Surveillance as a Condition for Humanitarian Aid

Excellent op-ed on the growing trend to tie humanitarian aid to surveillance.

Despite the best intentions, the decision to deploy technology like biometrics is built on a number of unproven assumptions, such as, technology solutions can fix deeply embedded political problems. And that auditing for fraud requires entire populations to be tracked using their personal data. And that experimental technologies will work as planned in a chaotic conflict setting. And last, that the ethics of consent don’t apply for people who are starving.

Posted on August 20, 2019 at 6:45 AM

0 Comments

How to market security: 8 tips for recruiting users to your cause

The figures aren’t encouraging: Recent reports have concluded that most employees don’t know much about cybersecurity best practices.

The third-annual State of Privacy and Security Awareness Report, released by security education and training firm MediaPRO in 2018, found that 75% of the 1,024 U.S. employees surveyed lack cyber awareness.

Mimecast also reported similar findings. The company, which specializes in cloud-based email management, commissioned Google Consumer Research to survey 1,000 employees across various sectors and found that some 25% of them were unaware of the most common cybersecurity threats, such as phishing and ransomware attacks.

Furthermore, Mimecast found that about half of those surveyed said their employers did not have mandatory cybersecurity training, with 10% saying their employers had optional training and some 10% saying they only received formal cybersecurity training during their onboarding process.

Given those statistics, it’s no wonder that cybersecurity experts still consider humans to be the weakest link in the security layers meant to safeguard an organization’s systems and the data they contain.

That stance may be no mystery. But there’s something that has long puzzled many security chiefs: How to get more workers to care about security and be more actively engaged in protecting their organizations.

Experts say there are, indeed, strategies that CISOs can pursue to better market the security message and mobilize employees to join with their security mission – strategies that go to supporting, enabling and empowering workers vs. scaring them with tales of cyber doom and gloom.

“It’s about winning people’s hearts and minds, giving them a reason to care. It’s about helping people understand what’s in it for them,” says Joe Nocera, a principal in PwC’s Cybersecurity & Privacy practice. “CISOs who say what people shouldn’t do aren’t good at helping drive change and build support. And selling on fear, uncertainty and doubt don’t build support for the security program. CISOs need to communicate how security helps the business.”

To better market the value of security and win converts over to the cause, here are eight proven strategies that can get the job done:

How much should you spend on security?

How much should an organization spend on security? The simple answer: It depends.

Factors such as the sort of business the company is in, the types of personal or sensitive data or intellectual property it handles, the regulatory requirements it faces, the complexity of its IT infrastructure, the likelihood of it being a target for attacks, and other elements come into play.

The more important question might be: “How should an organization go about determining how much to spend on security?” The process enterprises go through to figure out their proper level of spending on security can be critical to effectively safeguarding systems and data.

Many factors drive security spend

Recent research reports provide some context in terms of how much organizations are spending on security. CIO’s 2019 State of the CIO survey conducted in November 2018 asked 683 IT executives worldwide what percentage of their company’s total IT budget was represented by IT security. The mean response was 15%. Nearly one quarter of the organizations (23%) are devoting 20% or more of their IT budget to security.