Table of Contents
- 7 tough IT security discussions every IT leader must have
- A Review of NIST’s Draft Cybersecurity Framework 2.0 | #hacking | #cybersecurity | #infosec | #c…
- What Cybersecurity Gets Wrong
- Top 10 Programming Languages that are required in Cybersecurity Field
- Data security “gap” threatens collaboration within European organisations
- Insider ambassadors and security culture, with Michael Montoya
- Adlumin Unveils Warranty and Cyber Insurance Offerings – ITSecurityWire
- Cybersecurity Awareness Month CSAM 2023: Key Strategies
- How to Boost Cybersecurity Standards to Meet Compliance Regulations
- Overconfident Organisations Prone to Cyber Breaches, Study Finds
- NCSC and ICO sign MoU to forge deeper collaborative links | Computer Weekly
- UK boards and CISOs increasingly aligned on cyber risks | Weekly computer
- The Cyber Express Market Trends Survey Reveals Top 5 Cybersecurity Certifications in 2023
- Pennsylvania health system CISO looks to launch ransomware board game
7 tough IT security discussions every IT leader must have
John Edwards
Here’s a summary of the key points:
1) **Systems Modernization**: Ensure your systems are adequately modernized for security.
Security should be built into your technology infrastructure, not simply added on.
2) **Cyber Scenarios**: Regularly discuss and plan for potential cyber scenarios.
This includes creating an incident-response plan and testing it periodically.
3) **Security Culture**: Foster a culture of security within your organization.
This means empowering employees to operate within approved security guidelines, leading to faster innovation and better business results.
4) **Emerging Threats Assessment**: Stay up to date on emerging threats.
Cybercriminals are constantly evolving their tactics, so it’s important to stay informed and adjust your strategies accordingly.
5) **Incident Response Plan**: Have an effective incident response plan in place.
This plan should be regularly reviewed and updated as necessary.
6) **Security Investments ROI**: Ensure you’re achieving maximum return on investment (ROI) on your security investments.
This involves making sure the information flowing into your security solutions is timely, accurate, and deduplicated.
7) **Financial Exposure**: Understand the financial impact if your IT systems were to go down.
Regularly discuss and plan for this scenario to ensure your IT environment is secure, robust, and resilient.
Remember, these conversations should be ongoing and involve all relevant parties, including C-suite colleagues, business partners, and IT staff.
Link: https://www.cio.com/article/650903/7-tough-it-security-discussions-every-it-leader-must-have.html
A Review of NIST’s Draft Cybersecurity Framework 2.0 | #hacking | #cybersecurity | #infosec | #c…
Natioinal Cyber Security Training Academy Corp
The article discusses the draft of the Cybersecurity Framework (CSF) version 2.0 by the National Institute of Standards and Technology (NIST).
The CSF is a set of guidelines and best practices designed to help organizations manage cybersecurity risks effectively.
The key changes introduced in CSF 2.0 include:
1. Addition of the governance function: The new governance function addresses how an organization makes decisions to support its cybersecurity strategy.
It informs and supports the other five functions of the framework.
2. Focus on supply chain risk management (SCRM): CSF 2.0 emphasizes the importance of managing cybersecurity risks associated with external parties in the supply chain.
It highlights the need for organizations to identify and prioritize suppliers based on criticality and integrate supply chain security practices into their cybersecurity and enterprise risk management programs.
3. Zero-Trust Architectures (ZTA): Although not adding a dedicated subcategory for ZTA, CSF 2.0 provides additional details on third-party risk and incorporates supply chain guidance into the governance function.
It addresses the need for planning, due diligence, and performance monitoring of supply chain security practices throughout the technology product and service life cycle.
4. Cloud security: CSF 2.0 addresses the evolving nature of cloud environments and provides organizations with guidance on defining shared responsibility models with cloud service providers.
It facilitates oversight in cloud-hosted environments through expanded governance and supply chain risk management provisions.
5. Expanded implementation guidance: CSF 2.0 offers expanded implementation examples and informative references to help organizations achieve the desired cybersecurity outcomes specified in the framework.
These resources provide action-oriented examples and reference materials to inform organizations’ approaches to cybersecurity risk management.
While CSF 2.0 represents an improvement over the previous version, the article acknowledges that it may not be sufficient to fundamentally improve the overall cybersecurity posture of organizations.
It points out that advanced technologies, expertise, and investment must be properly leveraged to effectively counter the threats posed by sophisticated adversaries.
The article suggests exploring the role of artificial intelligence (AI) in cybersecurity, including human-machine collaboration, as a potential approach to enhance cyber resilience at scale.
Comments on the CSF 2.0 draft were invited from stakeholders and will be used to develop the final version, scheduled for release in early 2024.
Link: https://www.lawfaremedia.org/article/a-review-of-nist-s-draft-cybersecurity-framework-2.0
What Cybersecurity Gets Wrong
Richard Pallardy
In addition to the shortage of manpower, a 2021 report compiled by the Information Systems Security Association (ISSA) and industry analyst firm Enterprise Strategy Group (ESG) notes that 57% of the 500 professionals they surveyed believed that a skills shortage was negatively impacting their organization.
So, not only are there not enough workers to manage necessary tasks, but the workers that are available do not offer the full breadth of necessary skills.
Recruiting replacements and expanding staff presents a number of hurdles in and of itself — the ISSA/ESG report that their survey group was concerned about lack of competitive compensation and by incompetent human resources departments unable to locate suitable candidates.
“Once you find one, the truth of the matter is they’re jumping off to startups to make the big time instead of hanging around in corporations.”
Lack of Communication Between Leadership Teams As the authors of a recent article in the Harvard Business Review suggest, there is an additional disconnect: between the CISO and the board.This, says Jones, is often the result of “an executive team who doesn’t take cybersecurity seriously and views IT security spending as a project cost, rather than as an investment in brand protection.”
“Cybersecurity never gets the investment it deserves, because it doesn’t generate revenue,” Williams adds.“We’ve seen executives or board members at big Fortune 500 companies practice very bad cyber hygiene,” Williams confides.Organizations should avoid “reliance on disparate, cobbled-together cybersecurity solutions that don’t provide comprehensive protection against cyber-attackers and malicious insiders,” Jones advises.But no matter how good you think you are, tomorrow, you’re not that good anymore.”
The Cybersecurity & Infrastructure Security Agency (CISA) has begun cataloging a set of particularly bad practices to avoid, including the use of end-of-life software, default passwords, and single-factor authentication.Zulfikar Ramzan, Aura “Employers need to do more than just mandate an annual cybersecurity awareness program and prepare employees to identify and react appropriately to increasingly sophisticated cyber threats — in their personal lives and at work, as remote work and shared devices blur these lines and create more opportunities for hackers and fraudsters to take advantage,” Ramzan exhorts.“End-users should complete cybersecurity training at least quarterly, with a focus on gamifying the process to make it more fun and interesting,” Jones adds.
Link: https://www.informationweek.com/security-and-risk-strategy/what-cybersecurity-gets-wrong
Top 10 Programming Languages that are required in Cybersecurity Field
Naveen Goud
1. C/C++: C and C++ are fundamental programming languages for cybersecurity.
They are powerful, versatile, and are well suited for low-level systems programming and embedded design.
2. Java: Java, or the Java Runtime Environment, is widely used in digital security.
It’s fast, reliable, and secure, making it a popular and powerful platform for web-based applications.
3. Python: A programming language used widely for scripting and automating tasks in cybersecurity, Python is a great choice for data analysis, artificial intelligence, and machine learning applications.
4. JavaScript: A must-have for developing dynamic websites, JavaScript is the language behind dynamic user interfaces and web applications.
5. Perl: This is an interpreted language used widely in technologies related to the security of systems.
It is versatile and can be easily adapted to the framework of any language.
6. HTML/CSS: These are foundational web development languages that provide structure and styling to websites.
They are both crucial for developing new web applications.
7. PHP: PHP is often used to develop dynamic web applications.
It’s secure, powerful, and well-suited for creating online forms or applications.
Link: https://www.cybersecurity-insiders.com/top-14-programming-languages-that-are-required-in-cybersecurity-field/
Data security “gap” threatens collaboration within European organisations
CISION (PR Newswire)
The findings from a recent IDC InfoBrief sponsored by Immuta shed light on the data security challenges faced by European organizations.
According to the report, a significant 29% of these organizations are grappling with the inability to fully utilize data due to data security issues.
As IT and data infrastructures become increasingly complex, organizations are facing the challenge of managing huge siloes of sensitive data internally.
Notably, the rise in cyber attacks in Europe has only compounded the data security “gap” for businesses.
The report reveals that 58% of organizations in the UK, 49% in DACH (Germany, Austria, Switzerland), and 47% in the Nordics have experienced an increase in cyber attacks over the past 12 months.
This external risk further emphasizes the need for organizations to manage data security alongside the growing threat of cyber attacks.
CEOs are taking notice of the criticality of data security, as the report highlights that 45% of organizations plan to prioritize spending on data security, risk, and compliance this year.
Trustworthy data collaboration and sharing are being considered paramount, leading to increased investment in data security measures.
Additionally, CEOs are focusing on workplace solutions, application development and deployment platforms, infrastructure and operations, and automation technologies to optimize their data-related efforts.
However, it’s not just internal data security that organizations need to address; the report also highlights the emergence of a new blind spot caused by shadow data.
With the increasing sprawl of data in the cloud, only 42% of European businesses feel confident in their ability to discover and classify sensitive data, including both known and unknown data, within public cloud environments.
This indicates that organizations must grapple with the challenge of identifying and protecting sensitive data effectively.
The tension between digital innovation and data sovereignty is another area of concern for organizations due to evolving privacy regulations.
The report reveals that only 15% of organizations in Europe feel highly confident in their ability to discover and classify sensitive data to ensure its protection.
In particular, GDPR compliance poses challenges related to identifying and mapping personal data, data protection by design, data retention and deletion, and data security.
Turning our attention to the United Kingdom specifically, the report reveals that organizations prioritize working from home and hybrid work as their top operational security priorities for 2023.
Cyber resilience of systems and data privacy and regulatory compliance also rank high on their agenda.
Interestingly, 58% of UK organizations express confidence in their ability to discover and classify sensitive data within the public cloud – a notable increase compared to the European average of 42%.
It is worth noting that 56% of UK organizations plan to expand or upgrade their technology related to data access and governance in the coming year.
Colin Mitchell, General Manager at Immuta, captures the complexity that organizations face, stating, “The reality is that organizations are typically operating with data spread across multiple platforms and locations, all whilst navigating a rapidly evolving privacy and regulatory landscape.” The critical nature of data as an asset for collaboration, innovation, and decision-making cannot be understated.
However, as data usage continues to rise, unauthorised access, breaches, and misuse pose challenges that need to be addressed through effective security and compliance measures.
To build trust in data and streamline security operations, organizations are exploring the convergence to a data security platform.
The report highlights that 49% of respondents working in security positions plan to expand or upgrade the implementation of data access controls in the next 12 months.
Furthermore, 32% of European organizations aim to increase spending on data discovery and classification to overcome the challenges arising from data complexity.
In summary, the IDC InfoBrief sheds light on the pressing data security challenges faced by European organizations, as well as their efforts to prioritize data security.
The report emphasizes the need for organizations to address complex IT and data infrastructures, manage the rising threat of cyber attacks, and navigate privacy regulations effectively.
By investing in data security measures, organizations can build trust in data, streamline operations, and enhance their ability to protect sensitive data.
Link: https://www.prnewswire.co.uk/news-releases/data-security-gap-threatens-collaboration-within-european-organisations-301925166.html
Insider ambassadors and security culture, with Michael Montoya
Black Hat Middle East and Africa
Our roles require us to accept we cannot stop all risk – but need to help our companies manage risk in a way that helps empower innovation while building systems of resiliency that are designed to fail and secure by design.” “The same risks still exist, and ransomware continues to be the single largest cyber threat any company faces.This talent gap will continue to put more focus on security as code (automation) and developing organisations with more machine learning capabilities.” “To ensure a seamless security experience, the key is integrating technology and training for non-security employees that effortlessly align with their daily workflow, without friction.This holistic strategy ensures natural security integration, seamlessly woven into every aspect of operations.” “Drawing a parallel to physical fitness and staying healthy, the analogy holds true for cybersecurity.
Link: https://insights.blackhatmea.com/insider-ambassadors-and-security-culture-with-michael-montoya/
Adlumin Unveils Warranty and Cyber Insurance Offerings – ITSecurityWire
ITsec Bureau
Adlumin, a award-winning cybersecurity provider, recently unveiled its new cyber insurance and warranty offerings for small and mid-sized businesses.
The offerings, which are launching in July, are designed to help protect vulnerable organizations that lack proper cybersecurity protection.
The new Adlumin Cyber Insurance and Warranty are bespoke solutions tailored for small and mid-sized businesses.
They are designed to cover potential losses due to data breaches, malware, and other malicious activity, as well as help organizations get back on their feet quickly in case of an attack.
The coverage includes both liability and property insurance to help firms protect their finances and investments.
The warranty is designed to further protect businesses by covering any hardware and software repairs and replacements.
Adlumin is partnering with insurance providers to offer these plans to its clients.
This allows businesses to access competitive rates and comprehensive coverage.
Adlumin says the coverage is especially important for organizations that lack comprehensive cybersecurity solutions.
“The threat of cyberattacks is escalating day by day, and flaws in small and medium-sized businesses’ security postures are long-standing vulnerabilities,” the company’s CEO, Ralph Consoli, said. “We are committed to
Link: https://itsecuritywire.com/quick-bytes/adlumin-unveils-warranty-and-cyber-insurance-offerings-for-unprotected-small-and-mid-sized-organizations/
Cybersecurity Awareness Month CSAM 2023: Key Strategies
Sangfor Technologies
Using Strong Passwords and a Password Manager
Turning on Multi-Factor Authentication (MFA)
Recognizing and Reporting Phishing
Update Software
CyberSecurity Awareness Month (CSAM) is an annual event that takes place each October and hosted by national and international organizations dedicated to educating society on the importance of protecting networks and computers from malicious threats.
It is an opportunity to inform users, businesses, organizations, and governments about the potential threats posed by an increasingly-interconnected world, and to equip everyone with the tools and knowledge to remain vigilant and secure.
+
+The primary objectives of CSAM are to raise public awareness and understanding of cyber security in both the public and private sectors, and to develop a culture of cyber resilience.
Through educational programs, public outreach initiatives, and industry events, CSAM promotes best security practices to protect critical infrastructure, data, and people from compromise.
+
+The theme of CSAM 2023 is “Protect Your Digital Legacy”.
The goal of this theme is to remind users of the importance of taking action in securing their online accounts and resources against a myriad of threats.
This year, CSAM advocates for the adoption of security-first approaches for user data, accounts, and devices.
The actions are simple to take, yet they can have a monumental impact on providing a secure digital legacy.
Link: https://www.sangfor.com/blog/cybersecurity/cybersecurity-awareness-month-csam-2023
How to Boost Cybersecurity Standards to Meet Compliance Regulations
Noelle
The management of cybersecurity risks has become increasingly challenging as cybercriminals continually find new and sophisticated ways to gain unauthorized access to organizations’ systems, sensitive data, and personal information.
In response to these threats, several industries have implemented stringent IT compliance regulations that businesses must adhere to in order to ensure consumer protection.
To effectively meet these compliance regulations, organizations must adopt a proactive approach to cybersecurity.
One emerging trend in the industry is the adoption of cybersecurity as a service, which addresses the specific needs of organizations operating in highly regulated environments.
Within the realm of cybersecurity compliance, there are several notable regulations that directly impact the cybersecurity landscape.
The Health Insurance Portability and Accountability Act (HIPAA) is a significant security rule for healthcare providers, aiming to safeguard sensitive patient information.
HIPAA regulations primarily focus on privacy practices and address vulnerabilities associated with the electronic transfer of health information.
Compliance with HIPAA regulations is intended to prevent data leaks, data breaches, and unauthorized use or access of patient information by company employees.
Another crucial regulation is the Financial Industry Regulatory Authority (FINRA), established by Congress to protect investors in a rapidly evolving investment market.
FINRA provides guidance on various topics, including cybersecurity and firms’ ability to protect sensitive personal data.
Through comprehensive reviews, FINRA evaluates a firm’s approach to managing cybersecurity risks across multiple areas such as technology governance, risk assessment, technical controls, access management, incident response, vendor management, data loss prevention, system change management, branch controls, and staff training.
Furthermore, the Cybersecurity Maturity Model Certification (CMMC) is specifically designed to protect sensitive unclassified information shared by the Department of Defense with its contractors and subcontractors.
This certification facilitates the management of cybersecurity risks in response to evolving threats, promotes a collaborative culture of cybersecurity, and safeguards sensitive information to protect the nation’s warfighters.
Navigating these cybersecurity compliance regulations requires organizations to adhere to best practices to enhance their cybersecurity standards and protect their operations, regardless of the industry in which they operate.
Some of these best practices include:
1) Endpoint Detection and Response (EDR): Implementing advanced threat detection and response capabilities at endpoints to swiftly identify and mitigate potential threats.
2) Advanced Threat Detection (ATD) and Prevention (ATP): Leveraging sophisticated tools and technologies to proactively detect and prevent advanced cyber threats.
3) Virtual Private Networks (VPN): Utilizing secure VPN connections to establish encrypted communication channels and protect sensitive data during transmission.
4) Multi-Factor Authentication (MFA): Implementing additional layers of identity verification to ensure that only authorized individuals can access critical systems and data.
5) Email Spam Filtering: Deploying robust email filtering mechanisms to identify and block malicious email content, reducing the risk of falling victim to phishing and other email-based attacks.
6) Firewalls: Employing state-of-the-art firewalls to monitor and control incoming and outgoing network traffic, protecting against unauthorized access and network-based threats.
In highly regulated industries such as healthcare, finance, government contracting, and the legal field, organizations are strongly advised to consider advanced cybersecurity monitoring solutions.
One such solution is Arctic Wolf, which offers managed security awareness through its Managed Detection and Response (MDR) and Cloud Detection and Response solutions.
By continuously monitoring networks, endpoints, and cloud environments, Arctic Wolf assists organizations in detecting, responding to, and recovering from cyberattacks.
Considering the complexity and evolving nature of cybersecurity risks, organizations are increasingly turning to managed service providers (MSPs) that offer cybersecurity as a service.
By partnering with an MSP, organizations can benefit from a thorough review of their IT practices, identification of vulnerabilities and non-compliance, and development of a tailored approach to manage cybersecurity risks and meet regulatory requirements.
In conclusion, effectively managing cybersecurity risks requires organizations to adopt a proactive and multi-layered approach to cybersecurity, adhere to specific compliance regulations, and leverage cybersecurity services tailored to their industry.
By implementing industry best practices and working with trusted partners, organizations can mitigate cybersecurity risks, safeguard sensitive data, and maintain operational resilience in the face of evolving cyber threats.
Link: https://atlasps.com/how-to-boost-cybersecurity-standards-to-meet-compliance-regulations/
Overconfident Organisations Prone to Cyber Breaches, Study Finds
Poteau Daily News
The study by cybersecurity firm OverConfident Security reveals that organisations who think they are secure from cyber-attacks are usually the most prone to them.
The study found that organisations who believed high levels of confidence in their cyber defence systems were nine times more likely to suffer a breach when compared to organisations whose security was not as confident.
The study followed 1,000 organisations from the UK, US, Germany, India, and Australia to compare their confidence levels and cybersecurity practices.
It found that organisations with higher levels of confidence were far more likely to ignore or overlook the basics of cyber security such as keeping critical systems up to date, prompting them to be more vulnerable to cyber-attack.
The higher levels of confidence also created a complacency over cyber threat awareness, which served to mask or disguise weaknesses in their cyber defences.
The study also found that organisations with higher levels of confidence fixated on keeping technologically advanced solutions at the forefront of their defences instead of investing in basics such as employee training.
The study highlighted the importance of employees understanding basic cyber security practices and the dangers of assuming you are safe from attack, no matter how secure your systems appear to be.
It is only when organisations take the necessary precautions when evaluating their security systems, implementing training policies
Link: http://business.theantlersamerican.com/theantlersamerican/article/releasewire-2023-9-13-overconfident-organisations-prone-to-cyber-breaches-study-finds
NCSC and ICO sign MoU to forge deeper collaborative links | Computer Weekly
MP
National Cyber Security Centre (NCSC) chief executive Lindy Cameron and information commissioner John Edwards have signed a joint memorandum of understanding (MoU) to establish deeper and more effective collaboration between the two organisations, recognising that while both have distinct niches, there are some areas where they could align their work, and “deconflict” on others.“It provides us with a platform and mechanism to improve cyber security standards across the board while respecting each other’s remits.”
Edwards added: “We already work closely with the NCSC to offer the right tools, advice and support to businesses and organisations on how to improve their cyber security and stay secure.This Memorandum of Understanding reaffirms our commitment to improve the UK’s cyber resilience so people’s information is kept safe online from cyber attacks.”
Some of the other key provisions in the MoU include a commitment on the ICO’s part to encourage organisations to engage with the NCSC on cyber security matters such as incident response, and incentivise them to do so, possibly by reducing potential regulatory penalties.
Link: https://technoversepro.com/it-hardware/ncsc-and-ico-sign-mou-to-forge-deeper-collaborative-links-computer-weekly/
UK boards and CISOs increasingly aligned on cyber risks | Weekly computer
Helena Mueller
This article discusses the growing alignment between UK boards and Chief Information Security Officers (CISOs) on cyber risks.
There is increasing awareness of the importance of cyber security among UK boards and they are reportedly more willing to invest resources to mitigate cyber risk.
The article argues that this shows an increased understanding amongst UK boards on the severity of cyber risks, and how it could have huge financial and reputational impacts on a company.
The article also suggests that companies should focus on building strong relationships between boards and CISOs to ensure effective communication and collaboration in addressing cyber threats.
Link: https://latestfinance.news/uk-boards-and-cisos-increasingly-aligned-on-cyber-risks-weekly-computer-501019/
The Cyber Express Market Trends Survey Reveals Top 5 Cybersecurity Certifications in 2023
Editorial
The following are 5 of the most preferred cybersecurity certifications:
1. Cybersecurity Certified Professional (CCP) – The CCP certification is the basic entry-level certification offered by CompTIA, which provides a comprehensive introduction to the information security field.
This certification is designed for individuals with a minimum of two years’ experience working in the security field and is considered a great way to get into the industry.
2. Certified Information Security Manager (CISM) – This is a comprehensive certification offered by ISACA (Information Systems Audit and Control Association).
It provides knowledge and skills related to IT risk management, security program management, and security incident response.
This certification is ideal for those with five or more years of experience in IT and security.
3. Certified Ethical Hacker (CEH) – The CEH certification is a hands-on, practical-based course offered by the EC-Council that covers a large number of subjects related to ethical hacking.
The certification also includes topics such as double encryption, network monitoring, and countermeasures.
4. Certified Information System Security Professional (CISSP) – The CISSP certification is the most comprehensive certification offered by the International Information Systems Security Certification Consortium (ISC)².
Link: https://thecyberexpress.com/most-preferred-cybersecurity-certifications/
Pennsylvania health system CISO looks to launch ransomware board game
admin
Aaron Weismann, the chief information security officer of Radnor Township, Penn.-based Main Line Health, is on a mission to revolutionize cybersecurity training with his innovative approach.
He has ventured into uncharted territory by developing an engaging ransomware board game called “Guardians of the Grid,” which simulates the intense challenges of a cyberattack.
Realizing the potential impact of this groundbreaking concept, Weismann took to Kickstarter to raise funds for the development and production of the board game.
The campaign not only aims to make the game a reality but also has an ambitious stretch goal in sight.
If the campaign manages to reach $50,000, it will unlock a healthcare industry-specific module that will further enhance the relevance and applicability of the game.
“Guardians of the Grid” is designed as a competitive game that pits a red team of skilled hackers against a blue team of defenders.
Each team must strategize and employ various attack and defense tactics to outsmart their opponents.
To provide an immersive experience, the game comes equipped with 416 playing cards that vividly explain different cybersecurity attacks or defense techniques.
This rich array of cards ensures that players are exposed to a wide variety of scenarios and have the opportunity to learn and adapt to real-world situations.
However, Weismann’s ambition doesn’t stop there.
If the game manages to reach its first stretch goal of $50,000, it will unleash a new level of excitement for players.
Booster packs will be introduced, allowing the red team to assume the personas of notorious cybercriminal gangs like LockBit and BlackCat.
This addition not only adds complexity to the game but also exposes players to the tactics and strategies employed by actual threat actors in the ever-evolving cybersecurity landscape.
Weismann believes that tabletop exercises such as “Guardians of the Grid” hold immense value in training staff to effectively respond to real-life cyberattacks.
They offer a unique opportunity for individuals to familiarize themselves with incident response protocols, which can prove vital during the heat of a cybersecurity crisis.
Moreover, these games foster a culture of information security awareness by addressing critical areas such as phishing, web browsing, portable media usage, insider threats, and other potentially risky organizational activities.
The Kickstarter campaign aims to raise $20,000, demonstrating the demand and interest in this innovative approach to cybersecurity training.
Weismann’s vision is to empower organizations with a fun yet effective tool that transforms the way cybersecurity is taught and understood.
By breaking down the complexity of cyber threats into an engaging game, “Guardians of the Grid” not only educates but also instills confidence in individuals to combat the most catastrophic events that can befall an organization.
The realm of cybersecurity is an ever-changing battlefield, and Weismann’s groundbreaking approach through “Guardians of the Grid” offers a promising avenue to empower individuals and organizations in their quest for cyber resilience.
As players gather around the board, armed with knowledge and skills acquired during gameplay, they become the true guardians of the digital realm, equipped to face the challenges of an increasingly interconnected world.
Link: https://www.beckershospitalreview.com/cybersecurity/pennsylvania-health-system-ciso-looks-to-launch-ransomware-board-game.html