When asked why he robbed banks, Willie Sutton famously responded; "Because that is where the money is.''
Discussing security with executives they often take the idea of phishing attacks and other compromises very personally. This is understandable, but it is rarely personal.
Cyber criminals don't generally target people; they target roles. If you are in a role with greater access to money, data, or influence over others you are a target.
I’m not suggesting anyone like being a target, but I am suggesting they accept it and then act accordingly.
To help executives understand their situation I find it useful to share the most recent data about attacks on people like them, along with an anecdote or two. I also acknowledge the challenges these individuals face based on the demands on their time, the volumes of information they handle, and trying to be highly productive while mobile.
The reality is we need to help senior people understand that good security practices are akin to, if not in fact a fiduciary responsibility.
The more contextual we make educating these individuals, the more likely we can equip them well.
The broad security awareness training we give to the organization is typically not sufficient or effective for executives.
Based on your organization that may mean doing additional sessions specifically for executive teams or conducting one-to-one discussions.
Remember that a key component of security education is context, so you need to determine at what level to engage to create effective context.
Specific other measures can also be effective with executives. These steps may be too costly across the organization and can be somewhat inconvenient; however, if we exercise sound risk management thinking it may make sense to consider treating different people differently.
This may come in the form of types of devices, encryption, multi-factor authentication, password management tools, etc. And of course, as I have mentioned in the past, good business processes and practices are critical. People bypassing controls to be hyper-reactive to requests from what appears to be an executive in one’s organization is something cyber criminals count on consistently. In our role we need to help executives understand their role and why they are targets. And while cyber crime isn't personal we need to protect the assets by educating the person in the role.
Cybersecurity experts have observed an increase in the frequency and severity of malicious activity targeting businesses
It is critical that your organization takes a holistic view of their IT landscape from a security perspective.
As technology advances, mainframe organizations are increasingly pressed to transition to more modern platforms. Here are some of the most common misconceptions that hinder their mainframe modernization journey.
The cost of not modernizing mainframe systems is generally far greater than the time, effort, and money required to make the transition. Here's why.
As mainframes host mission-critical applications, it's essential to ensure that the modernization process is accurate and causes minimal disruption to business operations. This is where automated migration and testing tools come in.
Get in touch with our experts and find out how Astadia's range of tools and experience can support your team.contact us now