National Cyber Security Alliance Launches Program to Build a Strong Culture of Cybersecurity at Work

Cybersecurity at Work

WASHINGTON, Oct. 10, 2017 /PRNewswire/ — In today's rapidly evolving technological landscape, it's critical for businesses and other organizations to be prepared for – and know how to respond to – cybersecurity incidents. Many organizations, however, have a lot of work to do when it comes to guarding against cyber threats. In MediaPro's second annual State of Privacy and Security Awareness survey of employees and the general public, for the second consecutive year, the average respondent was rated a security “novice” after being quizzed about security and privacy best practices. In the Week 2 of National Cyber Security Awareness Month (NCSAM) – a far-reaching online safety awareness and education initiative co-founded and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS) – NCSA is encouraging every workplace to create a culture of cybersecurity from the break room to the boardroom.

To further the cyber readiness of the nation's small and medium-sized businesses (SMBs), NCSA is announcing the launch of a new initiative, CyberSecure My Business. The project is a comprehensive, national program comprised of interactive training based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework, webinars and web resources to help businesses be resistant to and resilient from cyberattacks. The first webinar takes place on Oct. 10 from 2 p.m. – 3 p. m. EDT and will address ransomware and phishing.

SMBs are critical to our economic and national security,” said Michael Kaiser, NCSA's executive director. “NCSA is thrilled to introduce CyberSecure My Business to help organizations proactively protect their customers, employees and intellectual property – and by extension their reputations and success.

As the program's cornerstone, NCSA has translated the NIST Cybersecurity Framework into an introductory-level, in-person, highly interactive workshop. The workshop series – hosted in partnership with the Federal Trade Commission (FTC) with support from the Federal Bureau of Investigation and DHS in addition to occasional support from the Small Business Administration ‒ includes both in-person workshops and monthly webinars providing guidance on integrating cybersecurity practices. The sessions interpret the NIST Cybersecurity Framework into easy-to-understand language and incorporate content from federal and industry partners, including recent threat data.

The NIST Cybersecurity Framework helps make cybersecurity immediately relevant to businesses by starting with a simple question for business owners and operators: What do you have to protect?” said Kaiser.

Take these steps outlined in the framework to better safeguard your organization against cyber threats:

  • Identify: Conduct an inventory of your most valuable assets – the “crown jewels” of greatest importance to your business and of most value to criminals – such as employee, customer and payment data.
  • Protect: Assess what protective measures you need in place to defend the organization as much as possible against a cyber incident.
  • Detect: Have systems set up that would alert you if an incident occurs, including the ability for employees to report problems.
  • Respond: Make and practice an incidence response plan to contain an attack and maintain business operations in the short term.
  • Recover: Know what to do to return to normal business operations after an incident or breach, including assessing any legal obligations.

Check out the latest NCSAM infographic for simple cybersecurity tips your business can follow (download and share it on social media using the hashtag #CyberAware!).

Top Business Concerns Include Ransomware, the Internet of Things and Bring Your Own Device (BYOD) Policies

Seventy percent of MediaPro's survey respondents showed at least some lack of security and privacy awareness. The study had several other notable findings:

  • 24 percent of employees surveyed took potentially risky actions when presented with scenarios related to organizational physical security, such as letting strangers in without identification.
  • 20 percent of employees showed a lack of awareness related to safe social media posting, choosing risky actions such as posting on their personal social media accounts about a yet-to-be-released product of their employer.
  • 19 percent of respondents chose to take risky actions related to working remotely, such as connecting their work computers to an unsecured public WiFi hotspot.
  • 12 percent of respondents failed to recognize commons signs of malware when presented with real-life examples, such as a sluggish computer or anti-virus software unexpectedly switching off.

In the past, organizations may have implemented security awareness activities merely for compliance or behavior change, but now people are looking at ways to go beyond just behavior and make security part of the culture,” said Lance Spitzner, director of SANS Security Awareness and a NCSA Board of Directors member. “Awareness programs are important because organizations are repeatedly seeing people as the primary targets for bad guys; cybersecurity is both a technical and human problem – and it requires a technical and human solution.”

As technology advances, our critical infrastructure is increasingly run on digital networks to maximize efficiency and effectiveness. NCSAM Week 2 is kicking off with “Insights on Cybersecurity for Electric Utilities,” an event hosted by the National Rural Electric Cooperative Association (NRECA) and supported by NCSA, DHS and the FTC. The event – taking place on Tuesday, Oct. 10 – will give members and others from the energy industry an opportunity to discuss their cybersecurity needs and issues and take part in an interactive cybersecurity workshop based on the NIST framework. The event will feature a keynote address by FTC Acting Chairman Maureen K. Ohlhausen and remarks from experts representing the NRECA, NCSA, DHS, the U.S. Department of Energy and more.

As large-scale breaches continue to make headlines and businesses of all sizes fall victim to cyberattacks, organizations are more regularly thinking about the importance of cybersecurity. Ransomware – malware that accesses files, locks and encrypts them and then demands the victim to pay a ransom to get the files back – has been growing in prevalence and is a top concern for businesses, with threats such as WannaCry and the Petya attacks making the news in recent months. It's important for organizations to know how to protect their critical customer, employee and intellectual property data so that they can be prepared in the event of a ransomware attack. Learn more about this threat and how to protect your organization against it here.

Another area of concern for businesses is the growing Internet of Things (IoT) – in which increasing numbers of devices, including wearables, TVs, cameras, speakers and vehicles – are connecting to the internet and collecting, managing and/or using personal data. Cybercriminals have used unsecured IoT devices to take down massive numbers of websites at once, and other threats like IoT “as-a-service” breaches and attacks on connected city systems make it important for organizations to know how to secure their connected devices and networks. Businesses must work to keep their devices safer and more secure over time and build cybersecurity into their processes just as they value physical safety regulations in the workplace.

A third cybersecurity concern more and more businesses are facing is maintaining security in a BYOD workplace. Now more than ever, employees are using their personal smart devices – such as PCs and smartphones – for work purposes, which grows the potential number of vulnerabilities and makes cybersecurity in the workplace more complicated. It's important for organizations to consider where sensitive company, customer and/or employee data is being accessed, and implement awareness and education activities, plans and policies to encourage security best practices regardless of the device being used…

Read Full Press Release: National Cyber Security Alliance


The latest in curated technology related news collected from many of the leading news distribution, industry research and technology vendor firms on the planet.

Here you will find recent news sources from companies such as Reuters, Marketwired, IDC, Gartner or directly from cloud vendors such as Google, Microsoft or Amazon.


The Internet of Everything: Why The IoT Will Take Over Every Industry

The Internet of Everything: Why The IoT Will Take Over Every Industry

Why The IoT Will Take Over Every Industry It’s a big mistake to think that the Internet of Things will ...
5 Data Security Tips Small Businesses Should Mimic

5 Data Security Tips Small Businesses Should Mimic

Data Security Tips As more and more companies begin to switch to the cloud, cyber attacks need to be a ...
The Cloud Has Your Data (Whether You Like It Or Not)

The Cloud Has Your Data (Whether You Like It Or Not)

Cloud Cleanup Anyone? Following on where we left off from my last two articles now we shift focus to what ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Infosec thought leaders

Cryptocurrencies and Ransomware: How VDI Can Help Defend Against the Next Ransomware Attack

Cryptocurrencies and Ransomware The WannaCry ransomware made headlines back in May when it crippled hospitals across the UK and put ...
Avoiding Obsolescence In The Cloud

Avoiding Obsolescence In The Cloud

The Cloud I was amused to discover this week that Microsoft aren’t supporting Internet Explorer 8 or 9 – with ...


Rackspace Extends Managed Security to Google Cloud Platform

Rackspace Extends Managed Security to Google Cloud Platform

SAN ANTONIO, March 21, 2018 (GLOBE NEWSWIRE) -- Rackspace® announced today that Managed Security and Compliance Assistance for Google Cloud Platform (GCP) is now available for preview to new and existing customers that use Rackspace Managed Services for GCP ...
Google classroom

Helping G Suite customers stay secure with new proactive phishing protections and management controls

Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use ...
Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

Gartner Says Worldwide IoT Security Spending Will Reach $1.5 Billion in 2018

By 2021, Regulatory Compliance Will Become the Prime Influencer for IoT Security Uptake Internet of Things (IoT)-based attacks are already a reality. A recent CEB, now Gartner, survey found that nearly 20 percent of organizations ...
BMW raises R&D spending for electric, autonomous cars

BMW raises R&D spending for electric, autonomous cars

Munich (Reuters) - German carmaker BMW (BMWG.DE) will increase research and development (R&D) spending to an all-time high of up to 7 billion euros ($8.6 billion) this year as part of efforts to bring 25 ...
Providers Benchmark Report: Cloud Spectator Releases Annual Top 10 Cloud IaaS

Providers Benchmark Report: Cloud Spectator Releases Annual Top 10 Cloud IaaS

Significant differences persist with price-performance across Public Clouds BOSTON, MA, March 20, 2018 — Cloud Spectator, the industry’s leading benchmarking and cloud consulting firm, today released its 2018 Top 10 Cloud IaaS Price-Performance Benchmark Report ...
Where's Zuck? Facebook CEO silent as data harvesting scandal unfolds

Where’s Zuck? Facebook CEO silent as data harvesting scandal unfolds

Amid calls for investigation and a #DeleteFacebook campaign, company releases an official statement but its figurehead keeps quiet The chief executive of Facebook, Mark Zuckerberg, has remained silent over the more than 48 hours since ...