Tag Archives: security awareness

The insider is still one of the most vulnerable elements of cybersecurity and it was the discussion of the recent Modern Workplace webcast on cyber intelligence and the human element.  Insiders are those who are authorized to work on company systems or in company facilities and they include trusted employees and contractors.  Whether it is through human error, social engineering, or intentional action, insiders are the cause of a significant portion of malware infections, data breaches, information theft, and privacy violations. There are some key strategies you can use to…

Continue reading

If we have learned anything over the last few years about data breaches, it is that they are likely to happen.  However, data breach frequency can be reduced and its impact minimized with some key strategies. Both response and prevention efforts are greatly impacted by organizational culture.  Organizational culture is formed over years as certain values and behaviors are reinforced or discouraged through a series of successes and failures.  Security is seen as important and vital to organizational success in positive security cultures while it is ignored or even discouraged…

Continue reading

Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by manipulating data and availability by deleting data or taking down the systems that host the data. By and far, most attacks have been focused on disrupting confidentiality or availability so defense mechanisms and training have also been…

Continue reading

Security spending could be compared to the stock market. It increases and decreases depending on intangibles such as how “at-risk” the organization feels rather than on objective measures such as the number of cyberattacks, vulnerabilities or data breaches. An organization may put technical controls in place, educate employees and establish new policies immediately following a breach, but over time the technology becomes outdated and no longer protects the organization as it should. Memory of the breach fades, causing exceptions to be made to the firm's policies and leading to forgetfulness…

Continue reading

I welcome you to join me on November 8 at Grace Baptist Church of Westlake for the Untangled Conference.  I will be presenting on security awareness to provide helpful tips and tricks to keep your computer and church network secure. Untangled Conference – November 8, 2014 – Security Awareness from Eric Vanderburg   December 1 Update: Chris Brown took a photo of the Untangled Conference group which I have attached below:
I was asked a question on Twitter today. The question was, “Is staying safe online possible?” This is a great question because I increasingly see a sense of apathy in users due to the frequent threats to online safety that are reported. They ask questions such as “If big companies can’t protect themselves, what chance do I have?” or “If identity theft is inevitable, what is the point of protecting oneself?” Let’s look at the question in an Aristotelian manner. We first must establish what staying safe is. Let’s start…

Continue reading

A recent study by Deloitte, titled Blurring the lines: 2013 TMT global security study, shows that 59% of Technology, Media, and Telecommunications (TMT) companies suffered a data breach.  88% of these companies do not believe that they are vulnerable to an external cyber threat such as hacking.  Rather, the three highest threats were: Employee errors and omissions Denial of service (DoS) attacks Security breaches by third parties Employee errors and omissions Awareness is a critical factor here, and Deloitte lists it as one of the top three security initiatives of…

Continue reading

Here is a fact that many of us would like to forget.  Most data theft occurs by insiders.  This is often termed the insider threat or the human threat.  Insiders are the people who would usually be considered very trustworthy.  However, all it takes is some incident or life change to occur that can motivate someone to commit a crime. Insider threat statistics An evaluation of cases of insider theft has provided statistics useful in identifying the types of employees who are most likely to threaten information security.  Surprisingly, it’s not…

Continue reading

Every once in a while, a website will try to convince you to change your security settings.  I was looking for blinds the other day, and I found a web site that had a great deal.  When I tried to customize the blinds, I was presented with this webpage informing me that I needed to modify my cookie settings for first and third-party cookies for the site to work. I tried the site in a few browsers, and this page came up each time I tried to modify my selection.…

Continue reading

  Managing the security of an organization can be quite confusing. It can seem like an uphill battle when basic security awareness concepts such as keeping passwords secret or refraining from discussing confidential topics outside the workplace are consistently ignored. Why do some security initiatives fail while others succeed? The answer may lie within the corporate culture. Corporate culture, also known as organizational culture, is the invisible lifeblood made up of the values, priorities, assumptions, and objectives of those within the organization. Just as the body rejects an incompatible organ,…

Continue reading