As published in the July/August edition of InfoSecurity Professional Magazine
By Crystal Bedell
As a former cyber analyst for the government, Masha Sedova has seen firsthand what a Russian state-sponsored attacker is capable of. So, when she was charged with building a security culture at Salesforce in 2012, she knew an employee newsletter and animated videos wouldn’t prepare end users in the event of a targeted corporate attack.
“I thought, ‘There’s no way this will work. It’s a waste of time,’” says Sedova, co-founder of Elevate Security in Berkeley, Calif. “In order for an organization to withstand an attack like that, people have to want to do security instead of have to. If it’s just a check-the-box task, people will do the bare minimum and not any critical thinking. Unless I got people to buy into the idea that they could and needed to defend the network, I wasn’t going to get any measurable security change.”
George Gerchow also recognized early in his career the need to better engage end users with cybersecurity. “Policies, procedures and compliance are so dry. People sign policies without knowing what they’re getting into. I thought there’s gotta be something we can do to make this interesting,” says the chief security officer at Sumo Logic, headquartered in Redwood City, Calif. Like other security leaders, Sedova and Gerchow started experimenting with gamification to improve end user awareness. The results have been “remarkable,” according to Gerchow.
“Over the course o ..
Support the originator by clicking the read the rest link below.
