Outsider threats and incidents
The wide variety of threatening people, organizations and situations Out There, and the even wider variety of outsider incidents, is quite overwhelming ... which means we need to simplify things for awareness purposes. If we try to cover too much at once, we'll confuse, overwhelm and maybe lose our audiences, if not ourselves.
On the other hand, that variety is itself an important lesson from September's awareness module. It's not sufficient, for instance, for the cybersecurity team to lock down the corporate firewall in order to block hackers and malware while neglecting other outsider threats such as intellectual property theft and disinformation. Organizations are in a difficult position, trying to avoid, prevent or limit all manner of outsider incidents, some of which are particularly difficult to even identify let alone control. It's soot-juggling really.
With our start-of-month delivery deadline imminent, we're currently finalizing September's slide decks and briefings, focusing on the key messages and making sure they have enough impact to resonate with the awareness audiences - our own version of soot-juggling. We have the advantage of being able to delve into things in more depth later, thanks to the rolling program of awareness topics. Next month, for example, we'll focus on phishing, specifically, so this month we'll take the opportunity to mention phishing as a form of outsider social engineering cyber-attack, briefly, without having to explain all of that just now.
Things always become a bit frantic in the IsecT office as the deadline looms. On the bright side, we've done a stack of prep-work during the month plus research prior to that so we have no shortage of content. And we've been here many times before - every single month for the past 15 years in fact! So, that's it for now. Must dash. Speling to dubble-chek. Shiny things to polish.