Security Awareness Effecting Cultural Change ISACA Northern England Chapter Meeting – 25 June 2015 Martin Smith MBE FSyI Chairman and Founder The Security.

Slides:



Advertisements
Similar presentations
Cyber Crime and Technology
Advertisements

BUSINESS RISK AND THE CLOUD START WITH MAKING CLOUD LESS CLOUDY © 2013 deRisk the Cloud / Beyond
© 2010 Deloitte & Touche LLP The Cyber-Savvy Organization: 10 Steps to a New Cyber Mission Discipline May 2010.
Security awareness and cultural change “…from bad apples to good eggs…” Martin Smith MBE FSyI Chairman and Founder The Security Company (International)
English Arabic Cyber Security: Implications of recent breaches MENOG April 2015.
© 2014 wheresjenny.com Cyber crime CYBER CRIME. © 2014 wheresjenny.com Cyber crime Vocabulary Defacement : An attack on a website that changes the visual.
What is identity theft, and how can you protect yourself from it?
STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
Mobile Technology & Cyber Threats Promoting E-Commerce in Ghana Ruby Saakor Tetteh Ministry of Trade & Industry, Ghana Sixth Annual African Dialogue Consumer.
Radware DoS / DDoS Attack Mitigation System Orly Sorokin January 2013.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Scams and Schemes. Today’s Objective I can understand what identity theft is and why it is important to guard against it, I can recognize strategies that.
Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
BTT12OI.  Do you know someone who has been scammed? What happened?  Been tricked into sending someone else money (not who they thought they were) 
DIGITAL CITIZENSHIP 6 TH – 8 TH UNIT 1 LESSON 3 SCAMS & SCHEMES What is identity theft, and how can you protect yourself from it?
Bank Crime Investigation Techniques by means of Forensic IT
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
By: Dr. Mohammed Alojail College of Computer Sciences & Information Technology 1.
COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Combating cyber-crime: the context Justice Canada March 2005.
SWAMI Threats, vulnerabilities & safeguards in a World of Ambient Intelligence David Wright Trilateral Research & Consulting 21 March 2006.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.
PUBLIC HEALTH WORKFORCE LINCOLNSHIRE GOVERNMENT Isabel Perez, Consultant in Public Health 17 th June 2014.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Information Warfare Playgrounds to Battlegrounds.
Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.
Susan Lloyd-Selby Senior Project Manager - Value Wales Uwech Rheolwr Prosiectau - Gwerth Cymru National Disability Authority of Ireland September 2011.
Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.
BTT12OI.  Do you know someone who has been scammed online? What happened?  Been tricked into sending someone else money (not who they thought they were)
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
Information Warfare Playgrounds to Battlegrounds.
Territory Insurance Conference, resilient future Mr Ralph Bönig, Special Counsel, Finlaysons Cyber Times and the Insurance Industry Territory Insurance.
FFIEC Cyber Security Assessment Tool
A global nonprofit: Focusing on IP Protection and Anti-Corruption Sharing leading practices based on insights from global companies, academics, organizations.
West Midlands Police response to Cybercrime: Local, Regional and National capabilities DCI Iain Donnelly.
INTRODUCTION & QUESTIONS.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Friday 22nd April 2016 DS Chris Greatorex SEROCU
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
By. Andrew Largent COSC-480. Upstream Intelligence (UI) is data about IP’s, domains and Autonomous System Numbers (ASN) acting or representing the presence.
Program Overview and 2015 Outlook Finance & Administration Committee Meeting February 10, 2015 Sheri Le, Manager of Cybersecurity RTD.
When things go wrong: reducing the risk of FCA enforcement action Birmingham 2016 Insurance and Financial Services Conference Wednesday, 18 June 2016 Jonathan.
CYBER CRIME  any criminal act dealing with computers and networks (called hacking). Additionally, cyber crime also includes traditional crimes conducted.
CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.
Cyber Security Zafar Sadik
Cybersecurity, competence and preparedness
Advanced Income Tax Law
Organised Crime in New Zealand
GCSE ICT SECURITY THREATS.
Cyber Security: State of the Nation
Computer Crime CJ 520 / CJ October 27, 2010.
8 Building Blocks of National Cyber Strategies
Cyber attacks on Democratic processes
SMB practice development: Security play
Cybersecurity Threats and Opportunities in Latin America
SMB practice development: Security play
Keeping your data, money & reputation safe
Tax Crime and Compliance Issues
Cyber Security Culture
Strategic threat assessment
Ethical Hacking ‘Ethical hacking’ is the branch of computer science that involves cybersecurity and preventing cyberattacks. Ethical hackers are not malicious.
Mohammad Alauthman Computer Security Mohammad Alauthman
Figuring out CyberSecurity Return On Investment
Cyber Threat Vigilance An Organizational Imperative
Presentation transcript:

Security Awareness Effecting Cultural Change ISACA Northern England Chapter Meeting – 25 June 2015 Martin Smith MBE FSyI Chairman and Founder The Security Company (International) Ltd The Security Awareness Special Interest Group

Martin Smith, The Security Company (International) Limited (TSC) and The Security Awareness Special Interest Group (SASIG) Who am I? 2

 Collaborative working  Collective experience  Cross-market intelligence  Global reach A unique partnership… SASIG

We need to work the problem, people  Our secure systems are built to perfection but are being subjected to massive external attack.  Cybercrime is rapidly increasing, data breaches are reported in the Press on a daily basis, Advanced Persistent Threat is on everyone’s lips, and IP is at grave risk.  Privacy is considered as “something of the past”.  National infrastructures are under direct threat of attack from other nation

Examine the evidence 1  The vast majority of breaches and security events occur at the most basic levels of our defences.  Most attacks succeed by subverting physical security, by exploiting sloppy housekeeping and errors in systems operations and patching, and by directly targeting people.  Social media makes social engineering easy.  BYOD is emasculating our technical defences.  Human error and ignorance amongst our workforces present an enormous gap in our

Examine the evidence 2  Every cyberattack begins with a weakness in the human firewall  Every Pen Test starts with a social engineering phase  Phishing attacks only succeed because of human

You have customers! …and as well as your employees it is equally important to include in the cybersecurity conversation your senior management, internal business leaders and influencers, contractors, consultants, suppliers and other third parties, peer organisations, and

Your barriers  Too much focus on technology  Senior managers don’t see the threat  Culture  HR  Fragmented reporting processes  Not my

But I haven’t got any

 Spam  Fraud  Cyber-bullying/cyber stalking  Cyber-terrorism  Piracy  Identity theft  Electronic funds transfer fraud  Illegal interception of telecommunications  ‘Stranded Traveller’ and other scams  Phishing  Pharming  Credit card fraud  Pornography/Dissemination of offensive materials  Electronic money laundering and tax evasion  Online payment and banking fraud  Electronic vandalism  …and many more What is Cybercrime…?

Old crime, new tricks…?

The cyber criminal’s profile…

Take care out there...

We know from our work over the years: Line management understanding – line managers must take ownership of security, and display leadership by example. Employee behaviour online - employees must each take ownership of their own digital footprint, and know how to shape, manage and monitor it. Employee Vigilance - employees must be vigilant to hostile activity, especially online, and know how to report their suspicions. Social Engineering – employees must understand the risks to them personally and the organisation, and recognise the techniques. Get the basics right – employees must display good security practice in their daily routines and working habits e.g. Clear Desk Policy. The minimum requirements...

Usually, it is about being eaten to death by a thousand chickens… Security is not about alligators Security is not about being killed by an alligator….

Senior management support?

Is this the response of your staff?

How big is your security department? 18

Why do cars have brakes?

The importance of awareness “Problems are never solved at the same level of awareness that created them…” Albert Einstein The human factor is the final part of the jigsaw, the key to better security and fraud prevention. Good communication is the vital oil that will make our security management and fraud prevention systems run smoothly.

Actually, people want to help…  There is an enormous willingness amongst workforces to follow good practice.  The vast majority of your workforce is intelligent, honest, hardworking and sensible. They are there to help in the fight against fraud.  To win their support, we just need to tell them what it is we want them to do in language they can understand.  We must explain the benefits of their support - “What’s in it for me?”

An opportunity for change  Our lack of focus on the people issues is at the heart of our current data security vulnerabilities. Yet this need not be a bad thing.  Effort in this area will produce rapid improvements of value far in excess of any extra investment, and that will enhance and support all our other activities from the perimeter fence and beyond right down into the source code.  It takes only a gallon of oil to make the engine run

The elephant in the room 1.The “Mark 1 Human Being” remains the greatest and continuing weakness in the entire fraud prevention regime, but at the same time can be our greatest supporter in the fight against crime. 2.Often it is the breach of trust that we must fear, not the breach of security.

Thank you…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.