Want to know why Security Culture eats security strategy for breakfast?

Wouldn’t it be great to know the attitudes to security in your business, the conversations people are having and the things they are doing, or not doing? So, if you could be a fly on the wall what would you see? You buzz into the boardroom… The board are nearing the end of their meeting. Security is on the agenda, but it’s one of the several items left to deal with and they just won’t have time to get through everything. The chair suggests there’s nothing much to say about security – there haven’t been any incidents – and other … Read More

Keeping sharing simple...

3 Reasons Why the Board Will Want to Invest in Security Culture

I don’t know if it’s one of those British things, but talking about ‘culture’ is something we do in a strangulated whisper, as though someone’s got their hands on our back squeezing the syllables out of us. Using ‘Security Culture’ as the backbone to a business plan has – equally – been off the table. In its place, we’ve used euphemisms like ‘awareness’, ‘engagement’, ‘training’, ‘compliance’. Don’t get me wrong, all these terms are important to security culture, but they won’t be effective without security culture. Why Invest in Security Culture? Because security culture is the way we demonstrate what … Read More

Keeping sharing simple...

Questions From (ISC)² Members About Security Culture Change by Sarah Janes

Last week I delivered my first webinar briefing on security culture change for (ISC)².  The topic was Developing Security Behaviours: 8 Practical Principles for Effective Change.  I know that the (ISC)² bunch are a discerning audience so I was both excited, and a little nervous, as to how our approach to behavioural change would be viewed. You see, we have recognised that the approach ‘security professional knows best; tells employee how to behave’, is an approach that does not work to change behaviour.  Security is an attitude and not a set of rules.  We are asking security professionals to shift … Read More

Keeping sharing simple...

BYOD – Making the Workplace Revolution Work for You

BYOD or Bring Your Own Device, is a practice that challenges IT and Security Departments of enterprises globally.  Ever since 2009 when BYOD was what the cool kids in Silicon Valley did, this stealthy revolution has been stalking businesses large and small. Whilst large companies see the potential and all the security pitfalls, for small companies BYOD can be the only way they can operate. When Layer 8, was at the conceptual stage, and before we had any real clients, we had no choice BUT to use our own devices for business purposes. What I am I talking about?  Bring … Read More

Keeping sharing simple...

NHS Cyber Attacks – Simple Tips to Protect Your Business

I’m quite sure every security blogger on the globe is frantically sitting at their computer hammering out a blog related to the NHS cyber-attacks. Well Layer 8 are no different, but instead of scrutinising what happened, enough of the scare stories and techno babble, we want to focus on what can be learnt from this, and what we might be able to do to protect our businesses. Positive Outcome no.1 – Cyber will become a real business issue For too long IT and Security managers have struggled to get airtime when it comes to protecting their business. Board members, with … Read More

Keeping sharing simple...

Measure return on investment in security culture/behaviour change? Impossible?

If you regularly read our blogs, you will know that we discuss a different approach to this subject. One of collaboration, dialogue and integration. Out of collaboration emerges a position only the savviest of Security Professionals have achieved. That position is one of true integration, a position where security is correctly considered as part of the strategic direction of your business. The Security Team have become strategists rather than fixers. So what’s collaboration got to do with measurement? What a collaborative approach to security strategy produces is relationships. Relationships at every level and every department across your business. People to … Read More

Keeping sharing simple...

Security Awareness Lacks a Rogues’ Gallery – So Let’s Play Hackers

When we were kids there were numerous ways to play a ‘goodie’ or a ‘baddie’ but we quickly learnt that heroes and villains were co-dependent. There was no earthly point in wandering around being evil if a group of co-operative saps weren’t available to receive the fruits of your dastardly plots. Likewise, being good (always the less favoured and less interesting role) gets a whole lot more boring if the villains don’t show up. The Relative Merits of ‘Good’ and ‘Bad’ We played these games to learn the rules; of course, villains had all the fun because they broke every … Read More

Keeping sharing simple...

‘Joining the Dots’ for Effective People-Centred Cybersecurity

At Layer 8 we find ourselves talking to people about cybersecurity every day, and it’s rare that we meet someone who isn’t passionate and committed to doing a better job of securing personal and business assets from data breach, phishing and ransomware. The meetings we have tend to fall into two categories; we provide workshops for end-users on a range of cyber-security topics, and we spend a good deal of time talking to security professionals about developing effective security culture, founded on proactive security behaviours. We All Want Better Cybersecurity… The surprising thing is that the conversations in both instances, … Read More

Keeping sharing simple...

Five Reasons to Welcome GDPR

2017 has heralded an intensification of speculation and opinion regarding GDPR, and Google searches in this area have been steadily rising over the past few months. This is hardly surprising given that the stakes are high for businesses facing huge fines, come May 2018, if they either fail to report a data breach of personally identifiable data within 72 hours, or are unable to demonstrate that their systems and operations of data governance a sufficient to the risk that data poses. What is more surprising, perhaps, is the emphasis upon the difficulties posed to businesses that now have to put … Read More

Keeping sharing simple...

The Day the Toaster Turned – an IoT Apocalypse

In security circles they’re already talking about an ‘IoT Zombie Apocalypse’ and that’s got me thinking about whether a zombie army made up of fridges, cameras, toasters, and thermostats could be as bad as the clambering and crawling, flesh-desiring, cadaverous zombies we’ve grown used to since George Romero redefined the genre back in the 1970s. So, let’s compare: So, there we have it; the IoT zombies may look prettier but the dark forces they unleash could end civilisation just as effectively – and probably more efficiently – that their distant rotting cousins. Think this sounds a bit far-fetched? Well in … Read More

Keeping sharing simple...