In the shadow of the recent MGM Cyberattack (and other recent ransomware attacks in U.S. and in the Pacific Islands), cyber defense is in the spotlight.  Specifically, what role should corporate boards play in human risk management, as well social and human engineering defenses?  Following are OODA Loop resources on these cyber threats, addressing the question of whether “the human factor” is properly addressed at the company culture level  – or is it purely an IT operational concern? 

OODA Loop: On Human Risk Management, Social and Human Engineering

FEDcyber is the ancestor organization and conference which became OODA Loop.  At FEDcyber 2014, keynote speaker Masha Sedova shared with attendees her successful work to “gamify” security awareness and how the technique can be scaled from small to large companies to reduce cyber threats.

 

https://oodaloop.com/archive/2022/05/19/people-culture-organizations-cybersecurity-and-technology/

https://oodaloop.com/archive/2020/12/04/masha-sedova-co-founder-elevate-security-on-human-risk-management/

https://oodaloop.com/archive/2022/04/28/is-your-insider-threat-risk-management-program-ripe-for-innovation-part-1/

https://oodaloop.com/archive/2022/09/22/new-open-source-report-documents-chinas-decades-long-success-with-human-targeting-efforts/

https://oodaloop.com/archive/2022/11/30/whats-2023-cybersecurity-look-like-trust/

https://oodaloop.com/resource/2015/02/01/uk-cert-introduction-social-engineering/

Additional Resources

For further OODA Loop News Briefs and Original Analysis on these topics, go to: 

• Social Engineering
• Human Engineering
• Human Risk Management

Corporate Board Accountability for Cyber Risks: With a combination of market forces, regulatory changes, and strategic shifts, corporate boards and their directors are now accountable for cyber risks in their firms. See: Corporate Directors and Risk

Computer Chip Supply Chain Vulnerabilities: Chip shortages have already disrupted various industries. The geopolitical aspect of the chip supply chain necessitates comprehensive strategic planning and risk mitigation. See: Chip Stratigame

Proactive Mitigation of Cyber Threats: The relentless nature of cyber adversaries, whether they are criminals or nation-states, necessitates proactive measures. It’s crucial to remember that cybersecurity isn’t solely the responsibility of the IT department or the CISO – it’s a collective effort that involves the entire leadership. Relying solely on governmental actions isn’t advised given its inconsistent approach towards aiding industries in risk reduction. See: Cyber Defenses

The Necessity of Continuous Vigilance in Cybersecurity: The consistent warnings from the FBI and CISA concerning cybersecurity signal potential large-scale threats. Cybersecurity demands 24/7 attention, even on holidays. Ensuring team endurance and preventing burnout by allocating rest periods are imperative. See: Continuous Vigilance

Embracing Corporate Intelligence and Scenario Planning in an Uncertain Age: Apart from traditional competitive challenges, businesses also confront external threats, many of which are unpredictable. This environment amplifies the significance of Scenario Planning. It enables leaders to envision varied futures, thereby identifying potential risks and opportunities. All organizations, regardless of their size, should allocate time to refine their understanding of the current risk landscape and adapt their strategies. See: Scenario Planning