Cybersecurity Is Just A Technology Issue | SMBs Top Ten CyberSecurity Misconceptions | With Kristen Greene
ITSPmagazine Podcast
English - April 28, 2020 22:21 - 38 minutes - 35.5 MB - ★★★★★ - 15 ratingsTechnology education internet business computers digital transformation future technology innovation science hacking Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
In this episode, we connect with Kristen Greene, Cognitive Scientist at National Institute of Standards and Technology (NIST), to explore the elements of cybersecurity before and beyond the technical elements come into play.
Cybercrime is a mind game, and protecting systems and data often requires counter games be played. Sure, technology has a role to play in this game, but it is the humans—on both sides of the equation—that hold the main character roles. We must not forget the humans in all of this. And, we’re not just talking about social engineering and tricking people to do things they shouldn’t. It boils down to making sure there is a solid understanding of the environment, how it works, the threats and attacks that could make it fail, and developing a work environment—and supporting tools—that make it easy for the good users to do the right thing and the bad actors to not do any harm.
“We see a lot of small- and medium-sized businesses think that cybersecurity is isolated to just technology. They automatically think of anti-malware software or virtual private networks, but neglect the importance of the human element and all the various ways that we can influence those humans to make the desired security decisions." — Daniel Eliot
Yes, this includes technology, but it doesn’t have to start, nor end, there. And, when technology comes into play, it needs to be usable for the users to, well, use.
These are some of the main points discussed:
How cognitive science/psychology impacts human attention, perception, vision, memory, and decision making in cybersecurityThe fundamental importance of creating a behavioral change in how people think and act when it comes to dealing with (and protecting) technology and informationPromoting a cultural change by balancing people, process, and technologyRecognizing that technology should be an extension to the human element, and vice versaCan we empower the employees to be good cyber citizens and good stewards of the business data they have been entrusted with?Similar to not using technology as a magic bullet for security, you can’t apply security awareness training as the silver bullet for the human element“People have overconfidence—an overreliance—on the institution’s security measures. There is no perfect technology; there’s no silver bullet; things are still going to get through the defenses." — Kristen Green
Now’s the time to check your cybersecurity stack. Is it all tech? Try again. Start by listening to this chat with Daniel and Kristen.
Guest(s)
Kristen Greene (NIST)
Co-Host
Daniel Eliot, NCSA Cybersecure My Business
This Episode’s Sponsors:
HITRUST: https://itspm.ag/itsphitweb
To see and hear more SMBs Cybersecurity Awareness content on ITSPmagazine, visit:
https://www.itspmagazine.com/cybersecurity-for-small-medium-business
Are you interested in sponsoring an ITSPmagazine Channel?
https://www.itspmagazine.com/podcast-series-sponsorships