Welcome to the SecAware blog

I spy with my beady eye ...

6 Aug 2018

NBlog August 6 - twins or triplets?

The next awareness and training module trundling into sight on the NoticeBored conveyor belt concerns "outsider threats" - principally malicious threats to corporate information that originate externally, coming from outside the organization's notional boundary.  

It's the obvious follow-up, a twin for August's module on "insider threats". This month's scope is reasonably straightforward except that once again we face the issue of people and organizations spanning organizational boundaries - contractors, consultants, temps, interns, ex-employees etc. plus outsiders colluding with, socially engineering, manipulating, fooling or coercing insiders. Maybe there's enough there for a further awareness module at some future point, turning the twins into triplets!

For now we'll stick to Plan A, focusing on threatening outsiders of which there are many, quite a variety in fact. For completeness, we should probably mention benign, accidental or incidental outside threats and we'll definitely pick up on vulnerabilities and impacts in the risk analysis, as well as exploring ways to avoid or mitigate outsider threats. 

Leaning back from the keyboard, it occurs to me that there is no shortage of relevant issues here for awareness and training purposes - the very opposite in fact. Even at this early stage I'm already thinking about narrowing the scope. 

Traditional IT/cybersecurity awareness approaches would barely have touched these topics, focusing purely on technology-related threats such as hackers. Broadening our perspective makes NoticeBored a more comprehensive service and, we trust, more interesting, engaging and thought-provoking, and more valuable. We'll bring up hacking, of course, and a whole lot more besides.

If your security awareness program consists of a few dog-eared posters and dire warning notices along the lines of "Comply with the policies ... or face the consequences", don't be surprised if bored stiff workers simply tune out. "La la la, can't hear you, don't see you ...". Worse still, the ones who pay attention find out about a narrow strip of a long, long tapestry. What are the chances of that strip covering all they ought to know, everything that matters? Not good.

No comments:

Post a Comment