That’s a wrap! Thanks to our incredible line-up of speakers and panelists, the first Human Layer Security Summit of 2021 was jam-packed with insights and advice that will help you level-up your security strategy, connect with your employees, and thrive in your role.
Looking for a recap? We’ve rounded up the top seven things we learned.
1. CISOs can’t succeed without building cross-functional relationships
Today, security leaders are responsible for communicating risk, enabling individuals and teams, and influencing change at all levels of the organization.
That’s easier said than done, though…especially when research shows less than 50% of employees (including executives) can identify their CISO.
The key is building relationships with the right people. But how?
Patricia Patton, Human Capital Strategist and Executive Coach, Annick O’Brien, Data Protection Officer and Cyber Risk Officer, and Gaynor Rich, Global Director Cybersecurity Strategy & Transformation at Unilever tackled this topic head-on and introduced a new framework for security leaders to use: Relationship 15.
Find out more by watching the full session below or check out this blog to download a template for the Relationship 15 Framework.
Relationship 15: A Framework to Help Security Leaders Influence Change
CEO’s Guide to Data Protection and Compliance
16 Tips From Security Leaders: How to Get Buy-In For Cybersecurity
How to Communicate Cybersecurity ROI to Your CEO
2. Securing your own organization isn’t enough. You have to consider your supply chain’s attack surface and risk profile, too
We often talk about how cybersecurity is a team sport. And it is. But, today your “team” needs to extend beyond your own network.
Why? Because more and more often, bad actors are gaining access to the email accounts of trusted senders (suppliers, customers, and other third-parties) to breach a target company in account takeover (ATO) attacks.
The problem is, you’re only as strong as the weakest (cybersecurity) link in your supply chain, and these sophisticated attacks slip right past Secure Email Gateways (SEGs), legacy tools, and rule-based solutions.
Marie Measures, CTO, at Sanne Group, and Joe Hancock, Head of Cyber at Mishcon de Reya explain how firms in both the legal sector and financial services are preventing these threats by consulting enterprise risk management frameworks, partnering with customers, and leveraging technology.
What is Account Takeover?
How to Defend Against Account Takeover
3. If you want to understand and reduce risk, you need data (and smart tech)
Throughout the Human Layer Security Summit, one word was repeated over, and over, and over again. Visibility.
It makes sense. Clear visibility of threats is the first step in effectively reducing risk. But, because so many security solutions are black boxes that make investigation, remediation, and reporting admin-intensive, this can be a real challenge.
We have a solution, though. Tessian Human Layer Risk Hub. This game-changing product (coming soon!) enables security and risk management leaders to deeply understand their organization’s security posture by providing granular visibility and reporting into individual user risk levels.
How? Each user is assigned a risk score based on dozens of factors and risk drivers, including email behavior, training track record, and access to sensitive information. This clearly shows administrators who needs help (on an individual level and a team level).
The tool also intelligently recommends actions to take within and outside the Tessian portal to mitigate risk. Finally, with industry benchmarking and dashboards that show how risk changes over time, you’ll be able to easily track and report progress.
Want to learn more about Tessian Human Layer Risk Hub? Sign-up for our newsletter to get an alert on launch day or book a demo.
Ultimate Guide to Human Layer Security
Worst Email Mistakes at Work (And How to Fix Them)
4. Rule-based solutions aren’t enough to prevent data exfiltration
If you’re interested in learning more about Human Layer Security, this is the session for you.
David Aird, IT Director at DAC Beachcroft, and Elsa Ferreira, CISO at Evercore take a deep dive into why people make mistakes, what the consequences of those mistakes are, and how they – as security leaders – can support their employees while protecting the organization.
Spoiler alert: blunt rules, blocking by default, and one-and-done training sessions aren’t enough.
To learn how they’re using Tessian to automatically prevent data exfiltration and reinforce training/policies – and to hear what prompted Elsa to say “They say security is a thankless job. But, with Tessian, I’ve actually had several employees tell me they’re thankful for the tool.” – watch the full session.
Research Report: Why DLP Has Failed and What the Future Looks Like
12 Examples of Data Exfiltration
5. When it comes to security awareness training, one size doesn’t fit all
Security awareness training is an essential part of every cybersecurity strategy. But, when it comes to phishing prevention, are traditional simulation techniques effective?
According to Joe Mancini, VP Enterprise Risk at BankProv, and Ian Schneller, CISO, at RealPage they’re important… but not good enough on their own.
Find ways to make training more engaging and tailored to your business initiatives and employees’ individual risk levels
Focus on education and awareness versus “catching” people
Make sure training is continuously reinforced (Tessian in-the-moment warnings can help with that)
Don’t just consider who clicks; pay attention to who reports the phish, too
Consider what happens if an employee fails a phishing test once, twice, or three times
Want more tips? Watch the full session.
Why The Threat of Phishing Can’t be Trained Away
Why Security Awareness Training is Dead
Phishing Statistics (Updated 2021)
6. The future will be powered by AI
Nina Schick, Deepfakes expert, Dan Raywood, Former deputy-editor at Infosec Magazine, and Samy Kamkar, Privacy and Security Researcher and Hacker went back and forth, discussing the biggest moments in security over the last year, what’s top of mind today, and what we should prepare for in the next 5-10 years.
Insider threats, state-sponsored threats, and human error made everyone’s lists…and so did AI.
Watch the full session to hear more expert insights.
2021 Cybersecurity Predictions
21 Cybersecurity Events to Attend in 2021
7. Hackers can – and do – use social media and OOO messages to help them craft targeted social engineering attacks against organizations
Spear phishing, Business Email Compromise (BEC), and other forms of social engineering attacks are top of mind for security leaders. And, while most organizations have a defense strategy in place – including training, policies, and technology – there’s one vulnerability most of us aren’t accounting for. Our digital footprints.
Every photo we post, status we update, person we tag, and place we check-in to reveals valuable information about our personal and professional lives. With this information, hackers are able to craft more targeted, more believable, and – most importantly – more effective social engineering attacks.
So, what can you do to level-up your defenses? Jenny Radcliffe, Host of The Human Factor, and James McQuiggan, CISSP Security Awareness Advocate, KnowBe4, share personal anecdotes and actionable advice in the first session of the Human Layer Security Summit.
Watch it now.
New Research: How to Hack a Human
6 Real-World Social Engineering Examples
Want to join us next time? Subscribe to our blog below to be the first to hear about events, product updates, and new research.