Getting Workers To 'buy-in' To Cybersecurity

Uploaded on 2015-12-30 in NEWS-Cybersecurity News, FREE TO VIEW

 

With the many of the major hacks still taking place through a single point of vulnerability, two security industry pros said its time for organizations to make sure their workers understand the importance of cyber security and actively take part in defending their company.

“What if instead of using APT (Advanced Persistent Threat) it were called the same stupid attack that happened last time,” said Junaid Islam, president and CTO of Vidder, explaining that IT departments generally see the same problem happening over and over and that cycle needs to be broken.

Islam, who made this comment during the ALM cyberSecure event held in NY City on Dec. 15, said there are methods to get employees to be more aware, but the effort has to be put forth.

“You have to develop a culture of security in the company. Everyone from the janitor to the CEO has to think about security all the time,” said Bob Flores, a partner at Cognito and a former CTO of the Central Intelligence Agency, at the same event. In addition, security knowledge and concern should be made part of a worker's annual review process to show how important the topic is to the company, he said.

“It's hard to make people cyber aware,” Islam said, but he went on to describe a simple and free method he has used to make the threat posed by hackers not only very clear to workers, but to develop a level of “buy in.”
Islam suggested setting up an old PC in a common area and use it to display a live feed of the inbound and outbound traffic that is going through the company's servers. When they see data requests coming from countries like the Ukraine and China it helps change the workers view of the data threat, Islam said.  

Even though having an employee fall for a phishing scam will still be hard to stop, organisations have to do more at a higher level to protect themselves. Flores and Islam recommended developing a defense based on a threat model by figuring out a company's weakness and the building the proper defense. Instead of using the SANS 20 Critical Security Controls list.

“You need to figure out needs first,” Islam said. Flores followed up adding that a company can't just buy a security software tool or hire a security consultant and believe they are safe.
SC Magazine:http://http://bit.ly/1QYHGUH

« US Banks Get Tough On Cybersecurity In 2016
Common Cyber Threats You Need To Be Aware Of (£) »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Miller Group

Miller Group

Miller Group is an IT managed service provider. We proactively monitor and manage your entire business computer network. Services include backup & recovery and cyber security.

Sucuri

Sucuri

Sucuri have offered holistic website security solutions since 2008 including malware removal, malware monitoring and website protection services.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

IPQualityScore (IPQS)

IPQualityScore (IPQS)

IPQS anti-fraud tools provide a real-time fraud score to analyze how likely a user or visitor is to engage in fraudulent behavior.

Red Alert Labs

Red Alert Labs

Red Alert Labs is an IoT security provider. We created an independent security lab with a disruptive business offer to solve the technical and commercial challenges in IoT.

Concordium

Concordium

Concordium aims to build the world’s leading open-source, permissionless, and decentralized blockchain with built-in user identity at the protocol level.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

Qualcomm Technologies

Qualcomm Technologies

Qualcomm invents breakthrough technologies that transform how the world connects, computes and communicates.

Glocomms

Glocomms

Glocomms is a leading specialist recruitment agency for the tech sector, providing permanent, contract, and multi-hire recruitment from our global hubs in San Francisco, New York, London and Berlin.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

CyberScotland

CyberScotland

The CyberScotland Partnership is a collaboration of key strategic stakeholders, brought together to focus efforts on improving cyber resilience across Scotland in a coordinated and coherent way.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Celebrus

Celebrus

Celebrus Fraud Data Platform, by D4t4 Solutions, works with existing fraud structures to augment functionality and turn fraud management into true fraud prevention.

Borwell

Borwell

Borwell delivers software and IT solutions to the UK MoD and to UK Government departments, which are secure by design.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Tamnoon

Tamnoon

Tamnoon is the Managed Cloud Detection and Response platform that helps you turn CNAPP and CSPM alerts into action and fortify your cloud security posture.