Our Roundtable Sessions are invite-only events hosted by peers for peers that bring together a select group of senior IT leaders from across industries for topic-driven, intimate, dialog on current trends and topics. We hosted this Session featuring a group of CXOs and other IT executives. The group met remotely to discuss gamifying phishing & securing college campuses, led by the VP & CIO for a leading research University. This Session was sponsored by Wootcloud.
To truly secure your organization, it’s important to put security at the forefront of every strategic decision you make. Be it onboarding a new vendor, acquiring another firm, or expanding into a different region. Moreover, it’s also crucial to make your workforce feel inherently responsible for ensuring high levels of security. People should consider the best security practices, not because they have to, but because they want to. Make them feel involved, give them incentives to participate in training, and make security a common theme across your establishment.
A majority of the executives shared similar concerns regarding visibility across their infrastructures: They do have some of it, but they are striving to expand their horizons. One mentioned that they have tools producing heaps of data, but they are unable to process it efficiently. Another noted that many tools generate analytics for them, but who will manage it all? Where is the human interface? And if there’s no human interface, how do we automate to address all the modern cybersecurity issues?
An executive from an educational institution recounted how they spread cybersecurity awareness across their organization via a phishing contest. Since traditional training exercises were not fruitful, they conducted a phishing competition, which featured over 2000 people from around the campus. People were awarded points for participation in the training and also for catching trophy phish. The points were usable at local vendors across the college and also at online stores. This entire effort drew people to phishing, not because they had to, but because they wanted to. It also allowed the cybersecurity team to start a conversation about phishing with the rest of the institution, and it remained a common topic for over two weeks.
The same exec also launched a project to teach students how to write professional code and then made them part of software development teams. As a result, student projects get deployed on campus, which most students see as huge achievements. Not only this, but the same students are also responsible for spreading the word about the importance of cybersecurity, motivating others to join. By involving students in the process and gaining their trust, the cybersecurity team can switch from being “an untrusted group that operates in the background” to one that’s very upfront, open, and welcoming.
A participant mentioned how investing in Mist, an enterprise wireless solution powered by AI, making them much more efficient, agile, and secure while adding to their visibility. Using it, they have automated most of their network-related processes; e.g., no need to manually configure an access point; just plug it in, and it’s connected. The tool’s AI also monitors logs, events, and systems to identify and flag anomalies; before the client can notice them.
A speaker said they are just about to implement an IAM solution and talk with HR to establish role-based operations. It’s virtually impossible to operate when you don’t even know who is on your network. Who are the people sending and receiving information? What about the digital ghosts, people who leave, but their access still exists in the system? There should be a solution that allows the information security team to give and revoke access whenever needed seamlessly. An IAM system provides all these features.