Summary of the Cybersecurity Hygiene Webinar (Part 1)

Watch the webinar here: 

Watch past episodes & sign up for future episodes at https://success.forthright.com/cyberseries

Introduction
Heath Gieson, the Chief Security Officer (CSO) at Forthright, opened the webinar by highlighting the importance of cybersecurity hygiene for organizations. He emphasized the need for implementing essential cybersecurity practices and encouraged attendees to review Forthright's four-part cyber hygiene series available at [success.forthright.com/cyberseries](https://success.forthright.com/cyberseries).

Panel Introductions

• Frank Marino: With 18 years at Forthright, Frank oversees the company’s services as COO, ensuring security practices serve as enablers rather than obstacles.
• Rory V. Sanchez: The CEO of Forthright Technology Partners, Rory, expressed his appreciation for the panelists' expertise in cybersecurity.
• Heath Gieson: The new CISO at Forthright brings years of cybersecurity expertise has been leading the Cyber Series on Cyber Hygiene. Watch the series at https://success.forthright.com/cyberseries
• Tim Marley: A cybersecurity leader with over 20 years of experience, Tim shared his extensive background in IT security and compliance assurance.

Key Discussion Points
1. Role of User Education in Cybersecurity

• Tim Marley: Emphasized that users are the frontline of an organization’s security. He shared an example from his experience at a health science center where doctors fell victim to a spear-phishing attack, resulting in significant financial loss. Tim highlighted that no technical solution is foolproof without proper user education.
• Rory V. Sanchez: Agreed with Tim, noting the sophistication of phishing emails and the importance of training users to recognize and avoid such threats. He cited instances where attackers used generative AI to craft convincing phishing emails.
• Heath Gieson: Discussed the importance of simulated phishing tests to reinforce training and ensure users remain vigilant. He emphasized the need for regular, concise training sessions, recommending quarterly training that takes no more than 30 minutes.
  
  

2. Implementing Effective User Training

• Heath Gieson: Suggested keeping training sessions short and focused, with additional training for those who fail simulated phishing tests. He stressed the importance of contextual awareness, such as recognizing QR code phishing (quishing). Heath recommended ongoing, adaptive training to address evolving threats and user behaviors.
• Frank Marino: Stressed the importance of understanding the user's perspective when designing training programs. He noted that successful training should engage users and make them active participants in the organization's security efforts. Frank also highlighted the role of generative AI in creating more convincing phishing emails, necessitating continuous improvement in training methods.
  
  

• Frank Marino: Pointed out that smaller organizations, even those with fewer than 30 employees, are at risk because they may lack robust security controls. He emphasized that effective user training and awareness are crucial, regardless of organization size. Frank shared examples of how smaller organizations often face unique challenges due to limited resources.
• Rory V. Sanchez: Discussed the added risk posed by remote work environments, where employees can't easily verify suspicious emails with colleagues in person. He mentioned that remote work increases the potential attack surface, making consistent and thorough training even more vital.

•  Rory V. Sanchez: Shared a case where an email compromise led to significant financial loss for an organization. The attackers monitored emails and sent fraudulent wire transfer instructions at an opportune moment, highlighting the need for vigilance and verification processes. Rory stressed the importance of implementing multi-factor authentication and other security measures to prevent such incidents.
  
  

#cyberhygiene #cybersecurity #cybersecurityawarenesstraining