Presented at Executive Leaders Network CMO/DPO/CIO/CISO Event on October 06th.
"The people element is probably one of the most important factors in ensuring the security of any information system security. Many cyber security incidents can be mitigated if employees in companies are aware of the threats cyber incidents could bring to the company and what needs to be done to prevent them. This is true in most cases however we are also forgetting something important and essential. Ask most cyber security professionals what is the weakest link in the cyber security chain and they would tell you it is the people, the problem. I agree to some extent however in this talk, I am going to discuss why we think that the approach we are taking to make this weak link stronger does not work for personal users. I will be discussing not only the human element threat in companies and organizations but also for all end users when we use our personal devices at home and its essence now that many companies are employing hybrid working environments and work from home or bring your own device. Spam, identity theft and other types of attacks are happening on a regular basis and billions of pounds are lost in this process. How do we ensure that everyone can use their personal devices safely. I will talk about how we can maintain inclusivity and openness of the Internet while keeping it secure for all of us. I will show what are the things that can be done better."
4. Why we need
A different Approach
Von Newmann
Architecture (1946)
Theory of Self reproducing
Automata (1966)
The Creeper
System Virus
(1971)
The rabbit (1974)
EXT DoS (1974)
Elk Cloner
Malware (1982)
AIDS Trojan – First
Ransomware (1989)
Things have not
change much
since the early
days of
computing
5. Why we need
A different Approach
It is difficult to
remove Human
Error, people
will make
MISTAKES
Telecommuting
(1973)
Websites and
Intranet(1990s)
The Internet at
home (mid 1990s)
VPN (1996)
Wi-Fi 802.11 at Home
(1997)
2G Mobile Internet
(2001)
6.
7.
8. Why we need
A different Approach
We are too
small. It
won’t
happen to
us
Penetration testing
(1960s)
Saltzer and Schroeder's design
principles (1975)
Computer Misuse
Act (1990)
The precautionary
conditions (2010)
Data Privacy act (2012)
ISO27001
(2013)
Data protection Act (2018)
9. Why we need
A different Approach
Working remotely
should have not
been a surprise
Telecommuting
(1973)
Websites and
Intranet(1990s)
The Internet at
home (mid 1990s)
VPN (1996)
Wi-Fi 802.11 at Home
(1997)
2G Mobile Internet
(2001)
12. Technical Team
Opportunities
• Real-Time Phishing
Detection
• Reduce company
digital footprint
• Close Unneeded
services
• Remove default
settings
There is Plenty of Phish in the sea
13. Technical Team
Simplify Security
• Reduce Complexity for users
• Single Sign On Vs Third Party
Sign on
• MFA (Multi factor
Authentication) Vs Regular
changing of complex
passwords Vs PasswordLess
• Email Encryption and Email
sinning Certificates
14. Technical Team
Reduce Threats
• Regular Testing /
Vulnerabilities
assessments Secure
• Share findings
• Applications/Network
by Design
• Business Continuity
Plan and Disaster
Recovery plan
15. Decision makers
Invest in:
• The right skills
• Training when needed
• Infrastructure where
needed
• Compliance!
• Employ Openness
16. DECISION MAKERS
Get Involved in:
• Business Continuity
Plan and Disaster
Recovery plan
• Supporting Compliance
• Supporting Openness
19. Dr Ayman El Hajjar
Email: a.elhajjar@westmisnter.ac.uk
Twitter: @azelhajjar
Linkedin: https://www.linkedin.com/in/aymanzhajjar/
Editor's Notes
Poll Title: Do not modify the notes in this section to avoid tampering with the Poll Everywhere activity.
More info at polleverywhere.com/support
What is the "Human Problem"?
https://www.polleverywhere.com/multiple_choice_polls/gB2QNJpun1pwepUpX4KOG?display_state=instructions&activity_state=opened&state=opened&flow=Engagement&onscreen=persist
Poll Title: Do not modify the notes in this section to avoid tampering with the Poll Everywhere activity.
More info at polleverywhere.com/support
What is the "Human Problem"?
https://www.polleverywhere.com/multiple_choice_polls/gB2QNJpun1pwepUpX4KOG?display_state=chart&activity_state=opened&state=opened&flow=Engagement&onscreen=persist