Unsplash
When you need to get your team on board with new security rules, one of the best techniques is to make them fun—or at least entertaining.
That was the message from Amazon Security Director Jenny Brinkley and National Cybersecurity Alliance Executive Director Lisa Plaggemier during a presentation at the RSA Conference in San Francisco this April. Training has to catch people’s attention, but, “I believe we’re living through an epidemic of boringness,” Plaggemier said.
Caring is softwaring. On April 25, Brinkley and Plaggemier told the packed crowd at the Moscone Center about techniques and tricks to spur buy-in for cybersecurity preparedness at the staffer level.
Of primary importance? An emotional appeal. Without that, staffers will go through the motions, at best, rather than taking in the information and seeing it as a call-to-action.
You can’t force people to care, Plaggemier said, but you can use tactics to get staff to respond positively to training. “Deliver it through humor,” Brinkley advised.
“If you’re not responsible for trainings within your own business, have conversations with the teams that are—getting people bought into the vision [about] the way things can evolve and change,” she added.
Open channels. Cybersecurity training is of particular importance because of how much damage can be done if people don’t take basic steps to protect their company’s information. That’s hard to do when the audience is checked out.
Read more here.—EH
Do you work in IT or have information about your IT department you want to share? Email [email protected].
|
|
TOGETHER WITH ROCKET SOFTWARE
|
Modernizing your mission-critical systems comes with constant pressure to cut costs and improve the customer experience, all while maintaining data integrity and security. You need to consider everything from hybrid cloud and automation to DevOps and performance.
But no matter where you are in your IT modernization journey, Rocket Software has the expertise and solutions to move your business forward—without growing pains. And their 97% customer satisfaction rating means you can do it all with confidence.
They take the systems that are currently working for you and optimize them for added data mobility, process efficiency, and business security. Pain-free growth? That’s the power of modernization without disruption.
Learn more.
|
|
Jaczhou/Getty Images
One way to get some passive income: Lend out bandwidth. Another, way-less-ethical way: Sell someone else’s without their knowledge.
Residential users can lease their bandwidth and IP addresses—essentially turning their home ISP into a server an outside user, usually a business in need of multiple IP addresses, can use. But it’s not without risk. Back in 2021, Cisco detailed how malicious actors tricked targets to unknowingly install a proxyware platform.
A report last month from the cloud-services security company Sysdig suggested proxyware is moving away from residential environments and into bigger ones with more connectivity to offer. Findings from the April research noted a proxyjacking attacker targeting the Kubernetes platform—an infrastructure that supports cloud-based microservices.
“They’re looking for vulnerabilities that can affect cloud networks. So, it’s a much larger scale,” said Crystal Morin, threat research engineer at Sysdig.
The attack, jack. The attacker obtained initial access into a container by exploiting a Log4j vulnerability present in an enterprise search tool called Apache Solr. A shift to containers and the cloud, as well as to organizations that may be using enterprise-scale tools like Log4j and Solr, ups the scale of the attack.
They’re not necessarily going after home users here, said Johannes Ullrich, dean of research for the SANS Institute. “These servers are of interest here because they’re usually housed in data centers with good network connectivity and have ample bandwidth here to use,” Ullrich told IT Brew.
Keep reading here.—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected].
|
|
Onoky/Fabrice Lerouge via Getty
Ever feel like you and your boss just aren’t on the same page on a project? Don’t worry; your boss’s boss probably feels the same way about them—at least when it comes to gauging cybersecurity threats.
A new survey by IT risk management firm RiskOptics illustrates how IT personnel at varying levels of seniority aren’t necessarily seeing eye-to-eye when it comes to defining terms like risk—and may have very different views about the biggest problems facing their departments.
RiskOptics commissioned the poll of 261 respondents working in information security or governance, risk, and compliance (GRC) in partnership with Researchscape. It found that 59% of directors and 51% of managers named the sheer quantity of cyberattacks as their biggest day-to-day challenge—while 52% of those at the SVP level say that their biggest headache is that the C-suite doesn’t understand cyber and IT risks. Senior executives at the C-suite level in turn named their biggest challenges as insufficient funding (42%) and leadership turnover (40%).
Those SVP- and C-suite-level executives also appear to be more confident in their abilities than those further down the corporate ladder. Sixty-three percent of SVPs and 56% of C-suite respondents said they felt extremely confident in leadership’s approach to cyber/IT risk in strategic planning, while just 37% of managers and 44% of directors did. Despite all respondents to the survey working in the same fields, just 45% picked the same definition of risk, while only 47% agreed on the definition of threats.
Keep reading here.—TM
Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.
|
|
Plan for change. As the world finds its new normal, IT departments are doing the same. Let Microsoft’s Windows 365 E-Book: The Only Constant is Change guide help your workplace empower and enable your teams with cloud-based tech designed specifically for flexible work. Get your copy.
|
|
Francis Scialabba
Today’s top IT reads.
Stat: $2.35 billion. That’s the record-high amount that investors poured into quantum-computing startups in 2022. (McKinsey Digital)
Quote: “Snoop gets it.”—AI pioneer Geoffrey Hinton, on the rapper’s recent shock at the tech’s rapid advancement in intelligence (Wired)
Read: How the IT team at Johnson Memorial hospital responded to a ransomware attack. (NPR)
How they did it: Secure data is the backbone of a successful business. Attend Rubrik Forward Virtual to learn cybersecurity tips from leading brands—and catch closing remarks from Ryan Reynolds. See you May 17.*
*This is sponsored advertising content.
|
|
-
Bingo! Microsoft rolls out number-matching to fight MFA fatigue.
-
Scammers are using bogus QR codes on fake parking tickets.
-
After a report found that the Hungarian and Polish governments employed Pegasus spyware to target opponents and journalists, the EU looks to regulate.
-
Here’s how to get passkeys going with your Google account.
|
|
Check out the IT Brew stories you may have missed.
|
|
|