Behavior Change & Training Page 4

Is It Your Fault You Were Hacked? (Probably)

One of the most interesting callouts from the 2015 Verizon Data Breach Investigation Report was this: 99.9% of exploited vulnerabilities were compromised more than a year after the common vulnerabilities and exposures (CVE )was published. Let me help you read between the lines – if you were hacked through an already-known, unpatched weak point, the… Read more »

View Post

Spotting the Behavioral Signatures of Odd Ducks

You know the old adage, “if it looks like a duck, walks like a duck, and talks like a duck, it probably is a duck.” However you might feel about such profiling, this is, in a nutshell, the basic idea behind the concept of the behavioral signature. In the context of malware detection, behavioral signatures are an important… Read more »

View Post

Security Awareness by the Numbers—an Infographic

If you’ve been attending IAPP’s Global Privacy Summit 2015 this week, we hope you have been enjoying it. We’re certainly excited to be here! Please visit our booth – we’d love to hear what’s on your mind about privacy awareness and security awareness training. In the meantime, or perhaps on your way home from the… Read more »

View Post

Contending with Cultures of Corruption

Just one look at the Corruption Perceptions Index map and you can see that we operate in a world fraught with abuse of power, backroom dealings, kickbacks, and bribery—all of which can put your international organization at risk. The popular index evaluates 177 countries, rating them on a scale of 0 (highly corrupt, depicted by… Read more »

View Post

Video: The Truth About Trust

This animation is designed help you reinforce your message about protecting personal information. Our goal was simple: cover the critical things that every employee should know about protecting personally identifiable information (PII) in around one minute. We believe that you should provide annual privacy awareness training to ensure that your employees know how to protect the information… Read more »

View Post

5 Immutable Laws of Information Security

Hugh Thompson, Ph.D., program committee chairman for the recent RSA Conference, presented an insightful “hacker’s view” summary of the dynamics of cybersecurity. Dubbed “five fundamental immutable laws,” he surveyed the primary root causes of security breaches and the methods attackers use to exploit weaknesses. These laws—while I might question their immutability—do have one very compelling… Read more »

View Post

Knowing: More than Half the Security Awareness Battle

We’ve been saying it for years, and once again, a major security threat report confirms it: two-thirds of all security breaches stem from improper employee behavior. According to Symantec’s Internet Security Threat Report 2014, only 34 percent of breaches are attributable solely to the work of a hacker. Most, as we continue to see, result… Read more »

View Post

Failure to Communicate?

A recent report based on research by Frost & Sullivan exposed an interesting set of priorities among security professionals. When asked about the attributes of successful security personnel, security executives placed the importance of business and organizational skills right alongside security knowledge and technical skills. And the rank and file agreed. But the report also… Read more »

View Post

PCI Awareness Training Series, Part 3: Role Playing

The PCI SSC publication—Best Practices for Implementing a Security Awareness Program—identified three broad aspects of a successful PCI awareness program, each of which we addressed in the first two parts of this series. We wrap things up with a fourth dimension of PCI awareness training: roles. As the guideline states, “Role-based security awareness provides organizations… Read more »

View Post