The drone incident at Gatwick airport makes a good backdrop for a security awareness case study discussion around resilience.
It's a big story globally, all over the news, hence most participants will have heard something about it. Even if a few haven't, the situation is simple enough for them to pick up on and engage in the conversation.
The awareness objective is for participants to draw out, consider, discuss and learn about the information risk, information or cybersecurity aspects, in particular the resilience angle ... but actually, that's just part of it. It would be better if participants were able to generalize from the Gatwick drone incident, seeing parallels in their own lives (at work and at home) and ultimately respond appropriately. The response we're after involves workers changing their attitudes, decisions and behaviors e.g.:
- Considering society's dependence on various activities, services, facilities, technologies etc., as well as the organization and their own dependencies, and ideally reducing dependence on vulnerable aspects;
- Becoming more resilient i.e. stronger, more willing and able to cope with incidents and challenges of all kinds;
- Identifying and reacting appropriately to various circumstances that are short on resilience e.g. avoiding placing undue reliance on relatively fragile or unreliable systems, comms, processes and relationships;
- Perhaps even actively exploiting situations, gaining business advantage by persuading competitors or adversaries to rely unduly on their resilience arrangements (!).
Assorted journalists, authorities and bloggers are keen to point out that the Gatwick drone incident is 'a wake-up call' and that 'something must be done'. Most imply that they are concerned about other airports and, fair enough, the lessons are crystal clear in that context ... but we have deliberately expanded across other areas where resilience is just as important, along with risk, security, safety, reliability, technology and more.
Visit the website or contact me to find out more about the NoticeBored service, and to quote you a trivial price - so low in fact that avoiding a single relatively minor incident should more than justify the annual running costs of your entire security awareness and training program.
By the way, we set our sights much higher than that!