reducing risk through next-gen - etouches · pdf filereducing risk through next-gen cyber...
TRANSCRIPT
![Page 1: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/1.jpg)
![Page 2: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/2.jpg)
Reducing Risk Through Next-Gen Cyber Awareness Training
Dan Lohrmann CSO
State of Michigan
![Page 3: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/3.jpg)
A Quick Quiz . . .
Question 1: What do these headlines have in common?
![Page 4: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/4.jpg)
A Quick Quiz . . .
Question 2: What percent of breaches are the result of user error?
25%
45%
59%
According to Comp TIA study, 96% of those surveyed would now recommend user training.
![Page 5: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/5.jpg)
How Have We Addressed It?
“PIC” – Problem in Chair
![Page 6: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/6.jpg)
The Right Approach
• Give employees the “carrot” and award a certificate . . .
• Or bring out the
“stick” and
deny access?
Answer: A combination of both!
![Page 7: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/7.jpg)
End-User Training is Broken • Employees don’t see the relevance.
• Training materials are outdated.
• Employees don’t understand their role.
• Training is boring –
“Death by PowerPoint”
• Security is someone else’s job.
• “Check the box” compliance exercise.
![Page 8: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/8.jpg)
Cyber Awareness Training 2.0
• Make the training sessions . . .
– Intriguing
– Relevant
– Fun
– Focused
– Clear and easy to understand
– Effective
![Page 9: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/9.jpg)
Use Stories to Make it Real
Stories can give context to your training information.
For example, a study of 114 major airports found that:
• Business travelers lost more than 16,000 laptops weekly.
• About half of all business travelers said their laptops
contained confidential information that they did not take
steps to protect or secure.
• About a third of all travelers took steps to protect their
information, but they didn’t know how it was protected.
![Page 10: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/10.jpg)
Fun Training?
Where is the #1 location for lost devices at the airport?
Security Checkpoint
Restroom
VIP Lounge
Food Court
None of the Above
![Page 11: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/11.jpg)
Michigan is piloting next-generation cyber training that will help employees understand how to protect their computer assets – both at work and at home.
Michigan’s Approach
![Page 12: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/12.jpg)
Security awareness training that is:
• Brief
• Frequent
• Focused
• Engaging
• Interactive
• Memorable
• Relevant
www.securitymentor.com
![Page 13: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/13.jpg)
![Page 14: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/14.jpg)
Nonexistent
There is no security awareness training.
Minimal training compliance focused
Minimal training designed to meet only specific compliance or audit requirements. There is no defined program or standardized plan, messages are infrequent and inconsistent. Employees are unaware of their role in protecting the organization’s information assets and how to prevent, recognize or report a security incident.
Security Awareness Maturity Model
Promoting awareness and change
A defined plan with identified roles and responsibilities, sufficient budget and executive support. Awareness program includes both primary and reinforcement training that focuses on topics with high impact. Content is provided in an engaging and positive manner that encourages behavior change both at work and at home.
Long-term sustainment
Processes are created and budget provided to sustain long-term training life cycle, including regular reviews and revisions or materials and messages. Program is continually updated to adapt to new technologies, threats and business requirements. Employees are encouraged to provide feedback and suggestions.
Metrics
Organization has in place to track the progress, impact and return on investment.
Source – SANS: Securing the Human
![Page 15: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/15.jpg)
• Your staff is your organization’s biggest asset and it’s biggest vulnerability.
• Providing employees with
effective training will enable
them to become your cyber
security partners.
Final Thoughts
![Page 16: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/16.jpg)
Questions?
Daniel J. Lohrmann, Michigan Chief Security Officer
(517) 241-4090
![Page 17: Reducing Risk Through Next-Gen - etouches · PDF fileReducing Risk Through Next-Gen Cyber Awareness Training Dan Lohrmann ... •Security is someone else’s ... Michigan is piloting](https://reader034.vdocuments.us/reader034/viewer/2022051508/5a8ee32e7f8b9af27f8d1cc2/html5/thumbnails/17.jpg)