Training & Awareness

IDS, IPS, NIPS, HIPS. Acronyms for hardware and software in the field of information security can be listed all day long without repeat; however, this does not address the greatest security risk to an organization.

In a 2021 study jointly conducted by Stanford University and firm Tessian (link), participants cited that 9 in 10 data breach incidents were caused by human error.

Breaking down the subset of this population further, it was found that over 50 Percent of staff between the ages of 18 to 30 make mistakes in the workplace, as compared to ages 50+ where approximately 10 Percent make make mistakes.

This troubling statistic is a top concern of organizations as millennials account for the largest generation in the workforce (link).

To account and attempt to reduce this threat impacting an organization, training is pivotal.

Some compliance authorities require such training, to include:

HIPAA (Privacy Rule 45 CFR §164.530) – required for entities with PHI.

A covered entity must train all members of its  workforce on the policies and procedures with respect to  protected health information required by this subpart and subpart D of this part, as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity.

PCI DSS (Requirement 12.6) – required for entities storing, processing OR transmitting credit card information.

Implement a formal security awareness program to make all personnel aware of the cardholder data security policy and procedures.

Insurance Data Security Law (Section 3.D.5) – required for insurance companies in states adopting the NAIC Insurance Data Security Model Law.

Provide its personnel with cybersecurity awareness training that is updated as necessary to reflect risks identified by the Licensee in the Risk Assessment.

Latest Security Headlines from Krebs on Security:

  • Fintech Giant Finastra Investigating Data Breach
    by BrianKrebs
    The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world's top 50 banks, notified customers of a potential breach after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen […]
  • An Interview With the Target & Home Depot Hacker
    by BrianKrebs
    In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he […]
  • Microsoft Patch Tuesday, November 2024 Edition
    by BrianKrebs
    Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November's patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
  • FBI: Spike in Hacked Police Emails, Fake Subpoenas
    by BrianKrebs
    The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based technology companies.
  • Canadian Man Arrested in Snowflake Data Extortions
    by BrianKrebs
    A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake. On October 30, Canadian authorities arrested Alexander Moucka, a.k.a. Connor Riley Moucka of Kitchener, Ontario, on a provisional arrest warrant from the United States. Bloomberg first reported Moucka's […]