In both emergency services and cybersecurity, professionals deal with some of the same challenges
It’s Cyber Security Awareness Month, and the security advice is flowing out from all corners of the web to advise your users on remaining secure. However, all this information can be overwhelming for some, so the question is, can advice be simplified into a few, or even one pearl of wisdom for your users? I think it can.
Check out this video explaining what I consider to be the ultimate cyber security awareness tip:
It’s important to understand how most attacks are formulated and executed. When we look at social engineering attacks, they pull on emotions. When your users receive a phishing email, it’s never a polite, chilled out email that asks you to reply whenever you get a chance. No, it’s something designed to instill fear, convey a sense of urgency or maybe appeal to curiosity or greed.
The old tailgating trick of tricking your users into holding doors open for them because they are holding two cups of coffee rely on appealing to the empathy we feel towards others. Ultimately, cybercriminals are relying on manipulating the inherent humanity within us. So, the answer is therefore simple. Show less empathy, care less about others, don’t make other people’s issues your concern… in other words, just be rude.
Now, I’m not talking about your users throwing their phone at a personal assistant because they bought them coffee with the wrong kind of milk in it. I mean following processes without letting emotions get in the way. So, let’s consider the following scenarios:
You’re entering your workplace and a “colleague” is behind you. Let’s say it’s a pregnant female holding two bags, she’s flustered, and struggling to find her pass. The nice thing for us to do would be to hold the door open, I mean, what kind of monster wouldn’t hold the door open?
Someone senior in the company emails you frantically asking for help and they need you to authorise a payment to a new partner to close a deal worth millions. Of course the nice thing is to be a team player and help them out. We’re all team players, after all.
You receive a serious call from IT that your computer has some issue that needs to be immediately resolved. They ask you to download software, or worse still, hand over your password. You wouldn’t want to be the cause for the whole network going down, would you?
I’m sure you see the problem here in these somewhat simplified examples. If you and your users follow your instincts and were a nice person, you would potentially fall victim to a social engineering attack. But on the other hand, if you went full grumpy old man rude, akin to Clint Eastwood, you’d be slamming doors in the faces of people, deleting important emails, or causing your organization’s network to shut down.
So clearly, the answer lies somewhere between being sweet as apple pie and rude as Clint.
This is what I like to call the “gangsta gran zone”. It’s like your gran, a sweet lady, full of love and empathy, but one who doesn’t suffer fools.
So the advice is simple — be as rude as you need to be. If we revisit our scenarios, and you reach the door with your colleague struggling to come in, stop and be supportive and kind, as if they are genuine. But don’t give them a free pass. Offer them a seat, a glass of water, carry their bags. Escort them to security, or wait for them to find their pass. There are many options you can explore without letting them enter, or leaving them to fend for themselves.
If it wasn’t already obvious, the examples listed are meant to be tongue in cheek but it’s important to remember cybercriminals are not nice, and they will stop at nothing to get what they want. If your users asks you something on the phone or over email, refer them to the policy. Follow correct procedure and safeguard your own actions and the organisation overall. It’s not that you want to be awkward, or deliberately rude, but you need to find that balance so it’s less likely that someone will be able to take advantage of your kindness and willingness to help. Stay gangsta, gran!
UK/EU issue sanctions over cyber-attack, while US points finger at Iran over fake news campaign
The past few months have tested most businesses’ and individuals’ ability to adapt. The coronavirus pandemic caused new ways of thinking about work, systems, processes, and workflows.But, don’t get settled. The world of work is still evolving, with the concept of a hybrid workspace now emerging. Globally, 37% of companies say they expect more than half of their employees to work remotely on a permanent basis, according to Cisco’s Future of Secure Remote Work Report that surveyed more than 3,000 global IT decision makers. In the U.S. and U.K., that figure rises to 50%; in Brazil and India, it’s 53%.To read this article in full, please click here
Today’s MSSP & SIEM cybersecurity news involves CoreView, Lacework, Lookout, McAfee, Microsoft 365, OPORA, Radware, Securonix & more.
The post Managed Security Services Provider (MSSP) News: 23 October 2020 appeared first on MSSP Alert.
SecBI’s extended detection & response (XDR) platform gains multi-tenancy capabilities for MSPs & MSSPs. Plus, integrations with CrowdStrike, Cybereason, Mimecast, Proofpoint & Zscaler arrive.
The post SecBI XDR Gains MSSP Multi-Tenancy Capabilities; CrowdStrike, Proofpoint Integrations appeared first on MSSP Alert.
Managed detection & response provider eSentire & robotic process automation company UiPath partner to help orgs automate Microsoft Security configurations.
The post Microsoft Security Partnership: eSentire MDR, UiPath RPA Announce Pact appeared first on MSSP Alert.
The US government declared that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. A joint security advisory published by The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) revealed that Russia-linked APT group Energetic Bear has breached US government networks and exfiltrated data. The Energetic Bear […]
The post FBI and CISA joint alert blames Russia’s Energetic Bear APT for US government networks hack appeared first on Security Affairs.
Nokia data reveals almost a third of devices are now compromised
Some metrics are more valuable than others in making measurable improvement in security