BreachExchange mailing list archives
How Santa's Cyber Security Culture Can Work For You! Part 1: Cyber Attacks
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 24 Dec 2018 09:27:56 -0500
https://www.forbes.com/sites/rajindertumber/2018/12/23/how-santas-cyber-security-culture-can-work-for-you-part-1-cyber-attacks/#2983a6707fa6 Beneath the awe of the Northern lights, Elves craft away during long polar nights. Security responsibility lies with all in the wonderland, Aiming to identify, monitor and control data at hand. How could Santa encourage a cyber security culture within his magical workshop? How could this culture help you? The purpose of this article is for you, my loyal readers, to extract ideas to incorporate into your own company's culture, if you wish. The magic of Lapland works all year round to bring joy to us all. White snow sparkles under the phenomenon of the Northern Lights. In the midst of the winter wonderland lies Santa's giant workshop, emanating sounds of clinking and clanking. Millions of gifts are carefully crafted, wrapped and delivered by Santa's little helpers and his reliable reindeer. But as technology enters the mix, the workshop will need to adopt a security culture to ensure the efficiency of its operations, thus delivering Christmas joy. If you have read my article: Tech-Savvy Santa Relies on AI, Blockchain & Cyber Security, you'll know how Santa can transform Christmas, by using: - Artificial Intelligence (AI) to assist Santa’s little helpers with choosing the best gift for a child, and calculate that gift’s demand; - Blockchain technology to ensure gifts are only given to those of us who deserve them; - Cyber security to ensure the children’s personal data, promises, smart contracts and wish list are (amongst other things): - Stored securely in Santa’s Lapland workshop, e.g. encrypted hard drives Accessible only to authorised Santa’s little helpers, including the elves and reindeer, g. whitelisting - Securely transmitted between the workshop’s central computer, the electronic notepads used by Santa and his little helpers, as well as the GPS devices used by the reindeers, and Santa’s personal log, e.g. using the TLS protocol But as we all know, the benefits of technology can bring disadvantages. Santa runs the risk of encountering a cyber attack, e.g. by his old enemy, Krampus. If successful, the attack could shut down the workshop and bring us misery for Christmas. So, Santa will need to become both defensive and offensive on the cyber security front, with professional security elves in-house. Therefore, security awareness will need to be a priority, not just among the residents of Lapland, but also the helpers within the workshop, protecting all personal data, promises, smart contracts, wish lists, etc. Cyber attacks will be a relatively recent phenomena for Santa and his helpers, but they will need to understand cyber security and commit to promoting awareness to help ensure threats, risks and vulnerabilities are mitigated. Santa's little helpers, not the technology, will be the weakest link in the security chain. The latest technology can protect children's confidential information, but it cannot protect against helpers maliciously or incidentally revealing that confidential information over social networks or mismanaged personal devices. A clear and concise training and awareness programme will have to be developed. This programme should aim to: Provide better protection for Santa's assets (including children's gifts) by: - Helping the employed elves to recognise and respond appropriately to vulnerabilities before they turn into threats - Providing up-to-date information on the latest risks and recommended action - Raising the importance of data protection on all storage mediums, e.g. the workshop’s central computer, the electronic notepads used by Santa and his little helpers, the GPS devices used by the reindeers, any paper documents, etc. Increase confidence by: Showing care for Santa's little helpers & his reindeer and by providing advice to protect them around Lapland and within the workshop Showing recognition for good security behaviour - Save the workshop's budget by: - Reducing the likelihood and impact of security threats - Integrating security controls into the shop's processes, policies and procedures - Coordinating and effectively measuring security training and awareness activities - Increase reliability and reputation for a joyful Christmas by: - Increasing strategic and operational security activities for children - Reducing the likelihood of penalties for non-compliance by Lapland's authority - Reduce management exposure to prosecution by: - Demonstrating management’s leadership and commitment to security - Aiding the understanding of legal and regulatory liabilities - Support disciplinary action against those helpers & reindeers who are non-compliant by: - Documenting their acknowledgement of Santa's security policies _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- How Santa's Cyber Security Culture Can Work For You! Part 1: Cyber Attacks Destry Winant (Dec 24)