This document outlines a proposed employee-based cyber security training and education program. It begins by establishing the need for such a program, noting that cyber risk is increasing and now poses an existential threat. It argues that the human element remains the weakest link for enterprises. The goals of the program are to instill long-term cultural and behavioral changes across the enterprise to better manage cyber risk. The program aims to inform employees about cyber threats, educate them on security frameworks, and empower them with skills for life-long cyber security. It would involve interactive workshops, online awareness training, testing, and attack simulations to train and assess employees.
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Cyber Security for the Employee - AFP Annual Conference 2016
1. Cyber Security for the
Employee - A fresh approach to
managing and mitigating cyber risk at
the enterprise.
October 25th, 2016 Laura Harkins and
Brad Deflin
2. ① Do you believe cyber risk is a
big deal today?
② Do you think it will get better or
worse?
① Do you feel ready for it?
Pop Quiz
3. Why We’re Here
• The Risk is Real – Director of U.S. National Intelligence
warns of widespread vulnerabilities in the civilian
infrastructure and calls it one or our two greatest risks as a
nation. March 2nd.
• The Risk is Increasing – the FBI reported a 270%
increase in cybercrime over the last year – April 4th.
• The Risk has Become Existential – the UK’s National
Crime Agency declared cybercrime surpassed traditional
crime and is now greater than all other crimes combined -
July 7th.
4. Cyber Threat VAR
• It’s a very big deal.
• It’s getting worse,
maybe a lot worse.
• Most need to do
more.
6. Today…
• WHY?
Why an employee-based cyber security training
and education program?
• WHAT?
What are the goals of the program?
• HOW?
How do you achieve the goals and sustain high
program efficacy and efficiency?
7. Today…
• WHY?
Why an employee-based cyber security training
and education program?
• WHAT?
What are the goals of the program?
• HOW?
How do you achieve the goals and sustain high
program efficacy and efficiency?
8. Why ....?
• WHY?
Why an employee-based cyber security training
and education program?
“Its become easier to hack a human than a company’s
technology. “
Deloitte – Cyber Attacks Take Aim at Individuals, Roles Inside Organizations
“Cybercrime is not an IT problem. If there is one lesson
companies should take away from this study, it is this one.”
PWC – Global Economic Crime Survey 2016.
10. Watch the Delta
“It’s become easier to hack a
human than a company’s
technology.”
You are here
X
“Life” is here Y
• Apathy
• Fear
• Confusion
• Denial
The rate of change in our
every day lives is accelerating.
11. Why …
• HBR – Cyber Security’s Human Factor
• TrustWave Global Security Report
• Cisco Midyear 2016 Cybersecurity Report
Another day at the
office.
12. Why … The arbitrage trade of
the millennium.
Misevaluation of our
personal information
has created an
arbitrage trade that is
minting history’s
greatest fortunes over
the shortest periods of
time.
Isn’t it great
that we have
to pay nothing
for the barn?
Yes! And
even the
food is
free.
Etc…
13. Why …
Why an employee-based
program?
• The human element is still the
weakest link.
• The Democratization of Cyber Risk
• Profit Motives and Trends in Cyber
Crime
“It’s become easier to hack a
human than a company’s
technology.”
15. The Profit Motive in Cyber Crime.
“In our research into underground markets, we’ve estimated
that cybercriminals today enjoy an ROI of 1,425 percent.”
Trustwave – 2015 Global Security Report
16. The Profit Motive in Cyber Crime.
“Cisco engineers determined a typical
hacker can make $34 million a year using
today’s ransomware software tools. Tools
available to anyone. For rent.”
Cisco, May 18th, 2016
17. Conclusion –
Great risk increasingly resides at the intersection of
people and the technology they use every day.
Individuals at all levels of the enterprise must adjust
and adapt to participate and contribute to its
management and mitigation.
Why?
Protecting Your Family in the Digital Age.
18. Today…
WHY?
Why an employee-based cyber security training
and education program?
• WHAT?
What are the goals of the program?
• HOW?
How do you achieve the goals and sustain high
program efficacy and efficiency?
19. What?
What are the goals of the program?
• Enterprise-wide cultural adjustment and adaptation.
• Heightened and sustained levels of awareness.
• Behavioral change, personally and professionally.
• Benchmarked and managed compliance.
• Long-term program ROI.
20. What?
Goal –
To increase and instill long-term and
sustained changes that manage and mitigate
cyber risk across the enterprise with optimal
program efficacy, and cost efficiency.
21. Today…
WHY?
Why an employee-based cyber security training
and education program?
WHAT?
What are the goals of the program?
• HOW?
How do you achieve the goals and sustain high
program efficacy and efficiency?
22. How?
The Big Idea -
Informing, educating, and empowering
individuals for survival and success in their
personal and professional lives is an
effective and efficient approach to cyber risk
mitigation at the enterprise.
24. How?
• Inform through
Context
Internalizes the risk.
The Democratization of
Cyber Risk.
• How did this happen?
• What does the future
hold?
• Mobile
• Clouds
• Big Data
• “Free”
• Ransomware
• Phishing and Social Engineering
• End-user Threats
Protecting Home and Family in the Digital Age.
25. How?
• Educate for
Framework
Personalizes the issues.
• The nature of technology
and cybercrime.
• Precepts for the future.
Managing Change for Survival
and Success in the Digital Age.
Protecting Home and Family in the Digital Age.
• Exponentials
• Moore’s Law & the Digital
Age
• Digital Currencies
• Internet of Things
• Crime-as-a-Service
• Phone and WiFi Hacks
• Hackers-for Hire
26. How?
• Empower for Cyber
Security for Life.
Empowers the Individual.
• The Four Fundamentals.
• The Art and Science of Passwords.
• Encryption.
• Trends in Security Technology.
• Best Practices.
• Protecting Home and Family.
Cyber Security for Life.
27. How?
Logistics -
Training
• Interactive Workshop
Sessions:
o Max 50 attendees – 90 -
minute session with Q&A.
o 2 times per year.
• Online Awareness
Training:
o On demand by employee,
2 times per year.
Testing
• Online Testing:
o On demand by employee, 2
times per year.
• Attack Simulations:
o Monthly Phishing and
Ransomware attack
simulations.
• Data Analysis
o Attribution reporting.
o Program optimization
Title Introduction – new-school of thought with an organic genesis – didn’t happen by design, but through “in the field” experience, data, and lots of time spent at the intersection of people, the tech they use every day, and the the rapidly escalating risks at hand.
But before we get ahead of ourselves – a quick pop quiz....
NEXT SLIDE
lets start with 3 questions - ...............
1, 2, 3 .....
Also some data baked in here – consistently the response we get – c-suites, exec assistants, professional advisors, all the way down the food chain.
Next slide 0 This is why we’re here.
This is why we’re here today; it’s a big deal, it’s going to get worse, potentially a lot worse, before it starts to get any better. And, many need to do more to be ready. Etc Etc Etc You don’t need me to tell you -
Not to belabor the point - ..... Mention figures…. WSJ $100b, .... Lloyds $400b ... $3-$6 trillion MSFT
No element of the ledger- balance sheet or p/l is not potentially at risk in some form or another - of course IP, and then HR Data and financial risk, infrastructure, real and virtual, the supply-chain, and the partner network.
So the assumption is we don’t need to spend any more time on the “Why cyber security”.
PAUSE - So let’s pause a moment – at the start – I said the preso developed organically and thru years of actual experience in the field and data analysis.
Started with my position in the financial services industry and 25 yrs, exec leadership most recently at JPM “The New Face of Risk...”
The question becomes “Why an employee-based program?”
So, here is what we talk about today .... Why?
What - are the goals - SPOILER ALERT – includes words like; SUSTAINED, LONG-TERM, BEHAVIORAL CHANGE, ADAPTATION, CULTURAL,...
And the reason we’re really here - HOW do you do this to successfully achieve these goals?
The question becomes “Why an employee-based program?”
WE know this ... BUT WHY?
Coinciding trends fueling the activity.
Its become easier to hack a human than a company’s technology.
Deloitte - Cyber Attacks Take Aim at Individuals, Roles Inside Organizations
“Cybercrime is not an IT problem. If there is one lesson companies should take away from this study, it is this one.”
PWC – Global Economic Crime Survey 2016.
Coinciding trends fueling the activity.
Its become easier to hack a human than a company’s technology.
Deloitte - Cyber Attacks Take Aim at Individuals, Roles Inside Organizations
“Cybercrime is not an IT problem. If there is one lesson companies should take away from this study, it is this one.”
PWC – Global Economic Crime Survey 2016.
Coinciding trends fueling the activity.
Its become easier to hack a human than a company’s technology.
Deloitte - Cyber Attacks Take Aim at Individuals, Roles Inside Organizations
“Cybercrime is not an IT problem. If there is one lesson companies should take away from this study, it is this one.”
PWC – Global Economic Crime Survey 2016.
Coinciding trends fueling the activity.
Its become easier to hack a human than a company’s technology.
Deloitte - Cyber Attacks Take Aim at Individuals, Roles Inside Organizations
“Cybercrime is not an IT problem. If there is one lesson companies should take away from this study, it is this one.”
PWC – Global Economic Crime Survey 2016.
What it looks like where the rubber hits the road.
What it looks like where the rubber hits the road.
What it looks like where the rubber hits the road.
PBIG – where we come from, the most personal intersection of people, technology, and risk.
The question becomes “Why an employee-based program?” Our approach transcends the employees previous experience with the matter: training from the IT department, a visit from the FBI – and informs, educates, and empowers them for their individual survival and success – personally and professionally.
This is the aim of the program because we believe and it is our experience in the field that this individual-oriented approach creates significant results in just the areas you want to see them … see “Goals of the Program” – but sound like heightened, sustained, cultural, behavioral, benchmarked, measurable, and ROI - but first, WHY
Now, the meat of it. HOW?
So, The Big Idea -
This is what we found to increase understanding, awareness, adaptation, and long-term behavioral change -
We’ve lived the movie ….” The Personalization of Cyber Risk.”
Motivated compliance.
Record investment capital inflows to the IT Security space - they are innovating and disrupting the world of hardware and traditional IT departments.