beauceron · awareness campaigns •create a security portal, a one-stop shop for organizational...
TRANSCRIPT
![Page 1: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/1.jpg)
BEAUCERONPatching Your People:
Building the Sheepdog Effect
![Page 2: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/2.jpg)
About David• Bachelor of Arts, Information
and Communications Studies
• Master of Business Administration
• Certified Information Security Manager
• Former journalist, soldier
• Lifelong nerd
![Page 3: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/3.jpg)
Work @UNB• Had an LMS-based awareness
campaign (voluntary, low uptake)
• Used SaaS phishing tool that required manual effort
• Responded to dozens of incidents per week
• Responsible for reviewing SIEM data, threat intel
• Part of long-term strategic risk reduction project
![Page 4: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/4.jpg)
Nation-statesHacktivists
Organized Crime Thrill seekers
95%
![Page 5: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/5.jpg)
STARTUP X 5
Core problem: Time
• Did not have enough hours in the day to run an effective behaviour change program and perform other duties
• At the same time, attacks against UNB were surging with people, process and culture as common elements in nearly all incidents
• Needed a way to automate and scale
15
![Page 6: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/6.jpg)
Information Security vs Cybersecurity
Information Security
Cybersecurity
![Page 7: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/7.jpg)
Cyber
![Page 8: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/8.jpg)
Cyber history
• “Cyberspace” - William Gibson, ‘82 – Burning Chrome
• Cybernetics – Norbert Weiner, 1948
• Kybernḗtēs – Greek for steersman or helmsman
15
![Page 9: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/9.jpg)
Survey
Teach
Test
Reinforce
Continuous Improvement Model
Model behaviour
![Page 10: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/10.jpg)
Human-Centric Approach
Surveys
End-UserLeadership
CIO/CSO
Training
World of Cyber CrimeHacking Humans
MalwareProtecting Yourself
Simulated Phishing
After completing modules, individuals receive 3 randomized phishes
Incidents Reported
Calculating individual and departmental risk scores
External Security Intelligence
Integrating with your existing technology to catch
‘near misses’
![Page 11: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/11.jpg)
Rewards
![Page 12: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/12.jpg)
STARTUP X 12
Technology
• Software-as-a-Service
• Cost-effective
• Easily scalable and sustainable
• Safe and Secure
15 320 190 291
![Page 13: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/13.jpg)
Changing
Culture
![Page 14: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/14.jpg)
STARTUP X 14
Engaging management
• Finding and measuring perceptual gaps between management, IT and organizational members
• Making cybersecurity an issue for entire organization, not just IT department
• Providing new metrics, tools to empower managers, directors, VPs and C-Suite
15
![Page 15: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/15.jpg)
STARTUP X 15
Tackling organizational cyber risk
![Page 16: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/16.jpg)
STARTUP X 16
Benefits of our approach
Insightful Dashboard and Reports
Quick and Simple to Deploy
Awareness to Accountability and on to Agency
![Page 17: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/17.jpg)
Value• >80% say they’ve learned
from the experience
• 100% confirm after completing the training they understand their role and responsibility to protect their organization
• Up to 90% reduction in phishing response rate
• 60% of security professional time freed for other projects
![Page 18: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/18.jpg)
Beauceron Fall Insights• 30% of users admit to
storing confidential organizational information in personal cloud sites
• 38% of employees admit to using the same password for multiple accounts
• 13% of employees admit to sharing their work password with someone else because it was required for work
15
![Page 19: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/19.jpg)
Key success criteria for effectiveawareness campaigns • Management buy-in and
commitment
• Continuous learning approach
• Use more than digital –talks, posters, newsletters can help
• Use mix of rewards and punishment
![Page 20: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/20.jpg)
Key success criteria for effectiveawareness campaigns
• Well-executed events can energize
the program and draw additional
attention
• Effective use of compute—based
training, including just-in-time learning
opportunities
• Effective use of teachable moments
via simulated phishing, texting, voice
or USB-drop
![Page 21: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/21.jpg)
Key success criteria for effectiveawareness campaigns
• Create a security portal, a
one-stop shop for
organizational and
personal cybersecurity
information
• Breakdown complex topics
into short, clear, actionable
steps, i.e. how to report a
phish.
![Page 22: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/22.jpg)
Why campaigns fail:• Information provided one-time or in a
way that people can not grasp
(security jargon)
• Overly focused on compliance.
Compliance isn’t security and security
covers more than compliance.
• No or limited opportunities for
continuous reinforcement / teachable
moments
![Page 23: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/23.jpg)
Why campaigns fail:• Lack of engaging or
relevant materials
• Not collecting metrics
• Unreasonable expectations
• Lack of breadth of education materials. It’s about more than phishing and passwords
![Page 24: BEAUCERON · awareness campaigns •Create a security portal, a one-stop shop for organizational and personal cybersecurity information •Breakdown complex topics into short, clear,](https://reader033.vdocuments.us/reader033/viewer/2022050421/5f90d8d2a27949170403e65d/html5/thumbnails/24.jpg)