Lucene search

K
threatpostLisa VaasTHREATPOST:95BDCA2096B58A0697E169C01B1E0F09
HistoryFeb 24, 2022 - 2:00 p.m.

The Art of Non-boring Cybersec Training–Podcast

2022-02-2414:00:50
Lisa Vaas
threatpost.com
80

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Log4j, ransomware, cloud vulnerabilities, phishing: Cyber threats are manifold. They all pale, however, in comparison to the security black holes that walk around on two legs.

Studies have shown that nearly all successful breaches stem from human error, be it failure to install security patches before an attacker exploits a vulnerability, lousy passwords, or falling into the web of lies spun in social engineering or phishing attacks.

A 2020 report from Stanford University found that nine out 10 data breaches are caused by users. Research from Stanford University and the security firm Tessian found that approximately 88 percent of all data breaches are caused by an employee mistake. Similar studies have confirmed these results going back for years: A 2014 report from IBM found that human error was “a major contributing cause” in 95 percent of all breaches.

specops logo

(Brought to you by SpecOps. Underwriters of Threatpost podcasts do not assert any editorial control over content.)

According to IBM, the average cost of those breaches has been doubling yearly from 2020 to date.You can install cutting-edge artificial intelligence solutions or other modern anti-malware and threat detection software to detect anomalous behavior, but technical solutions only go so far, given that carbon-based life forms use them.

However, these programs often aren’t tailored to individuals’ roles and responsibilities. They also tend to be boring. Darren Van Booven, lead principal consultant at Trustwave and cybersecurity training expert, visited the Threatpost podcast to talk about how the right cybersecurity awareness program should be conducted at the right pace by well-informed instructors.

What also doesn’t hurt: getting senior management to support decent cybersecurity training programs, bringing in notable speakers, making sure management is role-modeling good security hygiene, casting coworkers in cybersecurity awareness skits and/or passing out squeezie stress-balls shaped like phish.

Whatever it takes!

You can download the podcast below or listen here. For more podcasts, check out Threatpost’s podcast site.

Check out our freeupcoming live and on-demand online town halls** – unique, dynamic discussions with cybersecurity experts and the Threatpost community.**

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

Related for THREATPOST:95BDCA2096B58A0697E169C01B1E0F09