Episode #11, Season 3 of Phishy Business: Actors, Tabletop Exercises, and Insider Threats
In this episode of Phishy Business, we take a look at cyber crisis exercises and insider threats. Our special guest is Lisa Forte, an expert on running cyber crisis exercises and training high-risk staff on insider threats and social engineering.
Lisa was named one of the top 30 female cybersecurity leaders by SC Magazine and works hard to simulate cybersecurity disasters for organizations in order to train them in how to deal with real-world cyberattacks. Lisa shares her insights on cyber crisis exercises and preparing organizations on how to handle cyberattacks as well as how to build an insider threat program.
In ‘Actors, Tabletop Exercises, and Insider Threats’ we discuss:
- The fact that 70% of organizations in EMEA do not have a plan for dealing with insider threats despite it being a growing risk.
- How insider threats can be both accidental and malicious, different ways to look at the term “insider threat”, and some of the factors that may play into people becoming insider threats.
- How to balance fear and empowerment to get every employee to care personally about an organization’s cybersecurity, and how cybersecurity needs to be marketed internally to people across the organization.
- Some of the creative ways to use role-playing and acting in cyber crisis exercises to make simulations as real as possible, which is key to educating teams in dealing with cyberattacks.
- Top tips for getting started with a plan to deal with insider threats and cyberattacks and the importance of explaining to key personnel that just having backups really is not a solid plan for dealing with today’s threats.
- The importance of a happy workforce, properly and legally monitoring for insider threats, and tech-for-good and cybersecurity-for-good initiatives.
- Why CISOs might benefit from rock climbing