Humans – your weakest link or your strongest shield?

By | Cyber security | No Comments

Humans - your weakest link or greatest shieldThe other day I was in a meeting with one of the UK’s most powerful financial organisations. I’d been invited in to talk to the team about the latest market trends and what I was seeing. We talked about many things like ransomware, the sophistication of today’s attackers, new technology solutions, regulation (like GDPR), and the diversity and talent within our ecosystem. Then I brought up internal threats, specifically people.

I asked them if they’d humour me for a few minutes and they agreed.

“Close your eyes,” I said.

“I want you to step into another’s shoes – someone who works at your company.

Imagine what it feels like to be told that you’re a weak link.

A threat.

A liability.

Imagine what it feels like to have to undergo a standard security awareness training programme once a year, or more, just because of this. To know that if you fail the test you’ll have to repeat it and that you may be penalised because you’ll be endangering the organisation. Behind closed doors, some people may even be talking about you and muttering, “You can’t fix stupid.”

Chances are you’ll find this irritating, or it may even worry or upset you. Maybe these words or phrases will go through your head before or after.

Them.

Us.

Division.

Exclusion.

Elitism.

Arrogance.

A WASTE OF TIME.”

Their faces were solemn, their bodies were slumped in their seats and they all nodded their heads in agreement. I continued.

“Now let’s flip the switch.

Imagine what it feels like to be told that you’re valued.

Needed.

Strong.

Worthwhile.

Someone who can help an organisation protect its assets, defend against cyber attackers, act as a shield, and be effective.

Chances are you’d be feeling much more open to engage, learn more, and help.”

Once again they all nodded their heads but by now they were smiling and sitting more straight in their chairs. I continued.

“Let’s knock it up a level.

Imagine what would happen if you were given a voice, had an opportunity to feedback to the organisation – the security team – and suggest improvements.

The dialogue is now open.

There is no them and us.

You’re on the same team and part of something together.

What if you could be rewarded for your efforts too?

Chances are you’d be feeling much more empowered.

Valued.

Maybe you’d even be interested in learning more about cyber security – a topic that’s pretty cool right now.”

I asked them to open their eyes. By now their faces had lit up, they were fidgeting, and desperate to talk. The room was energised. They understood what had just happened, and we reviewed the human risk element, and how security awareness training programmes are being implemented.

I explained that it’s easy to get lost in our ways, to follow the crowd, and to say or do what everyone else is saying or doing. But, if everyone is thinking alike, then is anyone really thinking.

It’s much harder to challenge the status quo, and to look for better solutions. Yet, that’s what we must continually do if we’re to perform to a higher security standard, and achieve better results. We must collaborate, and use our resources more effectively, rather than divide, build walls, and maintain silos. Communication can help us do this, as it draws on language, which is where change really begins. Add in images, visuals, and sound, and you’re on your way to creating something that’s powerful, simple, and effective.

Here’s my high-level advice.

Tip 1: Define your objective. To begin, consider your objective and what you’re trying to achieve. This sounds obvious, but you’d be surprised how many fail to do this. The reason I know is because they can’t measure and evaluate the results of their security awareness training programme afterwards. Imagine how delighted the Board would be if you could communicate this as a value.

Tip 2: Assess user group profiles. Once you’ve established your objective and how you’ll measure it, look at your user groups, and their risk profiles. Go through scenarios for each group, as not everyone has the same training needs. A questionnaire, which can gauge their level of security competence in accordance with their role often helps. Spending time training users in the same vanilla way, which is usual, not only bores them, but it’s costly too. It means that they’re not being productive elsewhere in the organisation. Tailored programmes, on the other hand, maximise engagement, and their overall understanding of the problem, which enables you to deliver and measure a much more effective security awareness training programme that produces immediate value.

Tip 3: Plan your communication. Consider your communication methods, particularly your training modules. Over the years I’ve seen high quality security awareness training videos that are extremely amusing. I’ve cringed at the scenarios, and laughed a lot. They’ve made me smile, and lifted my spirits. However, although they reached me emotionally, which is what you need to do, the end result is that they often just leave everyone feeling like this – amused. Few remember what the learning lessons were shortly after. All they remember is that they laughed, which kind of defeats the objective. So, test the modules with a select and diverse user group to get their feedback prior to purchasing.

Tip 4: Adopt an entrepreneurial mindset. This means being open-minded, rather than fixed when you’re implementing the programme. Test, tweak, and get feedback from those using it. Connect with your employees, empower them, make them feel part of something, and find champions or ambassadors who can help you evangelise. We don’t know it all in security, and there’s no shame in admitting this, it’s what strong leaders do. We can always improve, and being receptive helps us avoid being blind sighted. By making your employees your strongest line of defence and telling them this, you’ll end up creating a security culture that’s onside, that innovates, adapts to evolving threats, and strengthens.

Now I want to hear from you…

  • Tell me what resonated, what you’re going to do differently, and if you’ve got more advice please let me know and share it here.

To find out more…

Please watch Microsoft Office’s Modern Workplace Episode 307, Cyber Intelligence: The human element, and hear from Dr. Jessica Barker, a cyber intelligence advisor, and Phil Ferraro, the CISO for Nielsen, on the human risk element.

Jessica will share simple steps you can take today toward motivating your organization and helping to keep security threats at bay. Phil will share five common security myths you must avoid to help keep your data secure. Together, these experts will give you insights on how you can best strategise to meet your most urgent security needs as it pertains to the human element. Plus, explore features of Office 365 Advanced Threat Protection and Windows Defender Advanced Threat Protection that will help you stay a step ahead of a potential threat.

Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this Microsoft Office Modern Workplace Episode. Because your success is important to me, I only align myself with brands I believe in, and this is one of them.

Save

Save

Save

Save

Save

Save

Save

Save

Save

My top 5 breach prevention tips – would these be yours?

By | Cyber security | No Comments

My top 5 breach prevention tips

Working in cyber security for the last 19-years has been an amazing experience. Watching the sophistication of cyber attacks, and the frequency of breaches increase, has not.

I was discussing this with a few senior cyber security leaders the other day. As we talked, we each reeled off a load of statistics, like how Lloyds of London has estimated that cyber attacks cost businesses as much as $400 billion a year, how Juniper research has predicted that the cost of data breaches will increase to $2.1 trillion by 2019, and how the World Economic Forum says the true cost is actually unknown, as industrial espionage grows, and access to confidential data goes undetected.

We also discussed how cyber criminals follow the money trail, and how SMEs make for rich pickings, as they’re typically less secure and under resourced than large organisations. According to Symantec’s 2016 Internet Security Threat Report about 1 in 40 small businesses are at risk of being the victim of a cybercrime, and attacks are intensifying.

And, then I said, “Of course it’s only when a C-level gets fired, or scrutinised in the media that everyone takes notice.” Suddenly, one of them thumped the table, and said; “You’re right. This may not be a stat, but it’s relatable!”

Although not an everyday occurrence, things like this happen. Few in the UK could forget the barrage of criticism Dido Harding, the CEO of TalkTalk Group received in 2015 when she handled a data breach, which affected about 4 million customers, who’d had their personal details stolen. But, what about the CEO and CFO of FACC, the Austrian aerospace parts manufacturer who was fired in May 2016 after a cyber fraud incident resulted in a €40.9m loss? Then, there were the CEOs from Sony and Target who were fired after hacks in 2014, and I can still remember how tongues wagged in 2011 when Betfair’s Security Director left just days after an 18-month old data breach was announced in the press.

We all agreed, but the question many of us pondered was whether this was going to worsen, especially considering new legislation, such as GDPR. Furthermore, what could be done to mitigate risks, and ensure more resilience, as cyber security isn’t about “if,” rather it’s about “when,” and whether “it’s already happening but we just don’t know about it.”

With these thoughts in mind, here are my top 5 high-level recommendations.

Read More

Women in cybersecurity: Five hard lessons I learnt in 2016 & why I’m grateful

By | Mindset | No Comments

Five hard lessons I learnt in 2016 & why i'm grateful

It’s England. It’s cold, the night is drawing in, and it’s the last day of 2016. It’s been a while since I published a blog here, as I’ve spent all year writing my book. It’s totally consumed me, but as it’s nearly finished, I’m sitting at my desk, reflecting on the year and thinking about you. I’m astounded at what I’ve achieved, how much I’ve grown, how many amazing people I’ve spoken to or met, and how quickly the year has gone by. I’d like to share some of this with you, as I’m grateful for your support, and feel I owe you so much.

Read More

Why you need to complete this survey on gender diversity in cyber security – seriously!

By | Lifestyle | No Comments
Gender diversity survey for cybersecurity

Gender diversity survey for cybersecurity

This is probably going to be one of the shortest blogs I’ve published. You see, I’m on a mission, and time is of the essence. In case you’re unaware, I’m writing a book about women in cyber security and what we can do to increase the numbers.

And, I’ll let you in on a secret.

Up until the beginning of this year, I had no idea that I’d be doing this. However, in November 2015, something stopped me in my tracks and changed my direction – slightly.

I read an (ISC)² study, entitled Women in Security: Wisely Positioned for the Future of InfoSec,’ which reported on the global information security workforce and the decreasing numbers of women within it. Shocked into writing, my blog, ‘The Future of Women in Cyber Security. How do we Increase the Numbers?’ went viral (figuratively speaking). Ironically, I had no agenda, other than to be a voice, but when people started to reach out to me, to tell me their stories, I knew I had to do more.

During the Christmas holidays, I did what most people don’t do. I wrote a 15,000 word report on the global state of gender diversity within cyber security. I laid out five challenges that I believed needed to be fixed, along with solutions. Although I’d planned to publish the report on LinkedIn, I suddenly thought, “It’s half a book. What if I interviewed women and men, and added their stories? That would be more far more interesting, and would offer more value.”

So, I messaged my publisher, and when she responded with, “You’d be mad not to,” I knew I had to take action. In April, in need of publishing funds, I started a Kickstarter project. I was adamant that I was going to succeed. I had conviction, played full-out and worked damn hard at pitching. It was easy to do – to be courageous, to put myself in front of people and companies and ask for the money, for this initiative was not about me or my business – it was for the industry. It actually stood for more than that – for society – for when we do our job effectively – we’re protecting people, countries, economies and businesses. That matters.

Within five days I’d reached my goal. I was ecstatic and proud that our community had come together to fund it. I then set another – a stretch goal – and within days had reached that too. By the end of April I’d raised £10,614.

Right now I’m spending much of my time interviewing professionals from around the world. The insights that I’ve gained have been fascinating and my work is incredibly fulfilling. Every evening and weekend I’m writing these up and researching solutions so we can address the issue. However, there’s more work to be done. Rather than drawing on data from other professions, I need fresh data, from ours. That way I can test some theories that have come about from my research. And, this is where you can help.

If you’ve not completed my survey, please do. There are only 10-questions, and they’re very straightforward. There are also boxes for you to comment in, if you so desire.

Finally, I want to explain why I’m concentrating on gender diversity. Although I fervently believe in equality and would have liked to have tackled diversity as a whole, the topic is too big. There are also other problems with it.

I recently learnt that you can’t get statistics on race or religion in France, as you’ve been forbidden to ask questions on either since 1942. Furthermore, there are 79 countries globally, where you can’t get statistics on a persons sexual orientation, as being anything other than heterosexual is illegal.

By concentrating on gender diversity, there’s existing data to draw upon. Additionally, gender diversity is the one thing that you can measure across the world. It can therefore lead the way for all diversity and inclusion opportunities.

There are countless studies that report on the economic benefits of gender diversity. For example, McKinsey and Co. have stated that we’d add another 26% or $28Tn to GGDP if we achieved gender parity by 2025. When women are in business, there’s more innovation, the likelihood for projects to stay on budget increases and profits rise. When women are in leadership positions, there’s more diversity in the workforce, more contributions are made to charities and more goods are bought locally. And, when women are politically and economically empowered societies are more stable.

Now, when women are in cyber security we benefit from greater perspective of thinking, for women do think differently to men. And, any time you have uniformity of thinking, you miss out on the most creative solutions or tactics, which can help us beat the threat actors.

But, aside from all of these reasons to employ more women in our profession, it’s just simply the right thing to do, and a lot more fun!

Now I want you to take action

  • Please complete the survey.
  • Please share it. If we work together we can achieve more!

The Future of Women in Cyber Security. How do we Increase the Numbers?

By | business start ups, Established business | 2 Comments
Women in cyber security currently amount to 10%.

Women in cyber security currently amount to 10%.

Over the years there’s been much talk about women in cyber security. For example, are there enough; are they the future of infosec; are they paid more than men; are women under-represented, and so on.

As a woman in cyber security, with a voice, I feel a heavy weight on my shoulders and compelled to write about this.

Why?

Well it’s simple. Right now, in cyber security we’re failing. All of us. Men and women.

Miserably.

It’s bad enough that we can’t attract others into our industry fast enough and train them up, but the fact that the numbers of women in cyber security are deteriorating is quite frankly unacceptable.

Cyber security has never received so much attention. Cybercrime is growing and when more people are becoming increasingly aware of protection, resilience and training you’d have thought that getting women into our profession would have been easy.

However, it’s not been and without a doubt we must reverse this trend and do a better job.

Read More

The Shocking Truth About Being A Cyber Security Entrepreneur

By | business start ups, Established business, Marketing, New business, Sales | No Comments
Thinking about being a cyber security entpreneur?

The shocking truth about being a cyber security entrepreneur

As you’re a cyber security entrepreneur or want to be, I’m going to start off with 5 exciting facts.

  • Fact 1. The world is getting bigger and busier.
  • Fact 2. Opportunities abound.
  • Fact 3. Entrepreneurship is trending and cyber security is hotter than ever.
  • Fact 4. According to the latest statistics, by 2019, this sector is set to be worth $155.74bn.
  • Fact 5. The market is maturing. It’s now threat aware and risk educated. Governments and businesses are paying attention too. For, cybercrime is costing between $300bn and $1trn in annual global losses, and it’s rising.

Read More

Cold Calling UK Law Changes & What This Means To You

By | business start ups, Established business, Sales, Selling | 3 Comments

Nerd writer received the good news

I’ve been saying this for years. Cold calling is dead. Warm calling is the future. And, today the UK Government put one more nail in the cold calling coffin as they announced a clamp down on companies who are cold calling in the UK.

The Telegraph reported today that changes to the law will make it far easier to punish offenders. Furthermore, that the directors of firms using such techniques would be liable to personal fines of £500,000, according to the Daily Mail.

Read More

Related Posts Plugin for WordPress, Blogger...
What's NOT working in your business? Find out now