Getting Workers To 'buy-in' To Cybersecurity

Uploaded on 2015-12-30 in NEWS-Cybersecurity News, FREE TO VIEW

 

With the many of the major hacks still taking place through a single point of vulnerability, two security industry pros said its time for organizations to make sure their workers understand the importance of cyber security and actively take part in defending their company.

“What if instead of using APT (Advanced Persistent Threat) it were called the same stupid attack that happened last time,” said Junaid Islam, president and CTO of Vidder, explaining that IT departments generally see the same problem happening over and over and that cycle needs to be broken.

Islam, who made this comment during the ALM cyberSecure event held in NY City on Dec. 15, said there are methods to get employees to be more aware, but the effort has to be put forth.

“You have to develop a culture of security in the company. Everyone from the janitor to the CEO has to think about security all the time,” said Bob Flores, a partner at Cognito and a former CTO of the Central Intelligence Agency, at the same event. In addition, security knowledge and concern should be made part of a worker's annual review process to show how important the topic is to the company, he said.

“It's hard to make people cyber aware,” Islam said, but he went on to describe a simple and free method he has used to make the threat posed by hackers not only very clear to workers, but to develop a level of “buy in.”
Islam suggested setting up an old PC in a common area and use it to display a live feed of the inbound and outbound traffic that is going through the company's servers. When they see data requests coming from countries like the Ukraine and China it helps change the workers view of the data threat, Islam said.  

Even though having an employee fall for a phishing scam will still be hard to stop, organisations have to do more at a higher level to protect themselves. Flores and Islam recommended developing a defense based on a threat model by figuring out a company's weakness and the building the proper defense. Instead of using the SANS 20 Critical Security Controls list.

“You need to figure out needs first,” Islam said. Flores followed up adding that a company can't just buy a security software tool or hire a security consultant and believe they are safe.
SC Magazine:http://http://bit.ly/1QYHGUH

« US Banks Get Tough On Cybersecurity In 2016
Common Cyber Threats You Need To Be Aware Of (£) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DKCERT

DKCERT

DKCERT (Danish Computer Security Incident Response Team) is a service of DeIC (Danish e-Infrastructure Cooperation).

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

Wilson Sonsini Goodrich & Rosati (WSGR)

Wilson Sonsini Goodrich & Rosati (WSGR)

WSGR is the premier provider of legal services to technology, life sciences, and growth enterprises worldwide. Practice areas include cybersecurity and data protection.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

TUV Sud

TUV Sud

TÜV SÜD is one of the world's leading technical service organisations. Services offered include industrial cyber security.

Conscia

Conscia

Conscia provides IT infrastructure solutions and 24/7 services in network, data center, security and mobility.

A-LIGN

A-LIGN

A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to mitigate cybersecurity risks.

Aporeto

Aporeto

The Aporeto platform protects cloud applications from attack by authenticating and authorizing all communications with a cryptographically signed identity assigned to every workload.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

TekSek Cyber Security

TekSek Cyber Security

Preparing you for tomorrow's security threats.

ACL Digital

ACL Digital

ACL Digital, an ALTEN Group company, is a leader in design-led digital experience, innovation, enterprise modernization, and product engineering services converging to Technology, Media & Telecom.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

Accelerynt

Accelerynt

Accelerynt was founded with a singular purpose: help teams like yours build cybersecurity resilience.