APAC CIO Outlook
  • Home
  • CXO Insights
  • CIO Views
  • Vendors
  • News
  • Conferences
  • Whitepapers
  • Newsletter
  • Awards
Apac
  • Agile

    Artificial Intelligence

    Aviation

    Bi and Analytics

    Big Data

    Blockchain

    Cloud

    Cyber Security

    Digital Infrastructure

    Digital Marketing

    Digital Transformation

    Digital Twin

    Drone

    Internet of Things

    Low Code No Code

    Networking

    Remote Work

    Singapore Startups

    Smart City

    Software Testing

    Startup

  • E-Commerce

    Education

    FinTech

    Healthcare

    Manufacturing

    Retail

    Travel and Hospitality

  • Dell

    Microsoft

    Salesforce

    SAP

  • Cognitive

    Compliance

    Contact Center

    Corporate Finance

    Data Center

    Data Integration

    Digital Asset Management

    Gamification

    HR Technology

    IT Service Management

    Managed Services

    Procurement

    RegTech

    Travel Retail

Menu
    • Cyber Security
    • Software Testing
    • Procurement
    • Managed Services
    • Gamification
    • Blockchain
    • CRM
    • E-Commerce
    • MORE
    #

    Apac CIO Outlook Weekly Brief

    ×

    Be first to read the latest tech news, Industry Leader's Insights, and CIO interviews of medium and large enterprises exclusively from Apac CIO Outlook

    Subscribe

    loading

    THANK YOU FOR SUBSCRIBING

    • Home
    • Cyber Security
    Editor's Pick (1 - 4 of 8)
    left
    IAM May Help Secure Data, But It Needs to be Protected as Well

    Marc Ashworth, Chief Information Security Officer, First Bank

    The Changing Landscape of Cyber Security

    Scott Brandt, CIO & Director of IT, Texas Office of the Secretary of State

    Cyber Security - Integrated enterprise approach required to address the multifaceted challenges

    Sumit Puri, CIO, Max Healthcare

    Leadership Framework for Building Elite Teams

    Douglas Duncan, CIO, Columbia Insurance Group

    Four Cybersecurity Weak Spots You Should Care About When Others Don't

    Marc Probst, CIO & VP, Intermountain Healthcare

    Enterprise Security And The Elusive

    Andre' Allen, CISO, City of Houston

    Secure Text Messaging in an Academic Medical Center - Experience and Lessons

    Kari Cassel, SVP & CIO, UF Health

    It's Time to Turn Security Inside Out

    Gilad Raz, CIO, Varonis

    right

    Strengthen Cyber Defences Through Culture Change

    Steve Williamson, Audit Account Director, Security and Data Privacy, GSK (GSK: LON)

    Tweet
    content-image

    Steve Williamson, Audit Account Director, Security and Data Privacy, GSK (GSK: LON)

    In the cyber world, a continuous war is playing out between the Defender and the Attacker (White hat and Black hat). The job of the defender is to ensure safeguards are in place to prevent, detect or recover from cyber-attacks and data breaches. These safeguards cover Process, People and Technology. As defenders improve safeguards, the attackers evolve their game plan to target the weakest defences. For example, the defender may reduce their patching cadence to 72 hours (process) and implement machine learning based intrusion detection (technology), but if staff security awareness remains weak, then social engineering will become the predominant attack vector. The 2021 Verizon Data Breach Investigations Report highlights that 85 percent of data breaches involved a human element. By human element, they mean actions such as phishing attacks, using easily guessed passwords and human error. Similarly, the Cloud Security Alliance (CSA) recently released a report on the top cloud security threats – The Egregious 11. According to this report, the biggest threats now come from issues like misconfigurations and insufficient identity and access management, where the customer is solely responsible for security. For example, a staff member making use internet facing cloud storage (for a legitimate business purpose) and setting it up with open access or failing to enable 2 factor authentication. If we assume that staff do not intentionally place sensitive company data at risk, then the root cause of such breaches would be poor security awareness and inadequate training. A strong human defence requires effective education and a security conscious organisational culture. Fortunately, the security awareness industry has evolved greatly over the years. Phishing simulation exercises are common-place and organisations are increasingly using gamification. Such educational interventions are effective because they are engaging. Point-in-time security awareness training is still necessary, but no longer enough. Modern online learning courses have a degree of interactivity built in, such as asking the user to match concepts to definitions. However, gamification adds much more. For example, an online Escape Room game, where team members work together to identify the red flags in a scam situation, then progress to different levels (escape rooms) whilst going against the clock, introduces fun, challenge and competitiveness.
    Similarly, a secure-coding challenges (with a leader board), where developers create an avatar, choose their programming language, identify source code vulnerabilities and select the best alternative code-block, introduces fun and competitiveness. It is the characteristics of fun, challenge and competitiveness that make gamification-based learning engaging, and the lessons learned from these games stick with the individuals and carry forward into their day-to-day jobs. The SANS Security Awareness Maturity Model (see below) is a powerful benchmarking tool, which can help organisations to quickly determine why their security awareness programme may not be having the impact they want. On a 5-point scale, Level 2 means an organisation is meeting its Legal and Compliance obligations through mandatory training. For Level 3, content is communicated in an engaging and positive manner that encourages behaviour change. Level 4 is characterised by a strong security minded culture, which is built into almost all operational aspects of the organisation.

    In Today’s Hyper-Connected World, Organisations Build Their Cyber Defence Using Layers of Safeguards Covering People, Process and Technology

    The need to develop a strong security culture is increasingly recognised as a high priority for many organisations. Culture can be thought of as the attitudes, beliefs and behavioural norms of employees within an organisation. It is exhibited through Behaviours, Attitudes to compliance, Communications and Responsibilities. For example, if someone accidentally emails a sensitive file to unauthorised individuals external to the organisation, a positive security behaviour would be for the individual to promptly self-report the incident to ensure corrective action can be taken (which may include notification to impacted parties or regulatory bodies). A strong awareness of responsibilities with respect to data protection is another cultural dimension. Individuals should always know the classification level of the information they are handling and should be aware that they are responsible for its security, especially when it needs to be shared with others. A positive behavioural norm would be to grant access only on a need to know basis, minimise copies and delete files when they are no longer required. Conclusion In today’s hyper-connected world, organisations build their cyber defence using layers of safeguards covering People, Process and Technology. Data breaches and cyber-attacks often arise from human behaviour. Social engineering, especially phishing, is a highly effective tactic which gives the attacker a foothold in the network, and data loss incidents are most frequently caused by human error. Therefore, to build a strong cyber defence, organisations should have a Security Awareness Programme targeted at creating a security conscious culture. Such a programme needs to be engaging, continuous and relevant to the job roles, and would likely include gamification, culture assessments and management metrics.
    tag

    Machine Learning

    Identity and Access Management

    Weekly Brief

    loading
    Top 10 Cyber Security Companies - 2022

    Featured Vendors

    I-Sprint Innovations

    Dutch Ng, CEO

    HP

    Richard Bailey, President - Asia Pacific & Japan (APJ)

    ON THE DECK

    Cyber Security 2022

    Top Vendors

    Cyber Security 2021

    Top Vendors

    Cyber Security 2020

    Top Vendors

    Cyber Security 2019

    Top Vendors

    Cyber Security 2018

    Top Vendors

    Cyber Security 2017

    Top Vendors

    Previous Next

    I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info

    Read Also

    Deliver Resiliency with Managed Services

    Deliver Resiliency with Managed Services

    Edy Salim, Head of Technology Services & Enterprise Architecture, PT Adira Dinamika Multifinance Tbk
    Sustainable Future through Innovative Technology Solutions

    Sustainable Future through Innovative Technology Solutions

    Faisal Parvez, CIO and Director, BT
    How to align Supply Chain with Corporate Strategy

    How to align Supply Chain with Corporate Strategy

    Chanaka Rathnayake, Senior Production Manager (Packaging) at The HEINEKEN Company
    A dose of our own medicine

    A dose of our own medicine

    SABINA JANSTROM, IT DIRECTOR, DYNO NOBEL
    Insider Threat

    Insider Threat

    AI is America's best weapon for disrupting health inequities

    AI is America's best weapon for disrupting health inequities

    Michael Dowling, President & Ceo, Northwell Health and Tom Manning, Chairman, Ascertain
    Combating IoT Challenges with Smart Choices

    Combating IoT Challenges with Smart Choices

    Sandeep Babbar, Head Of Technology Innovation, Gwa Group Limited
    Artificial Intelligence regulations and its impact on medical devices

    Artificial Intelligence regulations and its impact on medical devices

    Leo Hovestadt, Director Quality Assurance Elekta
    Loading...

    Copyright © 2023 APAC CIOoutlook. All rights reserved. Registration on or use of this site constitutes acceptance of our Terms of Use and Privacy and Anti Spam Policy 

    |  Sitemap |  Subscribe |   About us

    follow on linkedinfollow on twitter follow on rss
    This content is copyright protected

    However, if you would like to share the information in this article, you may use the link below:

    https://cyber-security.apacciooutlook.com/cxoinsights/strengthen-cyber-defences-through-culture-change-nwid-8927.html