Infosec now offers campaign kits through its Infosec IQ product: prebuilt campaigns consisting of layered training materials and implementation recommendations. While many vendors are willing to provide guidance on how you should build and deliver your campaign, these kits from Infosec Institute already have that guidance built in. This means even less work for you, along with the knowledge that you are delivering the same training content that other organizations have successfully implemented.
As stated, these kits have layered training material. This means that content is available in multiple forms and all relate back to a central theme. The main content takes the form of short videos, either animated or live action. To support these videos, supplementary training in the form of posters, digital banners, email templates, phishing templates, education pages, and life-size banners are provided. All this content relates back to the main theme of the kit and seeks to reiterate some of the most important points from the main video series.
Infosec Institute provides layered security awareness campaigns. Source: Infosec Institute.
Currently Infosec has three kits available, but let’s look at one example in more detail: a kit called WORKed. This kit includes 12 videos as the main source of content, including a trailer that can be used to tease the content before launch. Each video follows live-action characters in an office setting, re-enacting instances where security is called into question. The videos are short (less than five minutes) and comedic, each video acting as a single episode in a series. Supplementary materials like those described previously are included. They depict certain characters and scenes from the videos to remind end users about the content they watched or to tease upcoming content.
Building and delivering a security awareness and training program for the first time should be a low-hanging-fruit initiative: low effort, high reward. Even a small amount of training can greatly increase the security of an organization. However, some organizations simply do not have the time or experience to put together their own campaigns and remain confident that they will be successful. Maybe they should train more frequently, focus less on passwords, or complement every other module with posters, etc. This line of thought is a rabbit hole that can be avoided by using the prebuilt campaigns offered by vendors like Infosec Institute. All you must do is decide the dates when the training is to go out – the vendor takes care of the rest (e.g. providing already-selected content, updating the training, tracking participation). This leaves you to monitor at your leisure the metrics the vendor offers that measure the effectiveness of your program.
These prebuilt, layered campaigns are also valuable to those who already have a training program in place. Due to the short nature of the videos included in these prebuilt campaigns, they can be easily integrated into an existing program. This is especially effective if you are looking to increase the frequency of training, while exploring new training styles.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.
COVID-19 has changed a great deal about how businesses operate. From a security perspective, however, COVID-19 caught many businesses off guard. The shift from working in the office to working from home has made it difficult for security measures to keep pace. Specifically, how are businesses meant to maintain the same secure networks when their employees are no longer working in the office? Outside of the security of the IT departments, IT and security have a tough time ensuring that patching and vulnerability management remain at the forefront of a business’s priorities.
Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.
We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.
Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.
The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.