Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

For consumers

 

GUEST ESSAY: Cyber hygiene need not be dreary — why engaging training is much more effective

By Lise Lapointe

Instilling a culture of cyber security at your organization requires your people to maintain a high level of knowledge and awareness about cyber security risks—and that takes an effective, impactful, and ongoing security awareness program.

Related: Deploying employees as human sensors

However, a security awareness program is only as good as its content. To ensure that your end users retain core concepts and knowledge, it’s important to contextualize topics and keep your people engaged during the entire training process.

Additionally, to hold their interest, the content must be fun.These results are achieved in a few different ways. Let’s take a closer look.

Make it engaging!

First and foremost, your security awareness program’s content must be engaging. Break up lessons into bite-size morsels, and carefully divide them by topics. Keep the interface simple, and include an interactive component, such as a short quiz, in each lesson.

Also, tailor content to the user’s specific role within the organization. You might show someone in a manager role, for example,

GUEST ESSAY: AntiguaRecon – A call to train and promote the next generation of cyber warriors

By Adam Dennis

Imagine being a young person who wants a career, of whatever type you can find, as a cybersecurity professional.

Related: Up-skilling workers to boost security

Although you were born with an agile and analytical mind, you have very limited financial resources and few, if any, connections that can open doors to your future ambitions.

If you were born in a country such as the US, Canada or the UK, you might have a wider range of options despite your financial limitations.  But if you are born in Antigua, which is a small Caribbean island way out in the Atlantic, your options can be quite limiting.  Even if you managed to get a range of certifications which show that you have some skills, finding a job in your field is extremely unlikely because the market is so small and undeveloped.

High concept

Now enter AntiguaRecon which was created to teach a group of young Antiguans cybersecurity skills so that it could offer cybersecurity services around the region and in the US, Canada, and elsewhere.  It is not enough to just educate the students.  Our proof of concept will come when we get them jobs too.

The founder, Adam Dennis (that’s me!), has experience running training organizations directed at young people AND a lot of experience running startups.  In the late 1990s (yes, that long ago), I created a youth training program called YouthLink that worked with at-risk youth in Washington, DC. The program operated for five years and was covered by the Washington Post and a number of other news outlets.  Over my career, I have created three non-profits and two SaaS for profits, one of which I sold in 2005.

GUEST ESSAY — The rationale for pursuing a culture of cybersecurity– and a roadmap to get there

By Matthew T. Carr

Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others.

Related: Deploying human sensors

This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization.

For most organizations, building a cybersecurity culture is a necessary evil rather than a cherished goal. Prioritizing security means desirable cultural norms like openness, trust building, creativity, efficiency, and risk-taking might suffer.

Until a decade ago few organizations needed a cyber security culture. If the security industry catches up with adversaries, then the need for a cybersecurity culture will eventually fade away. Few will miss it.

Cybersecurity culture is a subset of the overall corporate culture. It harnesses beliefs and values to promote secure behaviors by employees in everyday work activities.

Model culture

Cybersecurity culture is necessary today because routine actions such as opening emails, responding to customer requests and using productivity software can put the organization at risk for ransomware and data breaches.

GUEST ESSAY: Here’s why a big cybersecurity budget won’t necessarily keep your company safe

By Zac Amos

The cybersecurity landscape is constantly changing. While it might seem like throwing more money into the IT fund or paying to hire cybersecurity professionals are good ideas, they might not pay off in the long run.

Related: Security no longer just a ‘cost center’

Do large cybersecurity budgets always guarantee a company is safe from ongoing cybersecurity threats?

According to research from Kiplinger, businesses are spending less money on capital equipment, especially as rumors of a mild recession in the future loom. However, organizations in 2023 know one crucial area to spend money n is cybersecurity.

Cyberattacks are becoming more frequent, intense and sophisticated than ever. In response, many businesses of all shapes and sizes will allocate funds to their IT departments or cybersecurity teams to make sure they’re well-defended against potential threats. They may incorporate tools such as firewalls or antivirus software, which are helpful, but not the only tactics that can keep a network secure.

Unfortunately, having a large cybersecurity budget does not necessarily mean a company has a solid, comprehensive security plan. Organizations can spend all they have on cybersecurity and still have pain points within their cybersecurity program.

GUEST ESSAY: Scammers leverage social media, clever con games to carry out digital exploitation

By Collin McNulty

One common misconception is that scammers usually possess a strong command of computer science and IT knowledge.

Related: How Google, Facebook enable snooping

In fact, a majority of scams occur through social engineering. The rise of social media has added to the many user-friendly digital tools scammers, sextortionists, and hackers can leverage in order to manipulate their victims.

Cybersecurity specialists here at Digital Forensics have built up a store of knowledge tracking criminal patterns while deploying countermeasures on behalf of our clients.

One trend we’ve seen in recent years is a massive surge in cases of sextortion. This online epidemic involves the blackmail of a victim by the perpetrator via material gained against them, typically in the form of nude photos and videos.

These sextortionists are some of the lowest forms of criminals, working tirelessly to exploit moments of weakness in their victims induced by loneliness and our most base-level human natures.

Since the dawn of civilization and economics, instances of fraud have always existed. Scholars have determined that the precursors of money in combination with language are what enabled humans to solve cooperation issues that other animals could not.

SHARED INTEL Q&A: Bi-partisan report calls for a self-sacrificing approach to cybersecurity

By Byron V. Acohido

A new report from the Bipartisan Policy Center (BPC) lays out — in stark terms – the prominent cybersecurity risks of the moment.

Related: Pres. Biden’s impact on cybersecurity.

The BPC’s Top Risks in Cybersecurity 2023 analysis calls out eight “top macro risks” that frame what’s wrong and what’s at stake in the cyber realm. BPC is a Washington, DC-based think tank that aims to revitalize bipartisanship in national politics.

This report has a dark tone, as well it should. It systematically catalogues the drivers behind cybersecurity risks that have steadily expanded in scope and scale each year for the past 20-plus years – with no end yet in sight.

Two things jumped out at me from these findings: there remains opportunities and motivators aplenty for threat actors to intensify their plundering; meanwhile, industry and political leaders seem at a loss to buy into what’s needed: a self-sacrificing, collaborative, approach to systematically mitigating a profoundly dynamic, potentially catastrophic threat.

Last Watchdog queried Tom Romanoff, BPC’s technology project director about this analysis.  Here’s the exchange, edited for clarity and length:

GUEST ESSAY: Could CISOs be on the verge of disproving the ‘security-as-a-cost-center’ fallacy?

By Jess Burn

This year has kicked off with a string of high-profile layoffs — particularly in high tech — prompting organizations across all sectors to both consider costs and plan for yet another uncertain 12 or more months.

Related: Attack surface management takes center stage.

So how will this affect chief information security officers (CISOs) and security programs? Given the perennial skills and staffing shortage in security, it’s unlikely that CISOs will be asked to make deep budget or staffing cuts, yet they may not come out of this period unscathed.

Whether the long anticipated economic downturn of 2023 is a temporary dip lasting a couple quarters or a prolonged period of austerity, CISOs need to demonstrate that they’re operating as cautious financial stewards of capital, a role they use to inform their choices regardless of the reality — or theater — of a recession.

This is also a time for CISOs to strengthen influence, generate goodwill, and dispel the perception of security as cost center by relieving downturn-induced burdens placed on customers, partners, peers, and affected teams.