Getting Workers To 'buy-in' To Cybersecurity

Uploaded on 2015-12-30 in NEWS-Cybersecurity News, FREE TO VIEW

 

With the many of the major hacks still taking place through a single point of vulnerability, two security industry pros said its time for organizations to make sure their workers understand the importance of cyber security and actively take part in defending their company.

“What if instead of using APT (Advanced Persistent Threat) it were called the same stupid attack that happened last time,” said Junaid Islam, president and CTO of Vidder, explaining that IT departments generally see the same problem happening over and over and that cycle needs to be broken.

Islam, who made this comment during the ALM cyberSecure event held in NY City on Dec. 15, said there are methods to get employees to be more aware, but the effort has to be put forth.

“You have to develop a culture of security in the company. Everyone from the janitor to the CEO has to think about security all the time,” said Bob Flores, a partner at Cognito and a former CTO of the Central Intelligence Agency, at the same event. In addition, security knowledge and concern should be made part of a worker's annual review process to show how important the topic is to the company, he said.

“It's hard to make people cyber aware,” Islam said, but he went on to describe a simple and free method he has used to make the threat posed by hackers not only very clear to workers, but to develop a level of “buy in.”
Islam suggested setting up an old PC in a common area and use it to display a live feed of the inbound and outbound traffic that is going through the company's servers. When they see data requests coming from countries like the Ukraine and China it helps change the workers view of the data threat, Islam said.  

Even though having an employee fall for a phishing scam will still be hard to stop, organisations have to do more at a higher level to protect themselves. Flores and Islam recommended developing a defense based on a threat model by figuring out a company's weakness and the building the proper defense. Instead of using the SANS 20 Critical Security Controls list.

“You need to figure out needs first,” Islam said. Flores followed up adding that a company can't just buy a security software tool or hire a security consultant and believe they are safe.
SC Magazine:http://http://bit.ly/1QYHGUH

« US Banks Get Tough On Cybersecurity In 2016
Common Cyber Threats You Need To Be Aware Of (£) »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

Intertek Group

Intertek Group

Intertek Group provides Assurance, Testing, Inspection and Certification services. Activities include cybersecurity testing and certification.

BlueVoyant

BlueVoyant

BlueVoyant's Cyber Defense Platform is security operations platform that provides real-time threat monitoring for networks, endpoints, and supply chains.

Shape Security

Shape Security

Shape Security provide best-in-class defense against malicious automated cyberattacks on web and mobile applications.

GuardSI

GuardSI

GuardSI was created to protect companies from growing threats to security such as fraud, hacking, internal theft, accidents and human mistakes that can directly affect the business.

Eaton

Eaton

Eaton provides comprehensive cybersecurity services for operational technology (OT) to help keep your operations and personnel safe.

CybX Security LLC

CybX Security LLC

CybX is the first company of its kind to merge the practice of computer forensics with computer security and information security.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

CyberFOX

CyberFOX

CyberFOX is a global cybersecurity solutions provider focused on identity access management (IAM) for managed service providers (MSPs) and IT professionals.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

Iron EagleX

Iron EagleX

Iron EagleX deliver engineering solutions in cloud computing, big data, cyber, and machine learning technologies to US Government customers.

Axoflow

Axoflow

Axoflow helps organizations to consolidate their existing solutions for logs, metrics, and traces, and evolve them into a cloud native observability infrastructure.