This was the title of my last post on the SecurityVibes website and relates to the July 4th cyber attacks on the US government that allegedly brought down several US government departments for days. There were several lessons to be learned from this attack but the one I want to focus on is the one that most organisations either don’t do or pay lip service to.
It isn’t technologically sexy, it doesn’t need to be costly, it vastly reduces the attack vector for botnets but if done badly can result in it being a total waste of everyone’s time. What is it?
On-going user security awareness education.
You see I’ve lost you now. Just because I didn’t talk about how easy it is to subvert SSL or the latest incarnation of Koobface or how the current Microsoft Directshow vulnerability is leading to more systems being compromised. Security Awareness Training is not sexy but it is vital and if it is not done correctly ends up being boring to the users and soon forgotten as a memory of something that wasted their work time.
However it is so absolutely crucial that organisations begin to understand its importance for their security posture that ENISA (the European Network and Information Security Agency) made it a top priority to get this message across to their member states in protecting Europe from Cyberwarfare, offering them free awareness videos and posters if that’s what it will take to help organisations put together a security awareness programme. At their conference in London, they brought in senior executives from international organisations to talk about what worked for them which resulted in a plethora of articles on top tips for organisations to implement a workable programme.
If you want to see what is possible in communicating simple messages to users then just think about how many times we tell users not to share or give away their passwords…yet they still do. Now have a look at how Barclays Bank have done it in this one and half minute video.
Because this aspect is so crucial to reducing the internal threat, cybercrime, the impact of employee related theft from the recession and system infections, I’ve listed some references below to free articles we’ve recently produced on this subject. Please do think about your security awareness posture. It is vital to yours and everyone else’s organisational and national security.
References
SecurityVibes Article: Security Awareness Initiatives: Top Lessons Learned from CISOs 1
http://bit.ly/XFghk
SecurityVibes Podcast: James Gay, CISO for Travelex on User Education
http://bit.ly/ngJkC
SecurityVibes Article: Going for a coffee? Lock Your Desktop First
http://bit.ly/27upN
Tags: cybercrime, cyberwarfare, ENISA
|
- UI: The Ultimate Muscle
I guess you could call the iPhone the beginning of...
10-6-2011UI: The Ultimate Muscle
We're still very much in the Web 2.0 era and you'r...
10-6-2011Security In the Golden Age Of The Internet
George is an amazing man with some deep understand...
9-13-2011Security In the Golden Age Of The Internet
Sometimes what you learn in high school is not onl...
9-13-2011Looking Forward: The Great American Red Herring
I would say that at least half of those who regist...
9-13-2011
