As a Chief Information Security Officer, I get a lot of questions about the cyber security threats and what worries me most. I field questions about Anonymous, geo-political hackers, cyber-extortionists, malware, and the like. The questions almost always begin with the assumption that the threat is some lurking, clandestine, malicious, highly devious person or organization intent on breaching our security. For most, the perceived threat is like the stuff of thrillers.
But actually, while you were brushing your teeth this morning, you probably saw the biggest threat staring at you in the mirror. That’s right, the biggest security threat is you. Criminals will often tell you that crimes are most often crimes of opportunity. Why break into a well-lit house with a full alarm system and locked doors and windows, when the house next door is left unlit, with no security system, and open ground-floor windows? Why make criminal activity hard when often it is so easy? So too with cyber crime.
Most cyber criminals want easy access. They want a password, network access, unsecured mobile devices. And sadly, too often, employees provide easy access – not willfully or as part of some nefarious crime ring -- but simply out of failure to follow good security practices.
Getting employees to understand good security practices and more importantly, how those practices apply to them personally is a real challenge. Theoretical understanding and personal understanding are two different things.
Sadly, it often takes a security threat or breach to open our eyes to the importance of good security practices. But keeping that knowledge “top of mind” is an uphill battle. How many had an interest in passwords when the Heartbleed story broke? But a few months later, even though the media has reported many systems remain vulnerable to Heartbleed, the interest in passwords has waned again.
So let’s look at how we can make good security practices a part of our daily routine – like brushing our teeth. And let’s see champions of cyber security smiling back at us in the mirror each morning.
Share how you’ve raised personal understanding of cyber security practices in your company…