Sign up to save your podcasts
Or
Share #36: Cyber Security Series Pt. 4 – Cyber Security Awareness
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#36: Cyber Security Series Pt. 4 – Cyber Security Awareness
In this episode of The Power Up Project, we cover:
>Part 4 of our five-part cyber security series - Cyber Security Awareness
>Why cyber security is a very hot topic in business today.
>Everything you need to know about Cyber Security and why your organisation should be aware.
Transcript:
In this episode we'll be talking about cyber security awareness.
Welcome back to the Power Up Project. It's great to have you here for the next in our five part series on our five most effective cyber security defences for your business. So far in this series we've spoken about having an advanced intelligent firewall, we've spoken about the importance of cyber insurance, and we've also spoken again about the multi-factor authentication.
Today what we're going to talk about is something that brings it back to what is usually the weakest link in any of our cyber security defences and that is our people. When we look at cyber security breaches, in the majority of cases it comes down to people, it comes down to humans who have essentially taken some action which has bypassed or compromised security and has allowed the malicious actors to gain a foothold in the business network.
We can put all of the best technology in place, we can put fancy firewalls, we can put multi-factor authentication, we can do all of this but at the end of the day what we really need to be addressing is our people. Now our people and our staff, they want to do the best thing. None of them are out there looking to get breached by a malicious actor, so what we need to help them with then is recognising these threats and training them on how to respond when they do detect or recognise one of these threats.
The most common form of threat that we see coming through is a malicious e-mail. So these e-mails, phishing e-mails, are definitely the most common at the moment. We're seeing a rapidly increasing number of whaling and spear phishing and more targeted phishing attacks but the e-mail vector really is still probably the biggest one that we see out there in the wild. So this is when a staff member in your business will receive an e-mail that looks legit, it looks like it's coming from legitimately from one of your suppliers or from a business that they do business with personally, maybe not even part of the fact that they're a staff member with your organisation, and they click on a link in that e-mail and that link let's the bad actors in. From there bad actors have access to your network and then it's just a case of how quickly can we respond and lock things down and protect your digital assets.
What we need to do is provide that training for our staff on how to recognise these malicious e-mails, dodgy websites they shouldn't be going to, and so on. There's a number of ways we can do it. This doesn't need to be a big expensive exercise, it doesn't need to be super intrusive either. One of the most common ways that we see people going about this training at the moment is what we kind of consider to be called a friendly phishing campaign. This is when we actually send these pretend malicious e-mails to our own staff and we see who reads them and we see who clicks on them, and of course, if they do click on them that's okay because it's not truly a malicious e-mail, it's just a pretend one and it will log the fact for us that this happened so we can gather some statistics on how well our people are actually avoiding these threats or how maybe unwell they're actually clicking through to them. But we can then also lead that staff member onto a little bit of training.
We can take them to a webpage, for example, which is not a malicious webpage but it's a friendly webpage that says,
View all episodes
By Ben Love & Ben DampneyIn this episode of The Power Up Project, we cover:
>Part 4 of our five-part cyber security series - Cyber Security Awareness
>Why cyber security is a very hot topic in business today.
>Everything you need to know about Cyber Security and why your organisation should be aware.
Transcript:
In this episode we'll be talking about cyber security awareness.
Welcome back to the Power Up Project. It's great to have you here for the next in our five part series on our five most effective cyber security defences for your business. So far in this series we've spoken about having an advanced intelligent firewall, we've spoken about the importance of cyber insurance, and we've also spoken again about the multi-factor authentication.
Today what we're going to talk about is something that brings it back to what is usually the weakest link in any of our cyber security defences and that is our people. When we look at cyber security breaches, in the majority of cases it comes down to people, it comes down to humans who have essentially taken some action which has bypassed or compromised security and has allowed the malicious actors to gain a foothold in the business network.
We can put all of the best technology in place, we can put fancy firewalls, we can put multi-factor authentication, we can do all of this but at the end of the day what we really need to be addressing is our people. Now our people and our staff, they want to do the best thing. None of them are out there looking to get breached by a malicious actor, so what we need to help them with then is recognising these threats and training them on how to respond when they do detect or recognise one of these threats.
The most common form of threat that we see coming through is a malicious e-mail. So these e-mails, phishing e-mails, are definitely the most common at the moment. We're seeing a rapidly increasing number of whaling and spear phishing and more targeted phishing attacks but the e-mail vector really is still probably the biggest one that we see out there in the wild. So this is when a staff member in your business will receive an e-mail that looks legit, it looks like it's coming from legitimately from one of your suppliers or from a business that they do business with personally, maybe not even part of the fact that they're a staff member with your organisation, and they click on a link in that e-mail and that link let's the bad actors in. From there bad actors have access to your network and then it's just a case of how quickly can we respond and lock things down and protect your digital assets.
What we need to do is provide that training for our staff on how to recognise these malicious e-mails, dodgy websites they shouldn't be going to, and so on. There's a number of ways we can do it. This doesn't need to be a big expensive exercise, it doesn't need to be super intrusive either. One of the most common ways that we see people going about this training at the moment is what we kind of consider to be called a friendly phishing campaign. This is when we actually send these pretend malicious e-mails to our own staff and we see who reads them and we see who clicks on them, and of course, if they do click on them that's okay because it's not truly a malicious e-mail, it's just a pretend one and it will log the fact for us that this happened so we can gather some statistics on how well our people are actually avoiding these threats or how maybe unwell they're actually clicking through to them. But we can then also lead that staff member onto a little bit of training.
We can take them to a webpage, for example, which is not a malicious webpage but it's a friendly webpage that says,