I’ll be presenting a webinar on the use of social engineering in cyber attacks on February as part of ISACA’s CSX Cyber Security Series. See my blog post at ISACA for more details and to register.
Organizations battle daily with social engineering-based cyberattacks and unfortunately often find themselves on the losing side. What can be done? To determine this we need to step back from our technological tools and start with the psychological basis of why social engineering works and why it is a tactic of choice for cyber attackers. Armed with that knowledge, organizations can begin to mount a more effective defense.
I’ll be discussing the above during an ISACA webinar on February 23, 2016. See this link for more info and to register.
If you were waiting for a reason to start, or breath some new life into, your organization’s cybersecurity awareness program this is for you.
Recognizing the importance of cybersecurity, October has been designated as National Cyber Security Awareness Month (NCSAM). It was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.
Since its inception in 2003, under leadership from the U.S. Department of Homeland Security and the National Cyber Security Alliance, NCSAM has grown exponentially, reaching consumers, small and medium-sized businesses, corporations, educational institutions and young people across the nation.
Consider these facts from the National Cyber Security Alliance:
- Over the last 12 months, hackers have exposed the personal information of 110 million Americans (roughly half of the nation’s adults)
- 9 out of 10 adults feel consumers have lost control over how personal information is collected and used by companies
- 6 out of 10 Americans “would like to do more” to protect their personal information online
The Better Business Bureau is participating in NCSAM in an effort to do its part to make the Internet safer for everyone in our community by offering a free program to help both consumers and businesses learn the risks, how to spot potential problems and how our online actions impact our safety. It will be held at UNO’s College of Business – Mammel Hall in the Marvin & Virginia Schmid Auditorium, 6708 Pine Street, Omaha NE on Thursday, October 1st from 8:00 am – 10:00 am. Included, is a continental breakfast from 8:00 am – 8:15 am.
This event will feature presentations by Steven Baker, director, Midwest Region, Federal Trade Commission; Kristin Judge, director, Special Projects, National Cyber Security Alliance; and Ken Schmutz, supervisor, Omaha FBI Cyber Security Task Force. A panel discussion and questions from the audience will follow their individual presentations. I’ll be moderating the program and am very much looking forward to the opportunity to hear what these experts have to share.
Space is limited and registration is required. To make reservations, please go to bbbinc.org and click on the “Cyber Security” image. For more information, call 402-898-8550 or 800-649-6714 #8550.
When you think about it sometimes our attention gets locked on our risk assessment programs and we neglect our more fundamental risk management activities. Focus is typically good but in this case overlooking, or rushing through, some initial aspects of risk framing can negatively impact the very same risk assessments you are attempting to focus on. Three areas are especially important:
- Incorporating cyber risk into your overall risk management program
- Ensuring you focus your program on the correct assets
- Implementing a balanced set of security controls
I’m going to be talking about this issue at the upcoming ISACA CSX Conference in October. ISACA has published my introductory thoughts on their ISACA Now Blog.