Greetings from Las Vegas! Today is day two of the SANS Security Awareness Summit 2023, and I have had the great fortune of learning from incredibly passionate practitioners in this field. In his opening remarks, Lance Spitzner talked about the evolution of the profession, often referred to as Security Awareness. His sentiment was echoed by Melissa Closser, BISO Outreach Lead, Parsons Corporation who emphasized the power of communication and storytelling.
It's no surprise that some roles now include words like culture, influencer, communicator in their title. Regardless of the title, the end goal is to have someone in the organization who understands human behavior. In the words of Dr. Jessica Barker, who presented with Perry Carpenter, these are not soft skills. The ability to translate technical speak into language that everyone in the organization can understand, to influence real change in human behavior, those skills that have traditionally been identified as soft (because they aren’t deeply technical) are essential for managing human risk.
WiCys Executive Director, Lynn Dohm, said in her keynote, “inclusion is a feeling and it’s only felt when you are excluded. Similar to how, cybersecurity is always present, but it’s silent until it’s broken, and then you hear about it.” Managing human risk demands creating an inclusive organizational culture where people feel safe and empowered to thrive.
To learn more about the Human Element, visit our Library. Here you’ll find a variety of content, from blogs to podcasts, webcasts, and presentations that will help you address the challenges of managing human risk in your organization.
Now let’s take a look at what else made cybersecurity headlines this week.
Aug. 25: A vast majority (90%) of consumers surveyed by ThreatX expressed, “concerns about the future of cybersecurity if more isn’t done at an earlier stage to expose students to the field, and 62% agree that if they or their child had more established education around cybersecurity in school, including courses, clubs, and access to STEM programs, they would have considered entering the cybersecurity field.”
Aug. 24: CSO Online reported, “A UK court has found an 18-year-old from Oxford was a part of international cybercrime gang LAPSUS$, responsible for a hacking spree against major tech firms.”
Aug. 23: Delegates of the UN convened in New York this week to negotiate a cybercrime treaty, an effort that the Electronic Frontier Foundation warned, “could potentially shape the most controversial treaty powers and definitions, underscoring the urgency for multi-stakeholder observation.”
Aug. 23: In an attempt to thwart cybercrime in Myanmar, China has joined forces with Thailand and Laos.
Aug. 22: The Hacker News reported, “A previously undocumented threat cluster has been linked to a software supply chain attack targeting organizations primarily located in Hong Kong and other regions in Asia.”
Aug. 22: Health IT Security reported that protecting hospitals, their patients, and data is becoming increasingly challenging in rural areas.
Aug. 22: “The Jordanian government has passed a new cybercrime law despite global criticism over its content and the relatively rapid speed at which it was approved,” Dark Reading reported.
Aug. 21: After experiencing an 80% loss in value of its shares over the past two years, SentinelOne is reportedly considering options, including a sale.