Dr. Erdal Ozkaya
Search
  • Home
  • About Me
  • Home
  • About Me
  • Home
  • About Dr Erdal Ozkaya, Erdal in the news
  • Effective cybersecurity requires participation from all : Protect yourself 0 :

Effective cybersecurity requires participation from all : Protect yourself 0 :

Effective cybersecurity
Erdal2022-12-13T17:36:01-04:00

Effective cybersecurity requires participation from all :

As it was Published in the Certification Magazine Fall 2015 Issue

Certification Magazine Erdal Ozkaya
Certification Magazine Erdal Ozkaya
 

Ask a random person on the street what cybersecurity means to him or her, and you might get a response that refers to the most recent big data breach. It’s hard to ignore being constantly told by major news outlets that the “private” in “private information” is a bad joke, and that not a single person who has ever entered so much as their favorite color into an online form is safe from black market traders, unscrupulous governments, internet hacktivists, and whatever other threats you can possibly imagine.

Push the question a little further, and your random person on the street might tell you all the things they do to stay safe online — and all the things they don’t do. At the very least, you would probably conclude that awareness of cybersecurity issues has dramatically increased in the public sphere. Awareness is, to be sure, a crucial step in bolstering security, whether in a corporate context or a more personal one. But awareness is not enough.

As members of a digital, networked society, we shouldn’t simply be aware of our problems. Rather, we should be fixing them. We often fail to do that, though, choosing instead to just accept bad outcomes rather than address their root causes.

This is completely understandable when you think about the fact that security problems often seem insurmountable. What can we as individuals do, even if it’s just to protect our own personal information? There are too many points of failure, too many factors that are out of one person’s hands.

So rather than struggle independently with rudimentary tools and limited help from others, the most logical choice is to shift our focus and embrace a new standard: a culture of cybersecurity. To put it another way, we need a collective effort to share valuable security knowledge, strategies, best practices, and more with our fellow digital citizens. If we want effective cybersecurity, then all of us have to play a part.

What’s In It for Me?

There’s some truth in saying that laziness is a key element of human nature, but that excuse is too simplistic and too dismissive. It’s not that we can’t be bothered to exercise due diligence, it’s that we haven’t been properly motivated. “What’s in it for me?” is a fundamental unspoken question of cybersecurity — one that demands our attention.

When we cast blame on average users for failing to regularly change their many passwords across many different sites and systems, we seem averse to understanding why they’ve failed to do so. Only when it is too late, when users’ own identities are stolen, do they acknowledge the importance of such a security practice.

What impetus did they have to incorporate this practice sooner, though? Too often, they’ve simply been told what to do without truly understanding why they need to do it. Maybe they read a brief “Top 10 User Security Guidelines” article on the web, or maybe a colleague hurriedly mentioned a few personal security tips on a lunch break. Maybe their employer sent out a security-minded email that the user didn’t really take seriously. While these actions provide a decent start, they aren’t sufficient. Superficial commentary alone won’t foster an adequate or comprehensive cybersecurity culture.

The key to fostering this culture, then, is substance. One of the most substantive ways to inspire others to be proactive is to get them to relate to the situation. People often fall into the trap of thinking about their computer use too abstractly, as if what they do online is far removed from actual real-world consequences. To get them to understand the gravity of their digital actions, we need to get them to shed this outdated mode of thinking.

When the average computer user leaves his house to go to work, he locks the front door. What about when he leaves his desk to go to lunch? Does he leave his workstation unlocked for any passerby to use? Just like physical doors, we open cyber doors all the time — and when such doors open to something personal or sensitive in nature, we must lock them behind us to keep that information secure.

Not everything in the cyber world has an analogue in the real world, and that can present a unique challenge in fostering a security-conscious climate. To go back to the passwords example, the average homeowner probably doesn’t visit a locksmith every month to have the key to her front door changed.

If you can communicate to users, however, that time is a critical component of any hacker’s attempt at brute force password cracking, then the importance of regularly changing passwords becomes more obvious. In this case, the answer to “What’s in it for me?” is easy: You stay one step ahead of attackers who are always refining their methods, and your critical information stays safe.

A Culture of Continuous Monitoring

An effective cybersecurity culture has many dimensions, but one of the most important is continuous monitoring. For all of us as users, being able to monitor our online presence for misuse is crucial. Unfortunately, it’s easy to feel that one’s online presence is stretched thin, and that much of it is beyond one’s control. That’s why it’s helpful to keep an inventory of your website accounts, passwords, and e-mail addresses.

Password managers like KeePass and LastPass make this much easier, while also using encryption to keep the inventory confidential. You can also use e-mail as a hub for all of your other account activity. Many websites and services have options to send e-mail alerts when key account configurations change. The quicker you’re informed about these changes, the quicker you can confirm — or deny — their validity and take appropriate action.

This can mean the difference between finding out immediately that a hacker has changed your online bank account password, and finding out when you next sign in — after a massive withdrawal has been finalized.

It’s not just end users who need to contribute to a strong cybersecurity culture — businesses have a lot of catching up to do as well. Just like with users, continuous monitoring is essential. Minding your data, whether in transit or at rest, is a proactive approach to security that is often sorely lacking in the enterprise world.

Many of the breaches that we’ve all heard about weren’t noticed until months, or even years, after the breach actually happened. Attackers exfiltrated data off servers so long ago that it’s hard to know exactly what was stolen. This is the last position you want your business to be in, and it’s vital to have solutions like Security Information and Event Management (SIEM) always keeping your cybersecurity personnel up-to-date on any suspicious activity right when it happens.

Speaking of personnel, you need to keep your security operations up-to-date using more than just technical controls like SIEMs. Your security workforce, especially your front-line men and women, are your most valuable assets. They shouldn’t be given a task and forgotten about; they need to stay current in this rapidly changing security climate.

After all, it’s the people in your organization who spread and maintain your culture, not the automated machines and software. There’s no better way of assuring the growth and development of a strong culture of security than through training and certification. Taking a master class and earning a certification, such as the CyberSec First Responder: Threat Detection and Response credential offered by Logical Operations, will prepare your team to face any threat.

Don’t wait another week, or month, to start changing the culture around you. Take action today, whether it’s pursuing a cert, upgrading security software and tools, or even just changing those long-dormant passwords. The more effort that each of us puts into creating a culture of cybersecurity, the brighter our shared digital future will be.

Erdal

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

GISEC Times – 2021

GISEC Times has featured GLOBAL CISO Forum Our Global CISO Forum launch made it to the headlines at the GISEC Times. GISEC... read more
Using Tech Erdal Ozkaya

Using tech for your business – Empower via Windows 8

Using tech for your business Published at Entrepreneur Magazine https://www.entrepreneur.com.ph/business-ideas/using-tech-for-your-business Upgrading the technology that runs your business could mean the difference between... read more
Erdal Ozkaya in the News

GISEC spotlights critical infrastructure, cybersecurity automation -Join for FREE 2021

GISEC 21 spotlights critical infrastructure cybersecurity automation By Mark Ferranti : https://www.cio.com/article/3620284/gisec-spotlights-critical-infrastructure-cybersecurity-automation.html A massive move to remote work and rising geopolitical tensions... read more

Get Uni Certificate for free – Hilarious 0pportunity

Get Uni Certificate for free Would you like to get a Certificate of Achievement from @Charles Sturt University, like below? Then... read more
The Banking Security Summit Dr Erdal Ozkaya

The Banking Security Summit – FINSEC 2018 Free for Banking Pro’s

The Banking Security Summit The second edition of Finsec–The Banking Security Summit will bring together leading decision makers and solution providers... read more
Cybersecurity University of Cape Town Erdal

Cybersecurity boffins to compare notes <3 Great

Cybersecurity boffins to compare notes UCT, in partnership with Dimension Data, will host the inaugural Cyber Security Symposium Africa from 16... read more
Channel Champions 2015

Channel Champions 2015 –

Channel Magazine Middle East has selected TOP 50 Channel Champions for 2015 and I am proud to get... read more
Beyond the Perimeter Dr Erdal Ozkaya

Standard Chartered’s Dr Erdal 0zkaya to share top insights at ‘Beyond the Perimeter’ Free webinar

Beyond the Perimeter ITP.net, together with Cloudflare, is hosting a webinar titled, ‘Beyond the Perimeter: Securing Fragmented Environments with Zero Trust’,... read more
Cybersecurity Bootcamp Erdal Ozkaya

Intelligent security is key to fight sophisticated threats

Intelligent security is key to fight sophisticated threats By : Adelle Geronim tahawultech.com/ Intelligent security is increasingly becoming vital as GCC CISOs... read more
Cybersecurity Expert in Antakya

Cybersecurity Expert in Antakya

Cybersecurity Expert in Antakya My Cybersecurity community meetup , was covered nearly in every newspaper and web site, as you can... read more

Categories

  • About Dr Erdal Ozkaya (298)
    • Awards (96)
    • Erdal in the news (118)
    • Feedback (90)
    • My Books (54)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (302)
  • Artificial Intelligence AI (10)
  • Certification (52)
  • Cloud Computing (72)
  • Cybersecurity (322)
  • Cybersecurity Leadership (52)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (156)
  • General (133)
  • How to …? (63)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (33)
    • Free E-Books (13)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Erdal on Siber Güvenlik Saldiri ve Savunma Stratejileri – NEW B00K

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.