You know that look in an employee’s eye when you announce the call to cybersecurity awareness training. They already work in IT or know a lot about computing. They also let you know they already know all about security. The complaints continue. The thought of sitting through some boring classroom sessions with other employees, going over boring things, leaves them cold.
However, what if that training actually gave your employees new skills and doing it was fun too?
The latest view is that teaching interested employees to hack might be a great way to strengthen your cybersecurity posture. It is a win-win for cybersecurity awareness training.
Hacking your company?
Cybersecurity skills come in many flavors, and one of the spiciest is the ability to hack. This may seem like a risky thing to do: What if those very skills were used against your organization? Are you just enabling a whole new set of insider threats?
The chances are that people who might maliciously hack their own company are already skilled in that area or in contact with those who are. You don’t need to learn how to hack to be part of a cybercriminal hacking ring. This was recently exemplified by reports that ads were found on the darknet recruiting bank employees; cybercriminals offered salaries to employees who colluded in illegal bank account access.
Offering employees the chance to learn how cybercriminals think and how their techniques work does not equal creating a criminal mind.
If you offer your staff a training package that includes hacking 101 skills, you will help them improve their skill sets and give them the knowledge needed to counter cyberattacks.
You should remember, however, that cybercriminals hack humans as well as systems. When you train your employees how to hack, bear this in mind. (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/2jyZo1K37Jk/