Tag Archives: Security Awareness

KnowBe4 study reveals 92% of organisations’ biggest security concern is end users

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the results of new research. The company’s report examines over 350 organisations globally and reveals the security weaknesses and concerns within them. On average, 81% of organisations had some degree of concern around security issues.

Cyber crime continues to evolve and become more sophisticated. Artificial Intelligence and machine learning are leveraged by many criminal organisations to help them better understand how to improve their attacks and they’re now targeting specific industry verticals, organisations and even individuals.

Increases in the frequency of ransomware, phishing and crypto-jacking attacks have been experienced by businesses of nearly every size, vertical and location.

KnowBe4

When it comes to attack vectors, data breaches are the primary concern, with credential compromise coming a close second. These two issues go hand-in-hand as the misuse of credentials remains the foremost attack tactic in data breaches. That’s according to Verizon’s 2018 Data Breach Investigations Report.

Phishing and ransomware ranked next, demonstrating that organisations are still not completely prepared to defend themselves against these relatively “old” attack vectors.

Other key findings

*92% of organisations rank end users as their primary security concern. At the same time, security awareness training along with phishing testing tops the list of security initiatives that organisations need to implement

*Organisations today have a large number of attack vectors to prevent, monitor for, detect, alert and remediate. In terms of attacks, 95% of those organisations surveyed are most concerned with data breaches

*Ensuring security is in place to meet General Data Protection Regulation (GDPR) requirements is still a challenge for 64% of organisations, despite the GDPR’s fine details having been public knowledge for quite some time

*Attackers’ use of compromised credentials is such a common tactic. 93% of organisations are aware of the problem, but still have lots of work to do to stop it

*When it comes to resources, 75% of organisations don’t have an adequate budget

“2018 was a prolific year for successful cyber attacks, with many of them caused by human error,” said Stu Sjouwerman, CEO of KnowBe4. “IT organisations are tasked with establishing and maintaining a layered security defence. The largest concern, as demonstrated again in this report, is employees making errors. Organisations must start their defence by establishing a security culture. In order to combat the escalation of social engineering, they absolutely have to ensure that users are trained and tested.”

To read the full report visit www.KnowBe4.com

Leave a comment

Filed under Risk Xtra

“Non-executive directors have a responsibility to understand cyber security risks” urges AXELOS

Non-executive directors have a responsibility to understand cyber security risks and resilience in order to best protect the interests of their business. That’s the view espoused by AXELOS Global Best Practice in a new discussion paper.

In the paper, AXELOS calls for more training on cyber security risks and resilience for non-executive directors on company Boards. ‘Mind the Information Gap: Non-Executive Directors and Professional Development’ identifies that non-executive directors on audit and risk committees are in a unique position to improve the resilience of their companies, but asserts that many may not currently have access to the training and skills necessary in order to do so.

Nick Wilding, head of cyber resilience Best Practice at AXELOS, stated: “Some organisations can be complacent about cyber risk, believing that ‘We’re not a target. We’re too small and don’t have anything of value to a hacker.’ The reality is that everyone in a business needs to be aware of cyber security risks and resilience strategies, but particularly those in senior roles.”

Wilding added: “Companies need to ensure that their Board members are able to learn about these issues. This is the best way to ensure that a company is as prepared as possible for any incident or attack.”

Nick Wilding: head of cyber resilience Best Practice at AXELOS

Nick Wilding: head of cyber resilience Best Practice at AXELOS

Professional development strategy for senior executives

The discussion paper recommends that companies introduce a professional development strategy for senior executives designed to address this lack of understanding of cyber security issues at Board level. This will help Board members build cyber security risks into a broader understanding of their organisation’s ‘risk appetite’. It will also ensure that they have the capacity to understand and question audit, risk and compliance reports that are provided by the organisation.

In addition, AXELOS also argues that, as a consequence of this better understanding, strong relationships between specific Board members and key figures from the business – such as the CIO, CISO and risk director – will be formed, in turn ensuring that cyber security issues have a ‘champion’ at Board level.

In conclusion, Wilding explained: “Ahead of the launch of the new AXELOS Cyber Resilience Best Practice portfolio later this year, our new discussion paper demonstrates how important it is that everyone – including those at Board level – in an organisation is equipped to deal with a cyber security incident. Companies must improve their resilience. This can only happen if Board members are engaged and informed.”

*The new discussion paper can be found on the AXELOS website: www.axelos.com/case-studies-and-white-papers/mind-the-information-gap

**AXELOS was formed in 2013 to promote and grow the Global Best Practice portfolio, including ITIL, PRINCE2 and the other PPM products used across organisations in the private, public and voluntary sectors within more than 150 countries worldwide.
 
AXELOS has an ambitious programme of investment for developing innovative new solutions and stimulating the growth of a vibrant, open and international ecosystem of training, consultancy and examination organisations.
 
Forthcoming developments include the aforementioned launch of a Cyber Resilience Best Practice portfolio, PRINCE2 Agile, the ITIL Practitioner qualification and its first-ever Continuing Professional Development (CPD) programme for practitioners.

Leave a comment

Filed under Risk UK News

Home security awareness campaign proves positive for MLA and NHWN

The Master Locksmiths Association (MLA) and the Neighbourhood and Home Watch Network (NHWN) have forged a positive home security awareness partnership after a recent window sticker campaign reached over 500,000 homes in the UK.

Sponsored by the MLA, the co-branded sticker campaign was put into action to support the membership of the Neighbourhood and Home Watch movement and to drive consumers towards highly skilled, vetted and inspected MLA locksmiths.

The co-branded stickers were successful in raising the profile of the MLA and the services which its members provide. The reverse of the stickers featured MLA branding and information on how to find your local MLA approved locksmith.

The MLA-NHWN Partnership has proven to be a great success

The MLA-NHWN Partnership has proven to be a great success

In addition to this NHWN groups have been encouraged to get boxes of the MLA’s Handbook, published together with the Sold Secure Approved Products Catalogue and containing lots of useful security information as well as lists of MLA Approved Locksmiths, which they can distribute to their members.

The latest edition is now available and NHWN groups are encouraged to contact the MLA’s head office to submit their order.

Benefits of the partnership approach

Kate Daisley, operations director at NHWN, said: “The MLA’s standing as a leading trade body for the locksmithing industry ties in perfectly with what the NHWN represents. A survey following this campaign has also revealed that 89% of people said they would be more inclined to use the MLA’s service knowing that they were working in partnership with the NHWN.”

The stickers used in the campaign

The stickers used in the campaign

Dr Steffan George, development director at the MLA, added: “As the leading approval body for the UK locksmithing industry, the MLA is proud to feature alongside such a historic and prestigious organisation as the NHWN. This campaign has been a great opportunity for MLA members, as it has reached communities and members of the public who may not have previously known about the MLA or if there was an MLA approved locksmith in their area.”

He went on to state: “However, most importantly this partnership has been of great benefit to the British public as it has helped not only provide essential security information to NHWN members, but also drive business towards good, honest trades people who are dedicated towards providing the best possible service.”

For further information on home security or to find an approved MLA company in your area visit: http://www.locksmiths.co.uk

Leave a comment

Filed under IFSECGlobal.com News

Corps Security introduces CorpsConsult expert consultancy service

Corps Security has announced the introduction of a new business division that provides a diverse range of consulting, investigative and training services specifically designed to help customers improve risk and threat management.

CorpsConsult uses the extensive in-house expertise that Corps Security possesses. CorpsConsult is headed up by Mike Bluestone, Corps Security’s director of security consulting.

“Our experts all have recognised academic and professional security qualifications and come from a diverse range of corporate backgrounds,” asserted Bluestone. “In addition, several leading members of the team have served with distinction in the police and the military. This wide-ranging experience combines to ensure that CorpsConsult has unrivalled levels of knowledge and expertise that can be used to advise companies on the security of their people, property and assets through both human and technological means.”

Mike Bluestone, who heads up CorpsConsult, discussing strategies with a client

Mike Bluestone, who heads up CorpsConsult, discussing strategies with a client

A key element in having the right security solutions in place is an awareness of risks and threats. CorpsConsult’s consulting services provide both strategic and logistical answers to an organisation’s security requirements. These services include strategic security reviews, the development of corporate security policy and strategy documents, risk and threat assessments, security surveys and audits.

CorpsConsult prides itself on providing clear reports with easy-to-follow guidance and recommendations.

Selection of training courses

CorpsConsult’s investigative services are used by organisations looking to carry out due diligence in areas such as mergers and acquisitions and the examination of corporate fraud and financial impropriety.

Areas of potential risk can be identified through discreet checks on the backgrounds and reputations of companies and individuals. Other services include scene of crime work, personnel screening and vetting and corporate surveillance.

To complement its other activities, CorpsConsult also offers a selection of training courses delivered by its specialist experts. These courses can be designed to meet a client’s specific needs. Here, the subjects include security management, security auditing, fraud prevention, strategic security and security awareness training.

Speaking about the introduction of CorpsConsult, Corps Security’s CEO Peter Webster explained: “The importance of a clearly defined and implemented security strategy cannot be overstated. Organisations in all business sectors now realise that expert guidance is an invaluable part of this process.”

Webster continued: “Although we have offered consultancy services for many years, the formation of CorpsConsult galvanises our extensive knowledge into one complete offering. I believe it’s a valuable addition to our existing specialist security services, and we will continue to develop it to meet the ever-changing needs of our customers.’

For further information contact Corps Security on Tel) 0800 0286 303 or via e-mail: info@corpssecurity.co.uk

Leave a comment

Filed under IFSECGlobal.com News