Home » cyber security » The Sony Breach & What It Means for Cyber Security Training
iStock_000003215241Large

The Sony Breach & What It Means for Cyber Security Training

After a year of catastrophic, headline-grabbing breaches at major corporations, 2014 closed with perhaps the most dramatic incident of all: a cyber battle between Sony Pictures and a hacking group that federal investigators believe may be linked to the North Korean government.

The attack has resulted in multiple leaks of the entertainment giant’s highly sensitive data, a delay in the release of a major motion picture, and a class-action lawsuit filed by Sony employees for the company’s failure to secure its networks.

Now, in the aftermath of the incident, the Sony breach has struck a chord with companies that have sensitive information to protect. Many have become fearful that a similar scenario could happen to them, and these companies are searching for ways to improve their own security processes.

Undoubtedly, there are areas where enhanced security services and tools could have helped Sony Pictures prevent or mitigate damage. However, as analysts review the company’s security posture, evidence of a more pressing issue is emerging: a general lack of security awareness and training across the entire company.

Even with the most solid security systems in place, mistakes and missteps in data protection can lead to disastrous consequences. This is why it’s critical for organizations to focus on getting all employees – from the administrative assistants to the CEO — educated in cyber security protection.

Unfortunately, many companies have encountered poor results from their cyber security training efforts. This isn’t surprising. With one-size-fits-all approaches to training, educators often miss critical, role-specific information that employees need to best protect their organizations. Cyber security training initiatives are most effective when the materials are relevant to specific user types and tailored to their unique role within the organization. And specific training for these five sets of people is essential to every organization’s cyber security efforts.

  1. IT and cyber security personnel – All professionals with a hand in an organization’s cyber defense need a more technical level of training than other staffers. And with the field continuously evolving, it’s important that these advanced programs are delivered by working experts who have an up-to-the-minute knowledge of the latest threats and defense techniques.
  1. Human resources personnel – Human resources professionals have to deal with and protect very sensitive data on a daily basis. Their access to employees’ social security numbers, contact information and financial data put them on the front lines when it comes to cyber security. This means they need to be trained on how to properly safeguard it – and not rely solely on the IT department.
  1. Legal professionals – Legal documents obviously need to be kept private. However, this can be trickier than it seems when modern business requires sharing this type of information online, often across companies. Legal professionals need to understand the best practices for making sure critical documents don’t end up in the wrong hands.
  1. Medical professionals – Anyone who works with protected health information needs to comply with HIPAA and other regulations for handling this type of data. Yet, without a thorough understanding of it, employees can easily cause a regulatory breach that leads to a hefty fine for the company.
  1. Social media and community managers – Companies use social media in a number of capacities, from marketing and lead generation to customer support. But these outlets can also be an entry point for hackers. Those accessing a company’s social media accounts need to be trained in how to avoid the vulnerabilities that commonly pervade these channels.

The Lunarline School of Cyber Security offers specialized training programs that are tailored to each of these groups, as well as numerous others. These custom programs help ensure that the education your team members receives is not only relevant, but also applicable. To learn more about our training programs, please visit the Lunarline School of Cyber Security online, or contact us today.

 

 

 

About Spence Witten

Spence has somehow survived ten years at start-ups and small businesses without suffering a (major) nervous breakdown. As Lunarline's Director of Federal Sales, Spence actually loves working on proposals. If there were any doubt, this is proof that he is in fact certifiably insane. While his title says "Sales" Lunarline doesn't let him off that easy. We make him do real work, too. Luckily he's a recognized subject matter expert in security policy and loves helping clients navigate their way around tricky security compliance standards. He's also been known to lead a software development initiative or two, though that pretty much always ends poorly for everyone involved. He can be reached at spence.witten@lunarline.com.