First of all, here is a plus… your conference data was not stolen if you weren’t there! RSA leaked all the attendees’ personal details via unsecured public facing APIs using hard coded credentials in a mobile app. Epic Fail! More at Twitter:
Awards At RSA
SC Magazine published their 2018 Finalists and had the awards ceremony for around 30 categories. The selected products and services are actually quite useful as a start for your shortlist if you need to get a new product in place or replace an old one.
Note that in this award, the winners are not “voted for” by users of the products but awarded by a jury instead. This is not very common for awards like this but it prevents ballot box stuffing. Normally IT pros that use the product get to vote and the highest score wins, showing how many licenses are out there being used in real life.
In our space: “Best IT Security-related Training Program” the usual suspects and two others made it to the finalists: KnowBe4, Wombat and Cofense (formerly known as PhishMe). This year Wombat got the nod: congrats! Here is the full list, check it out:
Creating Human Firewalls
I was interviewed about battling social engineering attacks by BankInfo Security and the need to create ‘Human Firewalls’. Video – 5:45m:
New-school Security Awareness Training Fully Legitimized
In the 2010-2011 timeframe, three pioneers started out this new category, and did a massive amount of evangelizing, building market awareness, and proved it was essential to create another security layer on top of all the existing (software) ones: your Human Firewall.
Fast forward 7-8 years and we have a mature segment with its own Gartner Magic Quadrant, the market consolidating with several of the existing players being acquired, and several smaller entrants that want to get a slice of the ever growing pie. Even Microsoft conceded this is essential and added a (very) limited “checkbox” phishing feature in Office 365.
Despite all this, at least 90% of the organizations out there are not yet sending frequent social engineering tests to their employees, waiting for the bad guys to do their “security audits” instead and potentially get into their network.
It’s time to start phishing your own users to keep the bad guys out, and actually, it’s quite fun as well—until you get caught yourself—which I was last week by my own team while I was at RSA! [redface] 😀
And to show some independent research on new ways to keep your network safe, CBInsights held a webinar about 2018 Cyber Defenders and highlighted KnowBe4 and Ironscales as the disruptors to watch in 2018 for Human-factor Security.
Here are links to the slide deck and the recording:
Based Blockchain Network