Getting Workers To 'buy-in' To Cybersecurity

 

With the many of the major hacks still taking place through a single point of vulnerability, two security industry pros said its time for organizations to make sure their workers understand the importance of cyber security and actively take part in defending their company.

“What if instead of using APT (Advanced Persistent Threat) it were called the same stupid attack that happened last time,” said Junaid Islam, president and CTO of Vidder, explaining that IT departments generally see the same problem happening over and over and that cycle needs to be broken.

Islam, who made this comment during the ALM cyberSecure event held in NY City on Dec. 15, said there are methods to get employees to be more aware, but the effort has to be put forth.

“You have to develop a culture of security in the company. Everyone from the janitor to the CEO has to think about security all the time,” said Bob Flores, a partner at Cognito and a former CTO of the Central Intelligence Agency, at the same event. In addition, security knowledge and concern should be made part of a worker's annual review process to show how important the topic is to the company, he said.

“It's hard to make people cyber aware,” Islam said, but he went on to describe a simple and free method he has used to make the threat posed by hackers not only very clear to workers, but to develop a level of “buy in.”
Islam suggested setting up an old PC in a common area and use it to display a live feed of the inbound and outbound traffic that is going through the company's servers. When they see data requests coming from countries like the Ukraine and China it helps change the workers view of the data threat, Islam said.  

Even though having an employee fall for a phishing scam will still be hard to stop, organisations have to do more at a higher level to protect themselves. Flores and Islam recommended developing a defense based on a threat model by figuring out a company's weakness and the building the proper defense. Instead of using the SANS 20 Critical Security Controls list.

“You need to figure out needs first,” Islam said. Flores followed up adding that a company can't just buy a security software tool or hire a security consultant and believe they are safe.
SC Magazine:http://http://bit.ly/1QYHGUH

« US Banks Get Tough On Cybersecurity In 2016
Common Cyber Threats You Need To Be Aware Of (£) »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

Paessler

Paessler

Paessler is a leading worldwide provider of network monitoring software.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

RiskLens

RiskLens

RiskLens is a software company that specializes in the quantification of cybersecurity risk.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

LMG Security

LMG Security

LMG Security is a cybersecurity consulting, research and training firm.

Acuant

Acuant

Acuant is a leading global provider of identity verification, regulatory compliance (AML/KYC) and digital identity solutions.

Wizlynx PTE LTD

Wizlynx PTE LTD

Wizlynx PTE LTD is the Singapore branch of Wizlynx Group located in Singapore, offering Information and Cyber Security Services throughout the entire Asia Pacific (APAC) region.

u-blox

u-blox

u-blox deliver leading wireless technology to reliably and securely locate and connect people and devices.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Jobs Watch

IT Jobs Watch

IT Jobs Watch provides a concise and accurate map of the prevailing IT job market conditions in the UK.

Socure

Socure

Socure’s identity verification increases auto approval rates, reduces false positives and captures more fraud. In real time.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

Digital Boundary Group (DBG)

Digital Boundary Group (DBG)

Digital Boundary Group (DBG) is an information technology security assurance services firm providing information technology security auditing and compliance assessment services to clients worldwide.

Axellio

Axellio

Axellio provides economic, end-to-end cyber security solutions designed for your team, environment, and security objectives, providing packet level visibility across your network.