Home > All, Security Issues > Security awareness is taught, not bought

Security awareness is taught, not bought

February 3, 2013 Leave a comment Go to comments

Whenever there’s a security incident, two things happen:

  • security vendors scream, ‘it happened because they weren’t using our product, so clearly you should or it will happen to you’
  • governments scream, ‘we need to enact the Cybersecurity Act/CISPA/Communications Bill/delete-as-applicable/and substitute-at-will in order to protect you, you-know-it-makes-sense’

Both have an axe to grind, and grind it they will. The only group that doesn’t have an axe is the poor bloody CISO working away at the coalface; underfunded, overworked and making do – and it’s a welcome relief to hear what it’s actually doing.

wisegateWisegate recently published a paper on CISO discussions between themselves. It followed an earlier analysis that showed a major, if not the major, threat that concerns them is their own staff awareness – or lack of awareness – about cyber security issues. This actually makes a lot of sense. Trend Micro’s study towards the end of 2012 showed that more than 90% of successful APT attacks start with spear-phishing. Spear-phishing is harmless until the target clicks on a link or opens an attachment – so if you can teach staff how to avoid being phished, then you immediately avoid possibly the most serious threat of today.

The only way you can do that is by increasing user awareness – and Wisegate’s paper, CISOs Share Innovative & Practical Ways to Improve Security Awareness, tells us how CISOs are actually tackling the problem. It’s worth reading, so I won’t give everything away here – except perhaps to point out that one of the biggest problems is silo security; the users’ view of an unapproachable arbiter of what the user can and cannot do… That needs to go. And the Wisegate report gives useful pointers on how to do it.

You can download the report from here

See also
Spear-phishing is the single biggest threat to cyber security today
Fear sells – and governments are accomplished salesmen
The art of social engineering

Categories: All, Security Issues

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s