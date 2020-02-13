Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

#teissLondon2020: Blanket Approaches to Security Awareness Efforts Often Fail

Employee awareness needs to be holistic, and not use a blanket approach.

Speaking on a panel at the TEISS conference in London exploring tailoring security awareness programs to overcome colleagues' inbuilt biases, business strategist Dr Dave Chatterjee said that benchmarks can be used, and help you to know that if you are talking awareness, whether you are addressing your goals. “At a deeper level, it can convince you to be more careful on phishing and to be motivated and driven to be secure,” he added.

Dr Jessica Barker, chair of ClubCISO, said she had found “phishing awareness and detection to be very good and strong” but the issues of emailing personally identifiable information and storage of data were not addressed, and often these issues need to be covered and benchmarks can help you know in six to 12 months if you have targeted these areas.

Also speaking on the panel was Marilise de Villiers, founder and CEO of MDVB Consulting, who said that awareness solutions need to be designed to allow you to measure awareness, and let “you know what you want to know” as well as “what will trip us up later down the road.”

The panellists were all agreed that a check box methodology is not enough, and Chatterjee said that you “need to put enough thought into what you’re measuring.”

Panel moderator Jeremy Swinfen Green, head of consulting at TEISS, asked what some of the problems around awareness campaigns can be. “A fear of speaking up” was cited by de Villiers, while Barker said that a fear of speaking up “engenders a culture of fear.” Chatterjee added that companies often try to create a workplace of happy employees, but that is often “easier said than done.

“Companies have to survive and treat their employees well,” he said, while de Villiers argued that awareness campaigns need to be done on a “case-by-case basis.”

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

DevOps Alert: 12,000 Jenkins Servers Exposed to DoS Attacks

2
News

Crypto AG Unmasked: CIA Spied on Governments For Decades

3
News

Facebook's Social Media Accounts Hacked

4
News

US Bank Slammed for "Vague and Deceptive" Breach Disclosure

5
News

Microsoft Fixes 99 Problems This Patch Tuesday

6
News

Estée Lauder Database Exposes 440 Million Records

1
News

Puerto Rico Government Loses $2.6m in Phishing Scam

2
News

#teissLondon2020: Be Aware of Malicious and Non-Malicious Insider Behavior

3
News

Ukrainian Blackout Malware at Large on Dark Web

4
News

#teissLondon2020: Blanket Approaches to Security Awareness Efforts Often Fail

5
News

Ransomware Costs May Have Hit $170bn in 2019

6
News

Estée Lauder Database Exposes 440 Million Records

1
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

2
Webinar

Automation in Data File Transfer: Improving Security and Saving You Time

3
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

4
Webinar

Making a SOAR Strategy Work For You

5
Webinar

New Year, New Decade, New Threats and Challenges

6
Webinar

AI in Security: Keeping Up with the Trend

1
Blog

Security by Sector: Cyber-Attack Could Create Financial Crisis, Says ECB Chief

2
News Feature

Impact of Stress and Burnout Worsens for CISOs

3
Blog

Nine Steps to Cybersecurity

4
Opinion

Are You Prepared to Battle Account Takeover Fraud?

5
Webinar

Leveraging ISO 27001 to Manage Cyber & Information Security Risks

6
Interview

Interview: Rob Norris, VP Head of Digital Technology Services and Enterprise Cyber Security, Fujitsu