Saturday, October 21, 2017

Cybersecurity Awareness Month - should this even be a thing if awareness isn't working?

If I'd written this last week, the post would have been very different.  I would have pondered whether cybersecurity awareness month should even be a thing. Granted I live in the infosec echo chamber, but I often wonder how many out there aren't already inundated with information about staying safe online.  Does one more phishing assessment or security reminder poster really matter? Sure, I regularly perform incident response and forensics, so I know attacks happen.  But the extent to which we can stop them with additional training is questionable.

One idiot, two keyboards

But that was last week...  This week a good friend of mine who is a high profile APT target hit me up for some cybersecurity advice. Now before I tell the rest of this story, it's important to me that you know that he's been educated in cybersecurity hygiene and receives regular briefings on security from his organization. His organization uses regular phishing tests. He's a smart guy.  I'm not mentioning names, but I bet if I did most of you would know who he is and would understand why he's a no joke nation state (dare I say APT?) target.

Read the rest of the story on the Rendition Infosec corporate blog.