Category Archives: Employees Awareness

Allegory for Information Security

Allegory is a powerful tool to explain a complex topic or summarize it, so many times I  explain that Information Security should be like the atmosphere – it should be transparent (not felt, not bothering), it should prevent bad things (asteroids = malware/other attacks) from coming in, and prevent good things (like oxygen = sensitive/confidential data) from getting out.

Cyber attacks are more certain than fire and theft risks for businesses

The insurance company Aviva conducted a research about cyber risks and one of its main conclusions was:
… the research found that businesses are 67% more likely to have experienced a cyber incident than a physical theft and almost five times as likely to have experienced a cyber attack as a fire.
If the numbers are real and it not just a PR to sell more cyber insurance – then I think it is a landmark in the history of information security – a major “upward” step in the risks ladder, getting closer to certainty in the probability scale.
As I always say – much of our work in cybersecurity is not technical, it is fighting repression, the mentality pushback by humans we work with about dealing with digital risks, and this research may help us by having a statistical evidence that cyber risks are not accidental, they are intentional (be it either a personal or generic targeting) and they are bound to happen, to only question is if we will do something about it.