inevitably leading to internal conflicts and stress.
A losing scenario is marked by frustration among teams and between management levels due to inconsistencies between stated policies and actual practices. This creates ongoing tension around cybersecurity. Although the IT infrastructure may be effective and efficient, the company’s economic success relies on daily operations with the resources allocated at all costs to serve the client (business first). Thus, the level of cyber resilience ultimately depends on the technical staff’s motivation. Some individuals may prioritize the protection of IT systems over their own well-being and relationships, creating an unhealthy work-life balance that would need rectification.
In the face of an attack, the team’s advanced technical skills will allow for a prompt and effective response. Incident management procedures exist and are generally followed, ensuring a technologically sound reaction. However, underinvestment leads to gaps in the standard protection sequence (identification, protection, detection, response and recovery), which exacerbates both the technical and human impacts. These can range from complete system contamination to data theft and destruction.
To make up for these shortcomings, certain people may choose to become heroes, taking on additional duties and frequently going above and beyond. In contrast, others may hide their previous negligence, further exacerbating the crisis. This dynamic can happen intentionally or unintentionally.
Despite having a response strategy, these disruptions can hinder communication and objective evaluation, resulting in disputes and blunders during the rehabilitation phase.
The more significant the setbacks, the more the need for Heroes will arise. The greater the injuries, the more healing will be necessary. Each stage introduces its own disorder. During the response phase, some individuals may be marginalized and replaced by those who align more closely with management’s perspective. The technical team will execute the decisions with the help of external companies. However, there is no clear understanding of the underlying logic, leading to hesitation and indecision about the strategy. The post-crisis phase of data recovery becomes crucial if it is found that some information has been irreversibly lost. Heroes will embark on a relentless search for THE solution, striving to salvage the situation without considering the political implications.
Another complication that could exacerbate the situation is the ongoing investigation. If it turns out that the attack came from inside, this would trigger an atmosphere of distrust, secrecy, and suspicion.
Communication with customers and subcontractors will also face delays. Due to contradictory reports, there persists a cloud of uncertainty regarding the company’s trustworthiness.
Post-mortem examinations are often designed to protect a company’s image, specifically by hiding specific blunders. While this may initially seem like a deceptive tactic, it can actually enhance the company’s image of resilience. The company chooses not to disclose details of the incident, either internally or externally, in an effort to maintain its dignity.
Our heroes will find it challenging to return to normal. The human resources department will follow established procedures without acknowledging the extraordinary circumstances or the dedication displayed by some, having observed these events from a distance.
Since there is a desire to quickly move on from the incident, our heroes find themselves in a very targeted confrontation with human resources. Dismissive comments include: ‘OK, you’ve done a good job. Thank you! Here’s an extra reward to wrap things up. “Let’s get back to work.”
This response fails to adequately address the situation. Disheartened, the hero reflects on the sacrifices made for such a disappointing outcome.
The fall of the Heroes!
THINGS TO REMEMBER
Inside every company lives a silent tug-of-war: the business wants speed and innovation, security wants caution and control — and somewhere in the middle lies the fine art of staying both fast and safe.
Stay tuned for the next episode.
And don’t forget: “Cyberattacks are like glitter — once they’re in your system, they’re everywhere, and good luck getting rid of them!”
Didier Annet is an Operational & Data Resilience Specialist and a Certified Professional Coach dedicated to empowering individuals and teams to navigate the complexities of an ever-changing digital landscape.
Find him on LinkedIn: Didier Annet
Learn more in his book:
📖 Guide de survie aux cyberattaques en entreprise et à leurs conséquences psychologiques: Que fait-on des Héros ? (French Edition) – Available on Amazon
Coming soon: The English version – “What Happens to Heroes”
