In the age of constant connections and free-flow information, the bad actors have a massively target-rich environment. Software and infrastructure have had vulnerabilities for as long as they have existed. The trend appears to be on the increase, while the news is now sadly filled with successful attacks.
You can’t seem to go one day without hearing about a massive data breach or a system hack resulting in millions of customers’ private information being stolen in some form or fashion. For every giant hack, there are hundreds and thousands of smaller-scale attacks which don’t make the news. The recent rise in ransomware is virtually as virulent as the current global pandemic. So, how do we solve this? Short of shutting down anything with network or wireless connectivity, how do we protect ourselves?
It seems that there is no silver bullet technology to solve this problem. The greatest and most effective asset in fighting this plague is, in fact, people! A person equipped with knowledge and training is a multitude of factors more powerful than any one set of technical controls. The simple act of being situationally aware and mindful of one’s actions has no parallels and can never be stated enough.
This brings me to a topic which I receive hundreds of inquiries whenever we kick off a security awareness campaign. “Do I have to take all of these security courses? Weren’t these courses part of last year’s campaign? Why do they overlap in content?”
I’m delighted whenever folks reach out to me about the security training since various barriers to studying must be overcome before one can be ready and accepting of new information. Also, the overlapping content is essentially the same as grade school times tables – repetition is the mother of learning and retention.
Today’s threat landscape demands much of every one of us, and we have to be extra diligent in our actions and treat virtually every email, website, web pop-up, text, message, and generic request for information with much suspicion. The bad actors and malicious folks aren’t taking it easy on anyone these days; therefore, cybersecurity and awareness training is of crucial importance and a significant pillar in our defense.
This is true in our personal lives just as much as it is in the professional arena, and with work from home, there is no longer a clear line between personal & professional any longer. That is why we must all complete security awareness training. We, in the cybersecurity realm, simply cannot emphasize enough the importance that every person plays in our line of defense. We truly are only as good as the weakest link. Since we’re all in this together, it is of great importance to arm everyone with knowledge and to provide training in order not to fall victim to the constant barrage of attacks.
About the Author
Arta Lavaie, Vice President of Information Security
Having joined NTC in 1996, Arta managed NTC’s Information Technology for roughly 18 years, a key principle in several legacy system upgrades and migrations and data center transformation. Arta is currently the Vice President of Information Security, managing the security operations center while providing an advisory and guidance role to several divisions.