Tag Archive for: tank

Security Think Tank: In 2023, we need a new way to cultivate better habits

/in


How are those New Year’s resolutions working out for you? With 2023 now well underway, many of your best intentions for the year may have already been adjusted, deferred or abandoned entirely. You’re only human, after all.

It’s often the same with employee cyber security training. At many organisations, staff are required to complete a training course once or twice a year. The content is typically very corporate, and the narration is relatively generic. These sessions will typically cover a lot of ground in a short period, explaining common cyber security risks, presenting corporate policies and highlighting best practices for keeping data and systems safe.

If the session is well-designed, if it’s delivered engagingly, and if employees give it their full attention — and that’s a lot of ‘ifs’ already — then participants may leave with the best of intentions to put their new-found knowledge to use. But soon, the pressures of working life or good old-fashioned forgetfulness kick in, scuppering their resolve. They quickly slip into the same old bad habits, paying less attention as they work fast, trying to do three things at once, consequently becoming more susceptible to social engineering attempts.

That’s why I think that, in 2023, we need to go much further than just periodic online cyber security training if we are going to help our workforce get out in front of the bad guys. We need a newer, better approach.

Atomic habits

With this in mind, I recently revisited Atomic Habits by James Clear, a number one New York Times bestseller with 10 million copies sold worldwide. In his book, the author argues that real transformation comes from the compound effect of making regular small changes to behaviour. He calls these ‘atomic habits’.

As a CISO, I see how this approach could work well with corporate cyber security. Of course, periodic training sessions may still have their place, but a culture of cyber awareness can only flourish when employees are encouraged to keep on track and adhere to best practices through regular, timely nudges in the right direction.

So what might this look like? For me, it’s about embedding security reminders, alerts and…

Source…

Security Think Tank: Reframing CISO-boardroom relations

/in


The year 2021 was touted as a time to step back and review decisions that organisations had made in haste at a time of crisis that materially impacted their risk profile. The events of 2020 saw a major upheaval in the business landscape around the globe, placing high expectations on information security teams to protect organisations’ information, while enabling a disorientated remote workforce to continue business operations securely.

To accommodate new business requirements, digital transformation plans were accelerated, new technologies were adopted with minimal due diligence, and temporary measures were put in place to limit disruption to the supply chain. It was inevitable that the speed of those changes would introduce opportunity for risk.

Ideally, organisations would have moved from responding and adjusting to the global pandemic, to a new era of resuming “normal” operations that would allow business to get back in control and look to the future. But disruption did not wane as governments worldwide continued to yo-yo between lockdowns, partial lockdowns and easing of restrictions, cementing hybrid working as a permanent fixture – perhaps the only certainty for chief information security officers (CISOs) and their teams.

This serves to highlight a lesson for risk and security practitioners – the speed of digital business, coupled with an uncertain world, means we can never truly be in complete control of risk. We must continue to rethink how we work with business to maintain information risk within acceptable, but dynamically changing, levels of tolerance.

Information security practitioners need to be nimble, conciliatory and creative to keep pace with the rate of digital transformation, business innovation and the constant flux in working arrangements. Planning for normality is futile – expecting the unknown will enable both parties to deliver a rapid response that is more informed and assured.

For many CISOs, the pandemic meant they suddenly had the ear of the board and secured long-awaited investment to implement high-priority initiatives that met business demands. As threats morph, regulatory requirements tighten and attackers become more stealthy in…

Source…

“Shark Tank” TV star loses almost $400,000 in Business Email Compromise scam

/in

Barbara Corcoran, one of the business moguls who head up the judging team on US TV’s “Shark Tank” investment show, has lost nearly $ 400,000 to an email scammer.

Read more in my article on the Hot for Security blog.

Graham Cluley

Analysis | The Cybersecurity 202: U.S. should counter Russia and China hacking with its own influence operations, think tank says – The Washington Post

/in

Analysis | The Cybersecurity 202: U.S. should counter Russia and China hacking with its own influence operations, think tank says  The Washington Post

The Foundation for Defense of Democracies says nothing else is working.

“chinese hackers” – read more