Different Approach to Secure the Weakest Link. A Much Needed Change (Ayman El Hajjar at University of Westminster)
Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th. "The people element is probably one of the most important factors in ensuring the security of any information system security. Many cyber security incidents can be mitigated if employees in companies are aware of the threats cyber incidents could bring to the company and what needs to be done to prevent them. This is true in most cases however we are also forgetting something important and essential. Ask most cyber security professionals what is the weakest link in the cyber security chain and they would tell you it is the people, the problem. I agree to some extent however in this talk, I am going to discuss why we think that the approach we are taking to make this weak link stronger does not work for personal users. I will be discussing not only the human element threat in companies and organizations but also for all end users when we use our personal devices at home and its essence now that many companies are employing hybrid working environments and work from home or bring your own device. Spam, identity theft and other types of attacks are happening on a regular basis and billions of pounds are lost in this process. How do we ensure that everyone can use their personal devices safely. I will talk about how we can maintain inclusivity and openness of the Internet while keeping it secure for all of us. I will show what are the things that can be done better."
Recommended
More Related Content
Similar to Different Approach to Secure the Weakest Link. A Much Needed Change (Ayman El Hajjar at University of Westminster)
Similar to Different Approach to Secure the Weakest Link. A Much Needed Change (Ayman El Hajjar at University of Westminster) (20)
More from Executive Leaders Network
More from Executive Leaders Network (20)
Recently uploaded
Recently uploaded (20)
Different Approach to Secure the Weakest Link. A Much Needed Change (Ayman El Hajjar at University of Westminster)
- 1. People Problem Dr. Ayman El Hajjar October 2022
- 2. Different Approach to Secure the Weakest Link. A Much-Needed Change
- 3. Lack of awareness A DEFINITION Human Problem Human Error Management problem Skills Shortage
- 4. Why we need A different Approach Von Newmann Architecture (1946) Theory of Self reproducing Automata (1966) The Creeper System Virus (1971) The rabbit (1974) EXT DoS (1974) Elk Cloner Malware (1982) AIDS Trojan – First Ransomware (1989) Things have not change much since the early days of computing
- 5. Why we need A different Approach It is difficult to remove Human Error, people will make MISTAKES Telecommuting (1973) Websites and Intranet(1990s) The Internet at home (mid 1990s) VPN (1996) Wi-Fi 802.11 at Home (1997) 2G Mobile Internet (2001)
- 8. Why we need A different Approach We are too small. It won’t happen to us Penetration testing (1960s) Saltzer and Schroeder's design principles (1975) Computer Misuse Act (1990) The precautionary conditions (2010) Data Privacy act (2012) ISO27001 (2013) Data protection Act (2018)
- 9. Why we need A different Approach Working remotely should have not been a surprise Telecommuting (1973) Websites and Intranet(1990s) The Internet at home (mid 1990s) VPN (1996) Wi-Fi 802.11 at Home (1997) 2G Mobile Internet (2001)
- 10. - Murphy’s Laws- “Left to themselves, things always go from bad to worse”
- 11. TECHNICAL TEAMs DECISION MAKER TEAMs A different Approach
- 12. Technical Team Opportunities • Real-Time Phishing Detection • Reduce company digital footprint • Close Unneeded services • Remove default settings There is Plenty of Phish in the sea
- 13. Technical Team Simplify Security • Reduce Complexity for users • Single Sign On Vs Third Party Sign on • MFA (Multi factor Authentication) Vs Regular changing of complex passwords Vs PasswordLess • Email Encryption and Email sinning Certificates
- 14. Technical Team Reduce Threats • Regular Testing / Vulnerabilities assessments Secure • Share findings • Applications/Network by Design • Business Continuity Plan and Disaster Recovery plan
- 15. Decision makers Invest in: • The right skills • Training when needed • Infrastructure where needed • Compliance! • Employ Openness
- 16. DECISION MAKERS Get Involved in: • Business Continuity Plan and Disaster Recovery plan • Supporting Compliance • Supporting Openness
- 17. DECISION MAKERS Invest In: • The right skills • Training when needed • Infrastructure where needed
- 18. - Murphy’s Laws- “Anything that could go wrong, will go wrong”
- 19. Dr Ayman El Hajjar Email: a.elhajjar@westmisnter.ac.uk Twitter: @azelhajjar Linkedin: https://www.linkedin.com/in/aymanzhajjar/
Editor's Notes
- Poll Title: Do not modify the notes in this section to avoid tampering with the Poll Everywhere activity. More info at polleverywhere.com/support What is the "Human Problem"? https://www.polleverywhere.com/multiple_choice_polls/gB2QNJpun1pwepUpX4KOG?display_state=instructions&activity_state=opened&state=opened&flow=Engagement&onscreen=persist
- Poll Title: Do not modify the notes in this section to avoid tampering with the Poll Everywhere activity. More info at polleverywhere.com/support What is the "Human Problem"? https://www.polleverywhere.com/multiple_choice_polls/gB2QNJpun1pwepUpX4KOG?display_state=chart&activity_state=opened&state=opened&flow=Engagement&onscreen=persist