[BreachExchange] How Santa's Cyber Security Culture Can Work For You! Part 1: Cyber Attacks

Destry Winant destry at riskbasedsecurity.com
Mon Dec 24 09:27:56 EST 2018


https://www.forbes.com/sites/rajindertumber/2018/12/23/how-santas-cyber-security-culture-can-work-for-you-part-1-cyber-attacks/#2983a6707fa6

Beneath the awe of the Northern lights,

Elves craft away during long polar nights.

Security responsibility lies with all in the wonderland,

Aiming to identify, monitor and control data at hand.

How could Santa encourage a cyber security culture within his magical
workshop?  How could this culture help you?  The purpose of this
article is for you, my loyal readers, to extract ideas to incorporate
into your own company's culture, if you wish.

The magic of Lapland works all year round to bring joy to us all.
White snow sparkles under the phenomenon of the Northern Lights.  In
the midst of the winter wonderland lies Santa's giant workshop,
emanating sounds of clinking and clanking.  Millions of gifts are
carefully crafted, wrapped and delivered by Santa's little helpers and
his reliable reindeer.  But as technology enters the mix, the workshop
will need to adopt a security culture to ensure the efficiency of its
operations, thus delivering Christmas joy.

If you have read my article: Tech-Savvy Santa Relies on AI, Blockchain
& Cyber Security, you'll know how Santa can transform Christmas, by
using:

- Artificial Intelligence (AI) to assist Santa’s little helpers with
choosing the best gift for a child, and calculate that gift’s demand;

- Blockchain technology to ensure gifts are only given to those of us
who deserve them;

- Cyber security to ensure the children’s personal data, promises,
smart contracts and wish list are (amongst other things):

- Stored securely in Santa’s Lapland workshop, e.g. encrypted hard drives
Accessible only to authorised Santa’s little helpers, including the
elves and reindeer, g. whitelisting

- Securely transmitted between the workshop’s central computer, the
electronic notepads used by Santa and his little helpers, as well as
the GPS devices used by the reindeers, and Santa’s personal log, e.g.
using the TLS protocol

But as we all know, the benefits of technology can bring
disadvantages.  Santa runs the risk of encountering a cyber attack,
e.g. by his old enemy, Krampus.  If successful, the attack could shut
down the workshop and bring us misery for Christmas.  So, Santa will
need to become both defensive and offensive on the cyber security
front, with professional security elves in-house.

Therefore, security awareness will need to be a priority, not just
among the residents of Lapland, but also the helpers within the
workshop, protecting all personal data, promises, smart contracts,
wish lists, etc.  Cyber attacks will be a relatively recent phenomena
for Santa and his helpers, but they will need to understand cyber
security and commit to promoting awareness to help ensure threats,
risks and vulnerabilities are mitigated.

Santa's little helpers, not the technology, will be the weakest link
in the security chain. The latest technology can protect children's
confidential information, but it cannot protect against helpers
maliciously or incidentally revealing that confidential information
over social networks or mismanaged personal devices.

A clear and concise training and awareness programme will have to be
developed.  This programme should aim to:

Provide better protection for Santa's assets (including children's gifts) by:

- Helping the employed elves to recognise and respond appropriately to
vulnerabilities before they turn into threats
- Providing up-to-date information on the latest risks and recommended action
- Raising the importance of data protection on all storage mediums,
e.g. the workshop’s central computer, the electronic notepads used by
Santa and his little helpers, the GPS devices used by the reindeers,
any paper documents, etc.

Increase confidence by:

Showing care for Santa's little helpers & his reindeer and by
providing advice to protect them around Lapland and within the
workshop
Showing recognition for good security behaviour

- Save the workshop's budget by:
- Reducing the likelihood and impact of security threats
- Integrating security controls into the shop's processes, policies
and procedures
- Coordinating and effectively measuring security training and
awareness activities

- Increase reliability and reputation for a joyful Christmas by:
- Increasing strategic and operational security activities for children
- Reducing the likelihood of penalties for non-compliance by Lapland's authority
- Reduce management exposure to prosecution by:
- Demonstrating management’s leadership and commitment to security
- Aiding the understanding of legal and regulatory liabilities

- Support disciplinary action against those helpers & reindeers who
are non-compliant by:
- Documenting their acknowledgement of Santa's security policies


More information about the BreachExchange mailing list