Cyber Security Café – Détails, épisodes et analyse

CyberRisk and Knowbe4 host an executive event joining them on the day is Kevin Mitnick, Cyber Security Café host Beverley moderates the session and asks the questions. Kevin’s childhood and fascination with magic and pranking history “McDonald’s prank”.
We discuss the latest findings in penetration testing and any commonalities, also what advice Kevin is offering executives and the workforce on phishing, social engineering and paying ransomware.
A few surprises near the end of the podcast.A special thanks to Kevin Mitnick for his generosity for our industry.
Thanks to our sponsor Cyber-Risk and KnowBe4

www.cyber-risk.com.au

www.knowbe4.com

 

Podcast produced by Martin Franklin / East Coast Studio

See omnystudio.com/listener for privacy information.

“Disruption”. Join Craig Templeton and Beverley Roche for a wrap up and summary of the 2020 SIT summit event and what is changing and working in the Cyber security culture programs.
We talk about the practitioners that contribute to making this event happen, the presenters, panel discussions and the key issues.
Want to know more about the SIT Empowers group? LinkedIn – Security, Influence and Trust Or check out the SITEMPOWERS website and download the SIT Guidebook and use the free resources.https://sitempowers.com/

See omnystudio.com/listener for privacy information.

THE INTRO ​

• Louisa is in the USA this week and Beverley is trying out her US accent
• One of the reasons for doing the podcast was to showcase the fantastic talent in the cybersecurity industry
• Cybersecurity can be a stressful profession and recent research Louisa has found confirms that the top 4 reasons for stress are about interfacing with the business (link in research section below)
• Beverley agrees that one of the reasons you are not suited to cybersecurity (according to some research she had find on a previous episode was related to finding explaining an incident to executives too stressful (link in research section below)
• Someone who is clearly very suited to a career in cybersecurity is Mandy Turner.
• Since recording the chat with Mandy she was also awarded
• Australian Information Security Association (AISA) Professional of the year (2019) as well as a fellowship of AISA​
• Louisa and Beverley agree that is so great to see volunteers recognised in our industry

​​​THE CHAT​​*CONTENT WARNING*: This chat briefly makes mention of domestic violence. If this word is a trigger for you we would advise listener discretion. If you need to skip past the section you can fast forward the minute markers from minute 19:55 to 21:00
If you have been affected by this content in any way, please visit lifeline.org.au who have resources on their website for support around domestic and family violence as well as a 24/7 crisis helpline. ​Mandy Turner is a shining light in the Cybersecurity industry - she is positive, collaborative and supports the industry thorough extensive volunteer work. Mandy has recently been recognised for her work winning multiple awards this year. She knows our industry well and what we need to change - you can read her full bio via the following link Mandy Turner BIO​For the full Transcript of the chat visit this linkprovided for free by Otter.ai (unedited)​THE DEBRIEF​

• Beverley is amazed by the volunteer work that Mandy does and the contribution she has made (and continues to make) to our profession
• Louisa agrees and re-iterates how great it is to see her recognised
• Beverley is curious about Mandy's book plans and cautions that whilst we need not glamourise cybercrime as it is just crime, we know it is still much harder to catch (cyber) criminals
• Louisa shares that a future podcast will cover the way in which tech enables cybercrime
• Louisa reminds listeners that their feedback is valued and that we welcome guest suggestions!

​How to follow Mandy​Initiatives: The mentoring initiative website (such as it is,) is here https://cybercenturymentoring.weebly.com/
Twitter: https://twitter.com/empressbat
LinkedIn: www.linkedin.com/in/amandajane1​CREDITS​Guest: Mandy TurnerHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH
Research on causes of stress in cyber https://www.google.com.au/amp/s/www.techrepublic.com/google-amp/article/cybersecurity-burnout-10-most-stressful-parts-of-the-job/
Reasons you are not suited to a cyber careerhttps://www.google.com.au/amp/s/www.techrepublic.com/google-amp/article/10-signs-you-arent-cut-out-to-be-a-cybersecurity-specialist/​Dr. Jessica Barker research on origins of cyber https://www.peerlyst.com/posts/cyber-by-any-other-name-would-smell-as-insecure-the-language-of-security-at-bsides-london-2016-jessica-barker
​CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO

• Data is everywhere including in Louisa's living room in many different forms (thanks to Star Trek!)
• We know data is being created in large volumes and we know it can be used in a negative way but how do we know we have the right systems in place now and in the future to effectively govern it
• Beverley says there is a lot of debate about these topics and confirms that our guest today will be able to help bring some of these issues together
• Daniella Traino who is very close to the innovation space - she is the cyber track leader at Spark festival and a volunteer Start up Editor on Cyber and AI at https://www.ideaspies.com/

​​​THE CHAT​​Daniella Traino leads a niche technology advisory with a focus on strategic cyber security services (interim CISO for high-tech & mid sized enterprises) and high-tech commercialisation. She is a non-executive director and strategic advisor to IoTSec Australia (a not-for-profit organisation influencing IoT cyber security innovation), a member of the Research Advisory Committee for the Internet Commerce Security Laboratory (ICSL) – a cyber security research unit of Federation University Australia, Startup Editor (AI, Cyber Security) for IdeaSpies (platform sharing innovation to inspire action across the Australian ecosystem), Cyber Track Leader for Spark Festival. She was recently nominated as 2019 Security Champion, by the AWSN & CSO IDG Women in Security Awards.
Full Bio for Daniella herehttps://www.cybersecuritycafe.com.au/daniella-traino-bio:
Transcript of the full chat on our website: ​ https://www.cybersecuritycafe.com.au/transcript-daniella-traino-chat transcript provided by Otter.ai (unedited)​THE DEBRIEF​

• Louisa needs the mind-blown emoji after listening to the chat
• Louisa was interested by the idea Daniella shared about changing the economic value of collecting data and shares an example of where she was asked to share data she didn't need to
• Beverley has a technique she uses to protect her privacy when shopping - she doesn't have loyalty cards at all!
• Louisa mentions the positive of AI in Cybersecurity and shared some research finding from Cap Gemini and also shares some insights around how Cybercriminals are using AI
• Beverley wonders what we need to consider from a product development perspective and Louisa offers some insights
• Beverley wonders if we should sign up to an ethics agreement as a cyber security profession
• Louisa thinks that's one for a whole other podcast!

​How to follow Daniella:​Twitter: Daniella_t05Website: https://www.pineconestrategies.tech/​CREDITS​Guest: Daniella TrainoHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH ​https://www.capgemini.com/research/reinventing-cybersecurity-with-artificial-intelligence/https://labsblog.f-secure.com/2019/07/11/malicious-use-of-ai/https://www.raconteur.net/technology/ai-cybersecurityhttps://www.computerworld.com.au/article/632444/6-ways-hackers-will-use-machine-learning-launch-attacks/https://www.techopedia.com/are-hackers-using-ai-for-malicious-intentions/2/33647​​CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO

• Louisa has a cartoon to describe that she saw on the Cyber Security Hub via LinkedIn (link to original cartoon in the research links below)
• Beverley thinks it's timely, and a perfect lead in for our guest today.
• Beverley has a quote from Warren Buffett, and everybody's got a load of respect for Warren Buffett. He says we are on in uncharted territory by not having the right cyber security skill sets in every boardroom. companies and their boards have set themselves up for failure, it's almost guaranteed, it's going to get worse before it gets better.
• Louisa wonders if we get our time in the boardroom, how do we possibly convey the right information that the board needs in that just that few minutes that we get if we get it? And how do we make sure that we understand what they're thinking and what they need from us.
• Beverley thinks we've made a lot of assumptions about what boards want to talk about and what they're interested in. The reality is, we like to think, because we see cyber risk as so important we'd love to think that we're one or number two, and here was an article last year that said we're in the top five subjects. she is not sure if that's true and is hoping that our guest today is going to shed some light.
• Louisa Is so confident he'll be able to do that - Jason Wilk, will be joining us and he has got one foot in the boardroom and one foot in cyber security. So she can't think of anybody better qualified to come and talk to to us about what boards need from us, and how we can better engage with them on on cyber security.

​​​THE CHAT​
The unedited transcript of the chat with Jason Wilk courtesy of otter.ai can be found via our website: https://www.cybersecuritycafe.com.au/transcript-jason-wilk-chat
​THE DEBRIEF

• Beverley unpacks whether we can apply occupational health and safety to cybersecurity awareness programs and shares some insights on when she had tried this
• Beverley acknowledges there is a lot to learn from occupational health and safety and that it is great place for us to take some learnings
• Louisa was struck by Jason's advice that we should be careful not to talk about a 'cyber culture' with boards but that it doesn't mean this term and the work relating to it is not valuable outside of the board room
• Beverley notes we should ensure we align our cyber behaviours to an organisations culture overall

How to follow Jason:
LinkedIn page: https://www.linkedin.com/in/jasonwilk-au/Website: https://www.bluezoo.com.au/​CREDITS
Guest: Jason WilkHosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)​
RESEARCH ​Roger Schillerstrom cartoon original article link (cartoon reposted by The Cybersecurity Hub on LinkedIn): https://www.pionline.com/article/20170123/PRINT/301239998/get-real-on-cybersecurity​AICD Cyber for Directors Course: https://aicd.companydirectors.com.au/education/courses-for-the-director/short-courses/cyber-for-directors
Security in Depth ‘State of Cyber’ 2019 research on only 2/3 of Australian businesses having a cybersecurity professional on staff https://securityindepth.com.au/stateofcyber​
CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO ​​Beverley gets payback this episode by getting to interview Ken Gamble – although she does have a background in eCrime so Louisa is happy to let her have this one!
Ken is co-founder and Executive Chairman at IFW Global who provide the expertise & global reach to investigate serious fraud, combat cybercrime and recover assets https://www.ifwglobal.com/about/our-team/​​THE CHAT​​Full show notes from the chat are available on our website show notes page for this episode: https://www.cybersecuritycafe.com.au/shownotes-ken-gamble
FOLLOW KEN
IFW Global LinkedIn page: https://www.linkedin.com/company/ifw-globalIFW Podcast ‘Scammers Caught in action’ where you can listen to the boiler room con artists in action and learn how to avoid falling victim. https://soundcloud.com/ifwglobal/scammers-caught-in-actionIFW Global website: https://www.ifwglobal.comTwitter: @ifwglobal
CREDITS
Guest: Ken Gamble https://www.ifwglobal.com/about/our-team/Hosts: Beverley Roche and Louisa Vogelenzang https://www.cybersecuritycafe.com.au/co-hostsProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
Aljazeera documentary featuring Ken Gable ‘Swindle Kings of Manila’https://www.aljazeera.com/programmes/101east/2018/09/swindle-kings-manila-180913064446101.html
Link to the 60 minutes documentary ‘How IFW Global led 60 Minutes to one of the biggest boiler room busts ever seen’https://blog.ifwglobal.com/blog/60-minutes-ifw-global-take-down-boiler-room-operation
Outstanding Consumer Affairs Reporting (sponsor Godfrey Wines) Liam Bartlett, Joel Tozer (60 Minutes, Nine)http://kennedyawards.com.au/
Australian Competition and Consumer Report 2018 https://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2018

CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

THE INTRO

• It's a brief intro today because we want to get straight to our guest from our favourite security podcast - Smashing Security's Graham Cluley. Beverley is very much regretting giving the interview to Louisa 'the Brit interviewing the Brit' because Graham couldn't tell that Louisa was British anyway!

​​THE CHAT

• Graham Cluley is co-host of the award-winning Smashing Security podcast (winner of cybersecurity podcast of the year 2018 and 2019) as well as being a public speaker, award winning blogger and independent computer security analyst
• More background on Graham here https://www.grahamcluley.com/about-this-site/
• We get to know Graham a little by chatting about how he landed in Cybersecurity by writing computer games when he was a student and how a package that arrived at his house changed his life
• How anti-virus was back when Graham started at Dr Solomon’s and how it looks today
• What Graham is doing today and why he loves podcasting so much
• Why using humour helps to engage people with security messaging and why Graham feels it’s important to try and be accessible to everyone by using language that people can understand
• Why it’s hard to stay up to date with security
• What threats we should be focused on right now noting that some of those aren’t going to be very sexy
• Graham’s view on the biggest threat right now which is Phishing and why that continues to be a big problem
• How business email compromise has changed and why it is still a risk for businesses today
• What can be done about BEC across both process and technology perspective (including email tags, domain name verification, DMARC and what this does)
• Why technology alone doesn’t effectively stop most of the InfoSec problems
• What everyone is talking about in Europe (apart from Brexit) including GDPR and whether this is having an impact on executives’ attitudes to security and whether fines need to increase
• Whether being a ‘secure’ company will be a differentiator
• Why people get so excited about IoT
• Whether people actually change suppliers after a data breach or a privacy scandal
• Whether the Great Hack will change anything in terms of people’s attitudes
• How the most popular episode of Smashing Security was about quitting Facebook and why people stay
• We get some great advice from Graham on how he manages passwords and what should we be telling others about how they should manage their passwords. We also discuss password managers and how they can help us to help our families and friends too.
• Graham’s view on the future and why he is wary of predicting it
• The role of the cybersecurity community in the future

​​How to follow Graham:Podcast: ‘Smashing Security’ with Graham Cluley and Carole Theriaulthttps://www.smashingsecurity.comTwitter: @gcluleyBlog: https://www.grahamcluley.com​​THE DEBRIEF​Our key take aways from the chat with Graham including

• How engaging, fun and relatable Graham's communication style is
• Beverley loved Graham's 'Open Source Intelligence' and 'IOT Toothbrush' comments and we get to hear her awesome British accent impression ;-)
• Why Louisa didn't want to admit to Graham that she had a Google home
• How much is enough to create a wake up call for shareholders around data breaches
• Quitting Facebook and how hard it is to give up - Beverley has finally given up hers and what the other alternative methods are
• Whether people actually take action following privacy scandals and what more we can do about that including vote with your keyboard not your feet (that would be #sneakernet)
• Why we are so grateful to Graham and why you should listen to Smashing Security

CREDITSGraham CluleyGuest:Beverley Roche and Louisa VogelenzangHosts:: Louisa VogelenzangProducer/EditorDarcy Milne (Propodcastproduction.com)Sound Producer:
RESEARCH

• Business Email Compromise Losses: https://businessinsights.bitdefender.com/fraudsters-steal-million-business-email-compromise
• Accenture research about businesses differentiating based on trust referenced by Louisa:

"As people become more anxious about their data security and privacy, we'll start to see.....organisations differentiate based on trust more than on price or on pure technical capabilities"Note: This quote came from Accenture's Johnathan Restarick commenting on the Australian results from some 2019 Accenture research - 'Putting the Human First in the Future Home' and cited in the Australian Financial Review (subscription only – accessed Thursday 11th July 2019)

• The Great Hack Netflix documentary https://www.netflix.com/au/title/80117542

​​CONTACT THE CYBERSECURITY CAFÉJoin our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-caféEmail us:louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.auVisit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.​

See omnystudio.com/listener for privacy information.

THE INTRO
- We are excited to hear that Apple has increased their bug bounty for security researchers to $1M- We also look at the role research plays in our industry includingo The start of our industry in 1971o Who is doing research today- It’s great that we have an academic on the show today to talk to us about their research and how the cyber security community can get more engaged with academia
THE CHAT
is a qualitative researcher who uses creative engagement methods to explore everyday practices of information production, protection, circulation, curation and consumption within and between communities. She took up a full-time academic post in 2008 and prior to joining Royal Holloway University of London she worked for 18 years as an information security practitioner. Lizzie’s focus is the intersection between perceptions and narratives of individual and community security and technological security. Her research specialises in public and community service design and consumption. Lizzie is currently an EPSRC research fellow with a research programme in everyday security and digital service design.Professor Lizzie Coles Kemp
We talk about- How Lizzie landed in Information Security in 1990 because she spoke Swedish and why she enjoys security- Why cybersecurity professionals are diverse and why it is important- How design thinking tools can be use in cybersecurity including storytelling, using different mediums - story boarding, lego, and forms of physical modelling to represent security to think through all the things that contribute to a secure interaction etc- The importance of bringing together different thinking and ways of solving the problem- Why we need to ask the question from different angles and ask the fundamental questions – why does it work (as well as what doesn’t work)- How do we actually use design thinking? Lizzie walks through an example on where engagement on security awareness training is low and how you could use design thinking to understand the everyday of those not engaging with the training. It allows us to take a step back.- An overview of the ‘You Shape Security’ program Lizzie had worked on with the NCSC- The need to work with and not work against and understand the benefit as well as the benefit gaps you need to resolve of a security measure (technology, policy, service).- How you can scale capacity of these kind of engagements as they are low fidelity- Why this sort of thinking is a great bridge to other parts of the organisationo Research has show security practitioners spend a lot of time interacting and communicating but the framing/language is alien to those outside of securityo Design tools are a useful bridge into the other world as they don’t use specialist language and why HR, Product Designers, CEOs, the board like these engagements as they help them to understand what is going on, on the front lineso They help to highlight the creativity and the positive (as well as the negative and the blockages). Security can be both negative AND positive- Lizzie touches briefly on her work in Sweden on the digitisation programs – how digitisation changes how decisions are made, where the processes happen and frees up spaces, so that we can have other interactions (there) so that we can start to work with people to understand better their information flows and the benefits they get.- Lizzie works us through how we can better engage with academia – to imagine different futures through design café, sprints and workshops in spaces that help us to build a more creative toolkit to think about different types of security challenges and the only way we can do this is by working together.o Lizzie would love to work together more not in solution mode but in imagining different futureso Lizzie talks about the great example of the security practice conference and how the teams from different areas came up with different ideas on how to go forward. These are the sort of activities that will spark new and interesting academia and security practice collaborations- Lizzie will be in Australia in September for 3 weeks and loves our open nature and willingness to embrace new ideas- Why Lizzie thinks Australia has such a fantastic capability around civil resilience around bush fires, food security and environmental and how Lizzie thinks Australia could lead the world in resilience thinking
THE DEBRIEF
- Our key takeaways from the chat includingo The potential of Australia when it comes to cyber resilienceo The need to identify (and work on) those benefit gaps when it comes to people’s view on a security control, policy or serviceo The way we can use design thinking to help us solve problems in cyber security

How to follow Lizzie:Email: Lizzie.Coles-Kemp@rhul.ac.uk
CREDITS
Guest: Professor Lizzie Coles KempHosts: Beverley Roche and Louisa VogelenzangProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
Where cybersecurity began – with a research project! https://www.cybersecurity-insiders.com/a-brief-history-of-cybersecurity/
The cybersecurity Cooporative research centre in Australia https://www.cybersecuritycrc.org.au
10 signs that you aren’t suited to a career in cyber security https://www.techrepublic.com/article/10-signs-you-arent-cut-out-to-be-a-cybersecurity-specialist/
NCSC ‘origins’ research into cybersecurity background that Lizzie mentioned https://www.ncsc.gov.uk/blog-post/origin-stories
Professor Lizzie Coles Kemp’s YouTube on ‘Digital security for all’ https://www.youtube.com/watch?v=tL-K0yM4PLA
NCSC ‘You Shape Security’ booklets that Lizzie mentioned https://www.ncsc.gov.uk/collection/you-shape-security
Digitizing Sweden (also mentioned by Lizzie:https://www.mckinsey.com/featured-insights/europe/digitizing-sweden-opportunities-and-priorities-in-five-ecosystems


CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:
louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

The Intro
Beverley won’t let Louisa move into the spare room, even if it is her birthday!Beverley talks about how we all want to help small business with their cybersecurity but are we doing the right things that are right for that marketLouisa has been researching (again) looking at the confusing landscape of advice for small businesses on cyber securityWhy Adam is the perfect guest to help us better understand the market, the problem and what small business needs from security
The Chat
Adam Selwood is Director, Co-founder and CTO at Cynch Security and we are so pleased to have a local Melbourne cybersecurity entrepreneur in the café with us!
We talk aboutWhere Adam started his career, how he moved into cybersecurity and why he loves itWhy he and Suzie first discovered the pain that small business experiences around data breaches and the passion he and Suzie found for trying to finding solutions to help themWhat is a small business and how to define that areaThe challenges with getting data around the impacts for small businessWhat are the attitudes towards cybersecurity within small businesses and whether they are optimistic about their securityWhether it’s a realistic figure that 60% of small business go out of business after a cyber attackWhat are the characteristics on a small business and the challenges they haveWhat small business needs from cybersecurity solutions and what they have invested in so farHow the cybersecurity industry can confuse small business with our languageWhy small businesses are not keeping up to date with cybersecurity threats and solutions to address thoseWhat the biggest risk for small business is when it comes to cybersecurityThe relationship between small business and large corporates when it comes to supply chain riskThe changing landscape for small business around regulation and how this will impact themWhat the future holds for small business security includingincreased data breach regulation (and disclosure)customers driving increased security from small businessDigital natives changing the expectations of small businessIncreasing attacks affecting small businessWhy there is no bigger problem in cybersecurity than small business security and why Adams is optimistic on the solutions coming for small businessWhy cybersecurity is part of a long list of challenges for small businessAdam’s fantastic advice for would be entrepreneurs in cybersecurity
The debriefOur key takeaways from the chat includingConfirmation email is the biggest threat for small businessThe amazing amount of passion and due diligence done by Adam and Suzie on the problems that small businesses experienceWhy we should support Cynch and why small business is important for the Australian economyThe misquoted fact about the number of small businesses that go out of business after a cyber attackWhere to find facts that you can use about small business cybersecurity
How to follow Adam:Visit: https://cynch.com.au/LinkedIn: https://www.linkedin.com/in/adamselwoodTwitter @adamselwood
CREDITS
Guest: Adam SelwoodHosts: Beverley Roche and Louisa VogelenzangProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
The in-question fact about 60% of small businesses going out of business after a cyber attack
https://staysafeonline.org/press-release/national-cyber-security-alliance-statement-regarding-incorrect-small-business-statistic/
https://www.bankinfosecurity.com/blogs/60-hacked-small-businesses-fail-how-reliable-that-stat-p-2464
Security Boulevard facts you can use on small medium business security (with some facts around small business only)
https://www.securityboulevard.com/2019/06/15-small-business-cyber-security-statistics-that-you-need-to-know/amp/

CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:
louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Visit our website: https://www.cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.

The Intro

• Louisa has been inspired by the Geiger Counter she saw on the Chernobyl series and is spruiking her idea of a FUDometer (for detecting Fear, Uncertainty and Doubt) for cybersecurity and how they could be helpful at conferences and for holding over brochure ware
• Why Fear is annoying and not effective – something highlighted by studies and industry thought leaders (links to mentioned research below)
• Why Dr Jess is the perfect guest to talk to us about the psychology of fear

The Chat
Dr Jessica Barker has a PhD is one of the top 20 most influential women in cyber security in the UK and we are thrilled to have her in the café with us!https://www.cygenta.co.uk/jess-bio
We talk about;

• How Jess came from a PHD in Civic Design into Cyber Security and her insights from googling cyber security and what happened when she joined the profession
• The psychology of fear and what it has to do with cyber security
• Why there is fear in cybersecurity – we are talking about something scary after all
• But there is an issue with how people respond to a fear-based message – an area Jess has researched in detail
• The messaging of what’s in it for me and why that is importance
• Why it’s important to ensure security doesn’t impact on productivity or become a blocker
• How and why use security champions and ambassadors – to spread the message AND to take feedback
• What the key indicators of mature cyber security cultures are
• How the way Phishing simulations are run can be an indicator of maturity
• How to measure cyber security culture
• The importance of giving people a chance to talk about how security is working and where it isn’t
• How to shape your awareness messaging based on the culture you want
• The importance of bringing culture and policy closer together
• How culture is different company to company and the importance of understanding the business
• We discuss the Research (link below under RESEARCH) that Dr Jess undertook with Palo Alto and YouGov which includes
• How people feel about how well they are protecting their data online
• Optimism bias
• The demographics in terms of who was more confident
• How we must consider the level of confidence when communicating
• We discuss whether the optimism aligns with how much is lost to Cybercrime and scams
• Why we need to do more to protect the broader society and personal security issues – there is a gap from the corporate level to the awareness for the general population and why googling doesn’t help
• The need to show people the HOW attacks can happen to demystify
• The need to ensure people engage in the danger and not the fear – they must be empowered

How to follow Jess:Visit: https://www.Cygenta.co.ukTwitter @Drjessicabarker
CREDITS
Guest: Dr Jessica Barker https://www.cygenta.co.uk/jess-bioHosts: Beverley Roche and Louisa VogelenzangProducer/Editor: Louisa VogelenzangSound Producer: Darcy Milne (Propodcastproduction.com)
RESEARCH
The Global Cybersecurity capacity centre 2014 working paper on awareness campaigns:https://www.sbs.ox.ac.uk/cybersecurity-capacity/system/files/Awareness CampaignsDraftWorkingPaper.pdf
David Spark’s Article on why CISOs find selling using fear annoying:https://www.forbes.com/sites/davidspark/2018/03/06/9-reasons-why-selling-fear-does-not-work-on-a-ciso-cisosecurity-vendor-relationship/#55f291a12a1d
Louisa’s article on appropriate use of fear and what we can learn from the health industry:https://www.fudfreecyber.org/post/appropriate-use-of-fear-5-lessons-the-cyber-security-industry-can-learn-from-the-health-industry
Trust in the digital age research from Palo Alto, YouGov and Dr Jessica Barker:https://blog.cygenta.co.uk/trust_survey/

CONTACT THE CYBERSECURITY CAFÉ
Join our LinkedIn Group https://www.linkedin.com/company/the-cybersecurity-café
Email us:
louisa@cybersecuritycafe.com.aubeverley@cybersecuritycafe.com.au
Want to be on the show? Send us your bio and an overview on what you want to chat about and we’ll be in touch asap.
We also welcome guest suggestions – in particular we’d love to hear from new voices in the industry who have new ideas to share about the human side of security.

See omnystudio.com/listener for privacy information.