Cybersecurity Is Just A Technology Issue | SMBs Top Ten CyberSecurity Misconceptions
ITSPmagazine Podcast
English - April 28, 2020 22:21 - 38 minutes - 53.2 MB - ★★★★★ - 15 ratingsTechnology education internet business computers digital transformation future technology innovation science hacking Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Hosts: Sean Martin | Marco Ciappelli | Daniel Eliot
Guest: Kristen Greene, NIST
In partnership with NCSA CyberSecure My Business, ITSPmagazine is thrilled to offer a new SMB CyberSecurity Awareness Series based on this well-received 10 Common CyberSecurity Misconceptions resource from NCSA.
Cybersecurity Is A Technology Issue. Or is it?
In this episode, we connect with Kristen Greene, Cognitive Scientist at National Institute of Standards and Technology (NIST), to explore the elements of cybersecurity before and beyond the technical elements come into play.
Cybercrime is a mind game, and protecting systems and data often requires counter games be played. Sure, technology has a role to play in this game, but it is the humans—on both sides of the equation—that hold the main character roles. We must not forget the humans in all of this. And, we’re not just talking about social engineering and tricking people to do things they shouldn’t. It boils down to making sure there is a solid understanding of the environment, how it works, the threats and attacks that could make it fail, and developing a work environment—and supporting tools—that make it easy for the good users to do the right thing and the bad actors to not do any harm.
“We see a lot of small- and medium-sized businesses think that cybersecurity is isolated to just technology. They automatically think of anti-malware software or virtual private networks, but neglect the importance of the human element and all the various ways that we can influence those humans to make the desired security decisions." — Daniel Eliot
Yes, this includes technology, but it doesn’t have to start, nor end, there. And, when technology comes into play, it needs to be usable for the users to, well, use.
These are some of the main points discussed:
- How cognitive science/psychology impacts human attention, perception, vision, memory, and decision making in cybersecurity
- The fundamental importance of creating a behavioral change in how people think and act when it comes to dealing with (and protecting) technology and information
- Promoting a cultural change by balancing people, process, and technology
- Recognizing that technology should be an extension to the human element, and vice versa
- Can we empower the employees to be good cyber citizens and good stewards of the business data they have been entrusted with?
- Similar to not using technology as a magic bullet for security, you can’t apply security awareness training as the silver bullet for the human element
“People have overconfidence—an overreliance—on the institution’s security measures. There is no perfect technology; there’s no silver bullet; things are still going to get through the defenses." — Kristen Green
Now’s the time to check your cybersecurity stack. Is it all tech? Try again. Start by listening to this chat with Daniel and Kristen.
_____________
Learn more about this column's sponsors:
HITRUST: https://itspm.ag/itsphitweb
The complete series of SMB CyberSecurity webcasts, podcasts, articles, and supporting material can be found on ITSPmagazine at: https://itspmagazine.com/cybersecurity-for-small-medium-business
Learn more about NCSA's CyberSecure My Business: www.itspmagazine.com/company-directory/ncsa#csmb
Consider sponsoring this series to help raise awareness for small and medium businesses/enterprises all around the world: https://www.itspmagazine.com/podcast-series-sponsorships