Cybersecurity Keynote Speaker John Sileo Video

John Sileo lost his million-dollar startup, his wealth, and two years of his life to cybercrime. It began when a cybercriminal (and trusted insider) embezzled from the company’s clients using John’s identity. John was held legally and financially responsible for the felonies committed while proving his innocence. The losses not only destroyed his company and decimated his life savings, but consumed two years of young fatherhood as he fought to stay out of jail.

Thankfully, John’s story has a happy ending. After two years, he was exonerated of all crimes and has spent the better part of two decades sharing his story and hard-earned wisdom as a cybersecurity expert, award-winning author, 60 Minutes guest and keynote speaker for the Pentagon, Amazon, and thousands of audiences worldwide. He seeks to keep organizations from becoming the next disastrous data breach headline. John specializes in the human elements of cybersecurity and uses disarming humor, audience interaction and cutting-edge research to keep his training relevant and entertaining.

John is President of The Sileo Group, a Colorado-based think tank, and serves on several boards as a director. He graduated with honors from Harvard University and was recently inducted into the National Speakers Hall of Fame. John finds his greatest pleasure hiking in the Rocky Mountains with his amazing wife and strong daughters – the lovely family who helped him turn life’s lemons into something much sweeter and more fulfilling.

How Hackers Use A.I. to Make Fools of Us (& Foil Security Awareness Training)

In a bit of cybercrime jujitsu, A.I.-enabled hackers are using our past security awareness training to make us look silly. Remember the good old days when you could easily spot a phishing scam by its laughable grammar, questionable spelling and odd word choice? 

“Kind Sir, we a peel to your better nurture for uhsistance in accepting $1M dollhairs.” 

Or how about fear-based emails with an utter lack of context from a Gmail account linking to suspicious “at-first-glance-it-looks-real” URLs: 

“Your recent paycheck was rejected by your bank! Please click on definitely-not-a-scam.com [disguised as your employer] and give us the entirety of your sensitive financial information”  

Well, those tools no longer work.

Here’s the deal: Hackers use A.I. or more specifically Gen A.I. (Generative Artificial Intelligence) to turn outdated phishing detection tools on their heads by empowering them to tailor perfectly crafted, error free, emotionally convincing emails that appear to come from a trusted source and reference actual events in your life. Giving A.I. to cybercriminals is like handing your five-year-old a smartphone – they’re better at it than you will ever be. 

A.I. augmented phishing emails are designed to trigger your trust hormone (oxytocin, not to be confused with Oxycontin) by systematically eliminating all of the red flags you learned during your organization’s cybersecurity awareness training. So, when an employee receives a well-crafted, error free email from a friend that references recent personal events, past cybersecurity awareness training actually encourages them to click on it.

To make matters worse, if the hacker happens to have access to breached databases about you, like emails compromised during a Microsoft 365 attack, they become the Frank Abagnale of phishing (the world’s most famous impersonator, if you don’t know who he is). Criminals can easily dump breached data into a Large Language Model (LLM) and then ask A.I. to compose a phishing campaign based on your past five emails

A.I. software allows even novice cybercriminals to scrape your relationships, life events and location from social media, combine it with personally identifying information purchased on the dark web, and serve it up to your email or text as if it originated from someone you trust. It’s like having your own personal stalker, but it’s a cyborg that understands your love of blueberry cruffins and ornamental garden gnomes. (Ok, maybe those are my loves, not yours.).  

The reality is that hackers are no longer crafting the emails one by one; it’s artificially intelligent software doing millions of times per day what nation-state hackers used to spend months doing to prepare spear-phishing campaigns. And it means that phishing and business email compromise campaigns will eventually appear in your inbox as often as spam. And that threatens your bottom line. 

Let’s get serious for a hot minute. For those of you who have attended one of my cybersecurity keynotes, here is a comprehensive and organized approach to the steps your organization should begin taking as outlined by the Blockbuster Cyber Framework:

  1. HEROES (Your people): Immediately retrain your people to properly identify, verify and distinguish harmful phishing and social engineering schemes from legitimate communication. This requires new thinking applied to old reflexes. 
  2. STAKES (What you have to lose): Identify which data is the most sensitive, profitable, and targeted by ENEMIES, and prioritize its defense. You can’t protect everything, so protect the right things first. 
  3. SETTING (Your technology): 1. Implement defensive software tools like A.I.-enhanced spam filtration that helps detect phishing emails. Generative A.I. is brilliant at detecting patterns, and that will make identifying even the most well-crafted phishing campaigns somewhat easier. 2. Properly segment and segregate your network so that access to one area of your data doesn’t expose others.
  4. GUIDES (Experts in the field): Hire an external security assessment team (not your I.T. provider) to evaluate your technological and human defenses and known vulnerabilities. Internal teams have less incentive to  discover their own mistakes. 
  5. PLAN (Pre-attack and post-attack next steps): Develop a prevention roadmap before the ATTACK and an Incident Response Plan that lets you know exactly who to call and how to respond when a successful phishing attack occurs (because it will). Preparation is the greatest form of mitigation. 
  6. VICTORY (When you don’t end up on the front page): When nothing bad happens, reward your people. Throw a party for your team, because nothing says “thank you for not clicking on that profit-destroying scam” like a rowdy office shindig. Incentivizing good behavior is just as critical to your culture of security as retraining after someone mistakenly clicks on a phishing email. 

Cybercrime is constantly changing and now A.I. enables every attack type to scale. Make sure your cyber defenses and people don’t end up being the fool. 

John Sileo is a cybersecurity author, expert and keynote speaker fascinated by how A.I. accelerates everything, including crime. His clients range from the Pentagon to Amazon, small businesses to large associations. John has been featured on 60 Minutes, Fox & Friends and even cooking meatballs with Rachel Ray. His latest keynote speech is Savvy Cybersecurity in a World of Weaponized A.I. Contact Us or call for details: 303.777.3221.

John Sileo Live-Hacks an Audience Smartphone (Video)

Why do I perform a live hack during my cybersecurity keynote speeches? Here’s what I have found giving cybersecurity keynotes for the past two decades – if you don’t interact with your audience, if you don’t keep them laughing while they are learning, they won’t stay engaged and they will forget everything they have learned when the lights come back up. When I perform a live smartphone hack or otherwise humorously engage the audience, it makes them a direct part of the solution. And it also shows even the most sophisticated audiences, even security professionals, don’t know everything about security. In over 1,000 presentations, I have never failed to successfully hack a smartphone. Cybersecurity keynotes can be dry, but they don’t  have to be. My specialty is in keeping keynote content entertaining, so that it sticks. To see more cybersecurity speaking videos, visit my Cybersecurity Keynote Speaker page.

Cybersecurity Habits Meet Neuroscience

Bad Cybersecurity Habits

Hack your cybersecurity habits to avoid being hacked! The human element of cybersecurity is the most overlooked and underused tool for data protection. People are our strongest line of defense. In other words, your employees are your greatest asset in the fight against cybercrime, but only if you train them to be. By fortifying data at its source –us– we have a much better shot at preventing cyber disasters in our businesses.

Drawing inspiration from the book “Atomic Habits” by James Clear, we can apply his principles to reinforce best cybersecurity practices. Just as small, incremental changes lead to significant long-term results in personal growth, cultivating atomic cybersecurity habits can fortify our digital defenses. In this article, we will explore how the concepts of “Atomic Habits” can be seamlessly integrated with cybersecurity practices, empowering individuals to navigate the online world with confidence and security.

Let me hack your brain to make security simple. 

Healthy Cybersecurity Habits 

  1. Strong and Unique Passwords: Use strong, complex passwords. Avoid reusing passwords. Use a password manager to generate and store passwords.
  2. Two-Factor Authentication (2FA): Enable 2FA whenever possible. 
  3. Regular Software Updates: Keep your operating system, antivirus software, web browsers, and other applications up to date. Updates often include important security patches that address vulnerabilities.
  4. Secure Wi-Fi: Use a strong, unique password for your home Wi-Fi network. Enable encryption (WPA2 or WPA3). Avoid using public Wi-Fi networks for sensitive activities unless you are using a reliable VPN (Virtual Private Network).
  5. Phishing Awareness: Be cautious of suspicious emails, messages, or calls. Verify the legitimacy of requests and avoid providing personal information unless you are certain of the source.
  6. Regular Backups (Daily): Backup your important files and data regularly to an external hard drive, cloud storage, or other secure location.
  7. Privacy Settings: Review and adjust privacy settings on your devices, apps, and social media accounts. Limit the amount of personal information you share. Consider what permissions an app truly needs (spoiler alert: not much).
  8. Secure Web Browsing: Use secure websites (HTTPS) when providing sensitive information. Look for the padlock icon in the address bar. Be cautious of clicking on suspicious links. Avoid downloading files from untrusted sources.
  9. Device Protection: Use reputable antivirus or security software on all your devices and keep them updated. Enable device lock screens or biometric authentication (fingerprint or facial recognition). 

How to Hack your Habits

ATOMIC HABIT CYBERSECURITY APPLICATION
Use the two-minute rule: identify a small, actionable step you can take that only takes two minutes. Do it immediately.
  • Change one password.
  • Put. A. Password. On. Your. Lock. Screen. 
  • Enable two-factor authentication for one account
  • Grab your phone. Settings >> privacy >> location. Turn off location services for apps that absolutely don’t need your whereabouts. 
  • Delete 2-3 apps you do not use.
  • Unsubscribe from a few junk mailing lists
Make habits obvious: Create clear cues and reminders to engage in the healthy habit. 
  • Create a regular and recurring phone reminder to update software or add another financial site to your two-step login list. Make cybersecurity a visible part of your daily routine.
“Habit stack” for better integrations. 

Link new habits to existing ones to help them become more automatic and ingrained. 

  • Before you start browsing the internet each day, make it a habit to check for secure connections (HTTPS) or verify the legitimacy of websites. 
  • At the same time, check to make sure that your backup is working properly.
  • Monthly family/business meetings? Add a 5 min technology check-in to the schedule (updates, passwords, issues). 
Environmental design can make 

  1. desired behaviors more convenient (make good habits EASY to do)
  2. undesirable behaviors more difficult (make bad habits HARD to do)
  • Enabling fingerprint recognition on your password keeper will make it more appealing to log into.
  • Invest in a larger cellular data plan so that you aren’t tempted to join insecure free WiFi hotpsots.
Track habits to maintain motivation and measure progress.
  • Keep a log of actions such as updating software, conducting regular backups, or practicing safe browsing.
Make habits satisfying: immediate rewards increase the likelihood of habit formation. 
  • After completing any of the above, or even a thorough scan of your device for malware, reward yourself with a short break or engage in an enjoyable activity. 
Build an identity of the person who embodies desired habits. 

You are more likely to put effort into something that relates to who you are (identity) rather than what you do (behavior)

  • Embrace the identity of a proactive and security-conscious individual. Visualize yourself as someone who prioritizes protecting their digital assets. By identifying as a cyber-conscious person, you’ll be more likely to adopt and maintain good cybersecurity habits

Cybersecurity often feels like an endless journey. This is why celebrating progress is crucial to maintaining hope and momentum. By embracing the principles of “Atomic Habits,” we can forge a path towards a more secure digital future. And we can do so without burning ourselves out or becoming digital nomads (I know how tempting it may seem…). What matters is that we show ourselves some grace as we build better cyber health. 

The power lies within our daily actions—the consistent implementation of small, atomic cybersecurity habits that reinforce our protection. Just as Clear’s book teaches us to focus on the process rather than the outcome, let us concentrate on the journey of developing healthy cybersecurity habits, one smart step at a time. 

 

___________________________

 


John Sileo is an award-winning keynote speaker who educates audiences on how cybersecurity has evolved and how they can remains ahead of trends in cybercrime. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

Security by Design in a Tesla Driven World

Security by Design, Cybersecurity Expert John Sileo

When my daughters were younger, they took it upon themselves to invent the first flying car. This included drawing designs, testing out ways to fly (plastic bags and cardboard wings were, sadly, ruled out), and brainstorming stoplight systems for the sky. From that day forward, I knew that innovation (flying cars) and protection (stoplights in the sky) could and should coexist and happen simultaneously. 

If you had told me at the start of my career 20 years ago that my favorite model for security by design would be drawn in crayon, I would’ve… totally believed you. I’m a sucker for my daughters. But that’s besides the point… My girls are grown now and while flying cars aren’t quite there yet, electric vehicles offer a remarkable blend of convenience, efficiency, and connectivity, transforming the way we experience transportation. In many ways, EVs are more computer than they are traditional car, which opens them up to hackers just like any other device

What we know now is that innovation creates risk but that risk also creates innovation. Companies like Tesla cannot afford to have their EVs regularly hacked, as that would put their customers and passengers at huge risk. Imagine the destruction and liability of a hacker steering an EV off the road remotely. Consequently, Tesla has had to build security into their automobiles by design. 

Security by design serves as the cornerstone for fortifying our connected cars to ensure safety and instill confidence in the ever-evolving automotive industry. Security by design is a transformative and powerful tool that gets cybersecurity experts all giddy.  

Understanding Security by Design

Security by design means security built in from the start, during the “design” phase. It is an approach to system and product development that incorporates security considerations from the very beginning. For once, security is not an afterthought. 

A Sample of Security by Design Principles

Threat Modeling Conducting a systematic assessment of potential threats and vulnerabilities that could impact the system, and designing appropriate countermeasures to address them.
Defense in Depth Implementing multiple layers of technical, procedural and physical controls to create a strong and comprehensive security posture. 
Least Privilege Granting users and processes only the minimum level of access and privileges required to perform their specific functions, reducing the potential attack surface.
Secure Default Configuration  Configuring systems and software with secure settings as the default, ensuring that security measures are in place from the outset.
Continuous Monitoring and Assessment  Implementing mechanisms to continually monitor, detect, and respond to security events and incidents. Regular assessments and audits help identify vulnerabilities and ensure ongoing compliance with security standards.
Secure Development Practices Following secure coding practices, conducting thorough security testing, and implementing secure development methodologies to prevent and identify vulnerabilities early in the development lifecycle.
User Awareness and Training Educating users about potential security risks, promoting best practices, and providing training on how to identify and respond to security threats.

By adopting security by design principles, organizations can build more secure and resilient systems, reduce the likelihood of successful cyberattacks, and enhance overall cybersecurity posture. It helps to shift the focus from reactive measures to proactive security integration, ensuring that security considerations are an integral part of the design and development process.

Potential Electric Vehicle Cybercrime Vulnerabilities

  1. Over-the-Air Updates: Tesla’s cars boast a futuristic feature similar to giving your vehicle a software makeover. However, this convenience can inadvertently create an entry point for hackers to exploit vulnerabilities during the update process. 
  2. Remote Control: Hackers could gain control over critical vehicle functions remotely, such as acceleration, braking, and steering, potentially compromising the safety of the occupants and others on the road.
  3. Theft and Unauthorized Access: Hackers could potentially gain unauthorized access to your vehicle, disable security features, and potentially steal the vehicle or valuable personal information stored within.
  4. Tracking and Surveillance: Hacked electric vehicles could be used as a means for tracking individuals’ movements or gathering sensitive personal data. This information could be used for identity theft or targeted attacks.
  5. Manipulating Vehicle Data: Hackers could tamper with the data collected and transmitted by the vehicle’s sensors and systems leading to false readings and inaccurate diagnostics that may affect performance and safety features.
  6. Ransomware Attacks: Hackers might employ ransomware tactics, locking the vehicle owner out of their own vehicle until a ransom is paid to regain control.
  7. Unauthorized Firmware Modifications: By gaining access to the vehicle’s firmware, hackers could make unauthorized modifications that impact the vehicle’s functionality, compromise its safety systems, or introduce vulnerabilities for future attacks.
  8. Privacy Breach: Hacked electric vehicles could expose personal information stored within the vehicle’s systems, such as contact lists, call logs, and location history. 

Tesla’s “Security From the Start”

While we don’t have access inside of Tesla’s security measures, software or cloud network, they claim to take the following steps to secure their vehicles and connectivity. Only time will tell if their Security by Design is as robust as they claim.

Encryption and Secure Communication Tesla employs state-of-the-art encryption techniques to ensure secure data transmission between the vehicle and external servers. 
Bug Bounty Program Tesla encourages ethical hackers to identify vulnerabilities in their systems and report them so that weaknesses can be remedied. 
Over-the-Air Updates (OTA) While OTA updates present a potential vulnerability, they also serve as a powerful tool for Tesla to deploy security patches rapidly. 
In-House Security Team  Tesla has assembled an elite squad that works tirelessly to stay one step ahead of potential threats. 

Business Implications: Maintaining Trust and Competitive Edge

In today’s interconnected world, trust is a valuable currency. The robust cybersecurity measures purportedly implemented by Tesla serve not only to protect the privacy and safety of its customers but also to maintain its reputation as an industry leader. If in fact Tesla continues to prioritize cybersecurity along with automobile safety, their profitability and reputation will create a long lasting competitive advantage in the market.

Revving Towards a Secure Future

Security today is about protecting our children’s tomorrow. And innovation makes that future a better one. Whether my daughters’ stop lights in the sky or Tesla’s Bug Bounty Program, cybersecurity by design is the revolution we are eager to see. We could all learn something from the creativity and curiosity of our kids. Cybersecurity is no exception.

___________________________

John Sileo is an award-winning keynote speaker who has entertained and informed audiences about the importance of cybersecurity in business for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.


Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

A Breakup Letter to Bad Cybersecurity Habits (Featuring Makayla Sileo)

Bad Cybersecurity Habits - Sileo

Cybersecurity habits are a lot like dating – you have to weed out the bad to make room for the good. As we approach National Cybersecurity Awareness Month and my busiest speaking season, my radically creative daughter Makayla (💜) wrote a series of Breakup Letters to all of the bad cybersecurity habits that lead to huge organizational losses and reputational damage. To help protect yourself and your business, here are a few Breakup Letter Beginnings (and my suggestions on how to change the relationship) to get you started: 

Dear Guessable Passwords (Easy Love)

It’s not you, it’s me. I can’t keep blaming you for my mistakes. I was seduced by your simplicity, lured into a false sense of security. Plus, I just love using my puppy’s name as my passcode! You were predictable and I thought I wanted that. But in all honesty, I know now that I am the problem. Starting today, I will make the effort to create long and strong passwords using a password manager to keep cyber criminals out of the middle of our private data.  My newfound confidence will end in better relationships for both of us. So long. 

Dear Re-Used Passcodes (Predictable Love)

I feel like our relationship is lacking the spark it used to have. We both deserve better. I’m looking for a more complex interaction, one that challenges me. So I am leaving you, same-ol, same-ol passphrase, for two-step logins, which will keep even the craftiest of hackers out of the middle of my private relationships. Now that’s what I call a spicy upgrade! Au revoir. 

Dear Phishing Links (Manipulative Love)

I was intrigued by all that you had to offer. I got lost in your charm and smooth ways. I should’ve listened to my gut that screamed “Bad news! Do not engage!” Your calls are the “u up?” texts that I can’t stop answering. You’ve found sneaky ways to get me to pick up and open up and then you use my vulnerabilities against me. I’m done playing your phishy little games. Starting today, I will only engage with links, attachments, and requests that I trust deeply and am expecting. Consider yourself off the hook! 

Dear Free WiFi Hotspots (Convenient Love)

I thought you would always be there for me when I needed you most. I was a romantic once, assuming our connection was a safe one. I can see now that I deserve a partner I can trust over simple convenience. I’m ready to settle down with a soulmate who communicates in safe ways, like using the cellular data connection on our smartphones or demanding that we protect our interests by installing a Virtual Private Network (VPN) on all of our devices. Over and out, Hotty. 

Dear Eavesdropping Smart Devices (Clingy Love),

I think it’s time I go out on my own. Your constant tracking and sharing of my every move and desire has crossed the line. Our connection–once filled with convenience–has become suffocating and invasive. I am reclaiming my freedom. Am I scared to find my way in a world without you? Yes. But I know I am safer navigating life on my own than being stalked by you. Going forward, I promise to actually be smart about how I connect smart devices to the Internet, to change my privacy and security defaults and to limit location and behavior sharing on devices like my smartphone. This, my love, is where I go dark. Night, night.

Dear Gratuitous Social Media Sharing (PDA Love)

Enough with the public displays of affection. I don’t want the general public knowing every detail of my personal life. It’s become too unsettling knowing that nothing is private anymore. If I want to share my triumphs and defeats, I will communicate with you directly, via text, email, or private DMs. You deserve my full integrity, so I am limiting what I share. Duck face no more.

Dear Neglected Software Updates (Missed Love),  

Our relationship has been a rollercoaster of missed opportunities. You–with your security patches and bug fixes–always doing your best to make my life better, while I foolishly ignored your messages. I should’ve known you were there the whole time. Please give me a second chance… I promise to upgrade my software every chance I get from today forward. Because our relationship is all about growth and evolution. Please take me back. 

___________________________

Looking for a creative way to engage your audience to care more about cybersecurity and breakup with their bad cybersecurity habits? Call us directly to learn how John will humorously update your crowd on the latest cyber threats and simple solutions. Call 303.777.3221 or fill out our Contact Form to connect with Sue Bob Dean (yes, that’s a joke), John’s business manager extraordinaire.

John Sileo is a Hall of Fame Keynote Speaker who educates audiences on how cybersecurity has evolved and how they can remain ahead of trends in cybercrime. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s. But John is most proud of being an unforgiving helicopter dad to his two daughters, Sophie and Makayla. 

Why Is Cybersecurity Awareness Training Important?

 

Why is cybersecurity awareness training important? Just as ships rely on lighthouses to steer clear of dangerous rocks, organizations need cybersecurity awareness training to protect their digital assets. By illuminating threats lurking in the dark, awareness training equips employees with the knowledge they need.

As a lighthouse provides illumination for navigation, trainings light the way for employees, executives and boards alike to make informed decisions about cyber defense and identify potential risks. Let’s take a closer look at why cybersecurity awareness training makes all the difference.

7 Sources of Light That Cybersecurity Awareness Training Provides

Cyber Threats Equips employees with the tools to identify, avoid, and stop cyber threats, from malware to ransomware, hackers to fraudsters.
Social Engineering Enables employees to recognize the suspicious, manipulative and malicious behavior of bad actors and respond appropriately.
Sensitive Data Educates employees about the importance of protecting sensitive data and adopting data security best practices as well as the stakes of failing to do so.
Insider Threats Sends a strong message to any potential malicious insiders that the organization is watching, thereby reducing the likelihood and impact of insider threats.
Compliance Ensures employees and executives are aware of their obligations and responsibilities under cybersecurity regulations and standards.
Incident Response Enables employees to respond promptly and appropriately to security incidents to minimize and contain damage.
Human Error Drastically reduces the 60%+ chance that a breach is due to unwitting human error rather than intentionally malicious behavior.

Protection against cyber threats: Cybersecurity awareness training is important because it helps employees understand the various types of cyber threats, such as phishing attacks, malware infections, ransomware, zero-day exploits and social engineering. By educating employees about what may be lurking at sea, they are better equipped to identify and avoid risks, reducing the chances of falling victim to cyber-attacks and identity theft of customer information.

Defense against social engineering attacks: Social engineering attacks involve manipulating individuals to gain unauthorized access to systems or sensitive information. Cybersecurity training raises awareness about standard social engineering techniques, such as pretexting, baiting, or impersonation. This knowledge enables employees to recognize suspicious behavior and respond appropriately, minimizing the chances of falling prey to such attacks.

Protection of sensitive information: Organizations handle a significant amount of sensitive data, including personal, financial, and proprietary information. Cybersecurity awareness training emphasizes the importance of protecting this information and educates employees on best practices such as strong password management, data encryption, secure file sharing, and data classification. Implementing these best practices reduces the risk of data breaches and unauthorized access.

Mitigation of insider threats: Insider threats can be unintentional or malicious, where employees inadvertently or intentionally compromise security. Cybersecurity training helps create a security culture within organizations, promoting responsible behavior and ensuring employees understand their roles and responsibilities in safeguarding sensitive information. It also sends a strong signal that the organization is mindful of insider threats, and is watching closely. By increasing awareness, organizations can reduce the likelihood of insider incidents and their potential impact.

Compliance with regulations and standards: Many industries are subject to specific cybersecurity regulations and standards, such as the General Data Protection Regulation, the Health Insurance Portability and Accountability Act, and the Payment Card Industry Data Security Standard. Cybersecurity awareness training ensures that employees know their obligations and responsibilities under these regulations, reducing the risk of non-compliance and associated penalties.

Incident response and reporting: In a cybersecurity incident, employees who have received cybersecurity training are more likely to respond promptly and appropriately. They will know how to report incidents, whom to contact, and how to limit the damage. This quick response can significantly reduce the impact of a cyber-attack and help in the recovery process.

Minimizing human error: Human error is a primary driver behind a massive number of successful cyber attacks. There is no malicious intent in these cases, just a lack of knowledge and proper training. This is one of the easiest, least expensive types of light an organization can shine on their data security.

Practical skills such as recognizing phishing attempts, creating strong passwords, and identifying malicious websites act as a lighthouse, allowing employees to steer clear of danger and make informed choices. Training programs enable them to protect sensitive information and contribute to a safer online environment.

Best Cybersecurity Awareness Training 

The best cybersecurity awareness training can vary depending on an organization’s needs and goals. However, an effective cybersecurity awareness training program includes the following elements:

  • Comprehensive coverage: Training should cover a wide range of cybersecurity topics, including password security, phishing attacks, social engineering, malware prevention, safe browsing practices, and data protection. That’s why lighthouses are more effective than, say, a flashlight haphazardly duck taped to a pole. Range matters.
  • Engaging content: The training should be exciting and interactive to keep participants interested and motivated. This can include videos, quizzes, real-life scenarios, and gamification elements.
  • Regular updates: Cybersecurity threats and best practices evolve rapidly, so the training program should be up-to-date to reflect the latest trends and vulnerabilities. Training programs must regularly update their content to ensure participants have the latest knowledge and techniques to recognize and counter emerging threats.
  • Customization: The training should be tailored to the specific needs and roles of the participants. Different departments may have varying cybersecurity risks and responsibilities, so the training should address these differences.
  • Ongoing reinforcement: Like the beacon on a lighthouse, cybersecurity awareness is not a one-time event but an ongoing, constantly evolving process. The training program should incorporate regular, bite-sized reminders, newsletters, and follow-up sessions to reinforce key concepts and ensure participants retain the knowledge over time.

To help you navigate the turbulent digital seas, award-winning main-stage speaker John Sileo offers comprehensive cybersecurity awareness training that is engaging, cutting-edge, and customized for your needs and goals. With a humorous live-hacking demonstration and powerful lessons learned from losing his business to cybercrime, he connects with your employees and drives home security awareness training that sticks.

John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our CONTACT FORM to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

Travel Phishing: If It Seems Fishy, It Might Actually Be Phishy

travel-phishing

It is summertime which means that the beach is calling. Unfortunately, so are travel phishing scammers. 

The change in season brings an influx of travel-based scams and unfortunately, our eagerness to book the next vacation is making us more vulnerable to fraud. 

If there is one thing we know about humans, it is that we love bargains. Especially when it is masked as an all-inclusive buffet + wine tasting + ocean-view deal. 

But booking with caution now will save you a lot of stress later. That way, you won’t be mid-margarita when your bank calls to inform you that your identity was stolen and your child’s college fund just bought a lifetime supply of steak and an alarming amount of inflatable pool flamingos. (Or in my ID theft case, an expensive house in Boca Raton.)

In this article we dive into the hottest scams and how to keep cool this season… 

 How Travel Phishing Scams Trick Us

Email Spoofing Scammers are experts at making emails look genuine by mimicking the logos and formatting of real companies. So double check those emails from travel agencies, airlines, and hotel booking websites.
Social Media Lures This includes fake promotions and contests, influencer impersonation, and malicious downloads disguised as links to exclusive deals or apps.
Vendor Compromise Attacks Scammers may attack travel agencies, booking platforms, or tour operators to gain unauthorized access to sensitive customer information.
HR Department Impersonations and Credential-Harvesting Scams Hackers gather personal info through these conversations to later sell this data to the dark web.
Chat GPT AI is making phishing attempts more convincing and therefore harder to detect.
Urgency and Fear Tactics By putting pressure on victims to take immediate action (“limited time only!”) scammers hope to bypass your critical thinking.
Social Engineering By impersonating customer service representatives or travel agents, hackers may be using emotional and psychological manipulation tactics to request money and/or information.

What You Can Do About Travel Cyberattacks

  1. Be skeptical of unsolicited promotions, contests, or giveaways. Trust your instinct. If it seems fishy, it’s likely phishing.
  2. Stay informed about common travel phishing scams.
  3. Double check website URLS. Make sure it is spelled properly, HTTPS encryption, and trust indicators like padlock symbols.
  4. Enable two factor authentication to travel related accounts. This adds an extra layer of security by sending a code to your mobile device.
  5. Verify account authenticity. Check for verification badges and signs of legitimacy on social media accounts. Cross-check by doing independent research.
  6. Be careful where you click. Web-based threats are getting harder to detect. Take a few extra minutes to research the company before clicking on any links.
  7. Be selective about who you share your personal information with. AI chatbots will steal valuable credentials if you are too quick to trust them.
  8. Don’t use free public wifi or charging stations. Why? Because if something is convenient to you, it likely is convenient to hackers as well. So go ahead and pack that extra battery pack and buy the larger data plan.

So next time you might see a bargain and think “this is too good to be true”, it likely is. Sorry. However, there is hope! Cautious booking means carefree vacationing. By remaining vigilant, staying informed, verifying authenticity, and adopting secure practices, you can navigate the travel landscape confidently, ensuring that your vacations remain moments of joy rather than becoming tales of travel phishing woe. 

Safe travels!

John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s. John’s greatest joy is spending time in the mountains with his amazing wife and adventurous daughters. 

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our CONTACT FORM to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

How Has Cybersecurity Evolved in 2023?

 

How has cybersecurity evolved? What are the future trends in the industry?

The game of cat and mouse “played” by defenders and attackers will continue to drive the evolution of cybersecurity. The game is ongoing, with each side adopting and adapting the strategies and tactics of the other.

In this article, we will explore how cybersecurity has evolved and what we expect to see in the coming years.

How Has Cybersecurity Evolved?

In thinking about how cybersecurity has evolved, a few key trends come to mind

Evolving Cybersecurity Trends

Artificial Intelligence and Machine Learning Security systems powered by AI/ML detect and respond to threats in real time, while cybercriminals use these technologies to launch more sophisticated attacks.
Post-Quantum Encryption Integrating quantum-resistant encryption will be crucial to maintaining secure communications in a post-quantum computing era.
Zero Trust Architecture Perimeter-based security approaches are giving way to a Zero Trust model, where no user or device is inherently trusted.
Blockchain Blockchain, which forms the basis of cryptocurrency, will be used to enhance data integrity and potentially increase the security of transactions.
Internet of Things Security The scale and diversity of IoT devices and Industrial Control Systems (ICS) will pose ongoing challenges for security professionals.
Cloud Security Cloud providers continuously enhance their security offerings, such as data encryption, access control, and threat detection. Conversely, hackers target cloud installations because they are a central repository of the crown jewels in any organization.
Human-Centered Cybersecurity The future of human-centered cybersecurity will be shaped by technology and an increasing understanding of the role of individuals in securing digital systems.

Artificial Intelligence and Machine Learning

Artificial intelligence and machine learning (AI/ML) technologies, such as ChatGPT, are playing an increasing role in our lives. While AI/ML-powered security systems can detect and respond to threats in real time, cybercriminals also use these technologies to launch more sophisticated attacks. We expect to see defensive and offensive advancements in AI/ML, with uncertainty about which side will prevail.

Post-Quantum Cryptography

The quantum computing revolution poses a threat to data encryption. Post-quantum encryption algorithms are being developed so encryption can withstand quantum computer attacks. In the post-quantum era, we’ll need quantum-resistant encryption to keep communications secure.

Internet of Things Security

Internet of Things (IoT) devices are proliferating, so securing them has become increasingly important. Connected devices present new attack surfaces and vulnerabilities. IoT security frameworks and standards are being developed, but the scale and diversity of IT devices pose ongoing challenges for companies and security professionals.

Zero Trust Architecture

Perimeter-based security is giving way to Zero Trust, where no user or device can be trusted. In Zero Trust, identity verification is strict, monitoring is continuous, and the least privilege access applies. With this approach, you’re more protected from insider threats and external attacks.

Blockchain Technology

Blockchain technology, which underpins cryptocurrency, is being explored for security applications. Blockchain can boost data integrity, make transactions more secure, and manage identities better. It holds potential for supply chain security, identity verification, and decentralized authentication.

Cloud Security

Security of cloud-based systems and data is becoming critical as more organizations adopt cloud computing. Cloud providers keep improving their security features, like encryption, access controls, and threat detection. There is likely to be an even greater advancement in cloud security solutions and practices in the future.

Human-Centered Cybersecurity

There’s a growing focus on educating people about cybersecurity and promoting security awareness. The future of human-centered cybersecurity will be shaped by technology and a better understanding of the role of individuals in securing digital systems.

The Future of Human-Centered Security

Let’s think more about human-centered cybersecurity for a moment. Several factors will shape how human-centered cybersecurity evolves, including:

  • User-Centric Design: Cybersecurity solutions will be designed with user experience and usability in mind. This means making user interfaces intuitive, simplifying complex security processes, and providing clear instructions. The goal is to minimize user errors and make security measures more accessible to everyone.
  • Behavioral Biometrics: Passwords and PINs are traditional methods of authentication that can be compromised. But in the future, there will be a shift towards using behavioral biometrics, like keystroke dynamics, mouse movements, and gait patterns, to uniquely identify people. It’s harder for attackers to replicate these characteristics, so it’s more secure.
  • Contextual Awareness: As cybersecurity systems become more contextually aware, they adapt their behavior to the user’s environment, location, and device characteristics. Contextual awareness can help systems adjust security measures, like prompting users for additional authentication when accessing sensitive data from an unfamiliar location or device.
  • Continuous Education: Future cybersecurity approaches will focus on continuous user education and awareness. Organizations will invest in education and security awareness training to ensure their employees know about common threats, best practices, and how to spot and respond to potential attacks. By doing this, they’ll foster a culture of security consciousness and empower people to make informed digital decisions.

Remember that humans are only the weakest link in cybersecurity if you treat them that way. As cybersecurity evolves, educating employees will become more important than ever to ensure they become your greatest defense against cybercrime.

___________________________


John Sileo is an award-winning cybersecurity keynote speaker who educates audiences on how cybersecurity has evolved and how they can remains ahead of trends in cybercrime. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.

Cybersecurity: Why Is it Important?

 

With cyberattacks on the rise, more organizations are coming to understand why cybersecurity is important to their bottom line. It is essential for businesses of all sizes to use robust cybersecurity best practices to protect their systems, networks, and data. Let’s dive into why cybersecurity is so important for businesses to prioritize.

Cybersecurity: Why Is it Important to Organizations?

Prevents Financial Losses Implementing strong cybersecurity practices mitigates financial loss risks.
Protects Sensitive Data Robust cybersecurity safeguards sensitive data from unauthorized access, theft, or misuse.
Preserves Reputation, Brand Value, and Customer Trust Taking robust measures to preserve customer data can enhance a company’s reputation for reliability and trustworthiness. Conversely, the loss of data can have disastrous multi-million dollar consequences, including business devaluation, bad press, and high recovery costs.
Complies With Regulations Prioritizing cybersecurity demonstrates an organization’s commitment to data security and privacy.
Safeguards Business Continuity Investing in cybersecurity protects critical systems and infrastructure, minimizing potential disruptions.
Protects Intellectual Property Robust cybersecurity enables an organization to secure its valuable intellectual property from theft.

Cybersecurity is crucial to organizations; it is the moat, the heroic knights, and the armor for your castle all rolled into one.

  • Financial loss prevention: A successful cyber attack can result in substantial financial losses from theft of funds, disruption of operations, legal liabilities, regulatory fines, customer attrition, brand damage, and costs associated with incident response and recovery. Implementing robust cybersecurity measures mitigates this potential financial harm.
  • Sensitive data protection: Organizations handle a vast amount of sensitive and confidential information, including customer data, health information, financial records, intellectual property, and trade secrets. Cybersecurity practices safeguard this information from unauthorized access, theft, or misuse, helping to maintain the trust of customers, partners, and stakeholders.
  • Business continuity: Ransomware, distributed denial-of-service, and other types of cyber attacks can disrupt business operations, leading to downtime, productivity loss, and damage to an organization’s reputation. By investing in cybersecurity, businesses can protect their critical systems and infrastructure, minimizing the impact of potential disruptions.
  • Compliance with regulations: Many industries have specific regulations and compliance requirements related to data security and privacy. Noncompliance can lead to severe consequences, including legal penalties and reputational damage. By prioritizing cybersecurity, organizations can meet these regulatory obligations and demonstrate their commitment to protecting customer information and maintaining data privacy.
  • Preservation of reputation and customer trust: In today’s interconnected world, news of a data breach or security incident can spread rapidly, potentially damaging reputations and eroding customer trust. Investing in cybersecurity demonstrates a commitment to protecting customer data and can enhance a company’s reputation for reliability and trustworthiness. On the other hand, the loss of sensitive information will have costly consequences, including business devaluation, bad press, and high recovery and remediation costs.
  • Protection against intellectual property theft: Intellectual property (IP) is a valuable asset for businesses, including patents, trademarks, copyrights, and trade secrets. Cyber attacks can target valuable IP assets, leading to their theft or unauthorized disclosure, which can significantly affect a company’s competitiveness and market position. Robust cybersecurity measures help safeguard against such threats and protect intellectual property.

By investing in cybersecurity, businesses can mitigate risks, enhance resilience, and maintain a solid competitive position in today’s digital landscape.

Cybersecurity Best Practices for Organizations

Implementing strong cybersecurity practices can help protect sensitive data, prevent cyber attacks, and ensure the overall integrity of business operations. Your data is worth protecting, so suit up and grab a sword. Here are some best practices for companies to consider:

  • Develop a robust cybersecurity policy: Policy is how we map vulnerabilities, pathways, and roles in the case of enemy infiltration. Create a comprehensive cybersecurity policy that outlines the company’s security objectives, procedures, and guidelines. The policy should address data protection, access controls, incident response, and employee responsibilities.
  • Conduct regular employee training: Knights without training are as useful as decorative garden gnomes. Train all employees on security awareness and best practices. Educate them about phishing attacks, social engineering tactics, password hygiene, and keeping software and systems current. Don’t leave your castle in the hands of garden gnomes.
  • Use strong passwords and MFA: Empower employees to create strong passwords that are unique and complex with tools like password management software and multi-factor authentication. It is critical that work logins be long, strong, and random (and no, adding “123” or “!” does not, in fact, make it stronger, but nice try!). Implementing multi-factor authentication (MFA) for all relevant systems and applications to add an extra layer of security is one of the most effective steps you can take in case passwords are breached elsewhere. If it seems like overkill, it’s actually just smart.
  • Update and patch software regularly: Keep all software, including operating systems, applications, and security solutions, updated with the latest patches and updates. Attackers often exploit vulnerabilities in outdated software. Armor is only effective if you know where the gaps are and how to compensate for the weakened areas.
  • Secure network infrastructure: Ensure network devices, such as routers and firewalls, are correctly configured and updated with the latest security patches. Implement network segmentation to isolate sensitive data and limit access to critical systems. These are the moats, mazes, walls, and barbed wire fences around your data.
  • Back up data regularly: Every good castle has an escape route. Implement a regular backup strategy to ensure that critical data is securely backed up and can be restored in the event of data loss or a ransomware attack. Test the restoration process periodically to ensure backups are reliable.
  • Use data encryption: Implement encryption for sensitive data at rest and in transit. This includes using encryption protocols such as SSL/TLS for website communication and encrypting files and databases that contain sensitive information. And while this may not seem as cool as breaking ancient codes with a cypher, it is just as important.
  • Implement strong access controls: Not everyone should be allowed access into the castle. Grant employees access privileges based on the principle of least privilege. Regularly review and revoke access permissions for former employees or those who no longer require access to specific resources. You’d be surprised how easy it is to mistake a trespasser for an ally. Don’t be the one that opens the drawbridge for the enemy.
  • Monitor and log all activities: Implement a robust logging and monitoring system to detect and respond to potential security incidents. Technology allows us to have a thousand watchwomen at our fingertips. Monitor network traffic, system logs, and user activities to identify suspicious or unauthorized behavior.
  • Develop an incident response plan: When the alarms are sounded that the Keep has been breached, what will you do? Create a well-defined incident response plan that outlines the steps to be taken during a cybersecurity incident. This plan should cover reporting the incident, containing the damage, public relations moves, alerting those affected, investigating the incident, and restoring normal operations.
  • Conduct security assessments periodically: Security assessments are the roaming guards on the lookout for abnormalities around the fortress. Perform regular security assessments, such as penetration testing and vulnerability scanning, to identify potential weaknesses in your systems and applications. Address any vulnerabilities discovered promptly.
  • Ensure security of third-party vendors: When working with third-party vendors or outsourcing services, ensure they adhere to robust cybersecurity practices. Perform due diligence to assess their security measures and ensure data protection. Be sure you are only letting trusted allies into your kingdom (and remember, trust must be earned).
  • Proactively hunt insider threats: One of the most damaging types of breaches happens when data is exfiltrated, damaged, or deleted by an insider you thought you could trust. There are a host of tools to help discourage and detect such malicious behavior.

Cybersecurity is an ongoing effort; the castle will always be desired by outside forces. Regularly review and update your security practices as new threats emerge and technology evolves. It is by setting up multiple lines of defense that we are able to protect what matters most: you and your people, your customers, performance, profits, and reputation.

Employees Are Crucial to Your Cybersecurity Defenses

As the preceding list highlights, employees are a crucial component of your cybersecurity strategy. While technological solutions and protocols are important, human actions and behaviors can significantly impact your overall security posture.

Think of employees as the heroes who keep the castle secure. Employees should be educated about cybersecurity best practices, policies, and procedures in an entertaining way that keeps them engaged. Regular training sessions can help them understand the potential risks, such as phishing, social engineering, and malware, and learn how to identify and respond to such threats appropriately.

To help turn your employees into cybersecurity heroes, award-winning cybersecurity keynote speaker John Sileo uses potent lessons learned from losing his business to cybercrime as well as a humorous live-hacking demonstration to connect with your employees and drive home why cybersecurity is so important.

___________________________


John Sileo is an award-winning cybersecurity keynote speaker who has entertained and informed audiences for two decades. He is proud to have spoken at the Pentagon and Amazon, written four books on cybersecurity, and been inducted into the National Speakers Hall of Fame. He has appeared on 60 Minutes, NBC, ABC, Fox, CNN, Rachael Ray, and Anderson Cooper. John’s work has been quoted and published in The Wall Street Journal, The Washington Post, USA Today, and Kiplinger’s.

Looking for a customized speech to make your next event unforgettable? Call 303.777.3221 or fill out our contact form to connect with Sue, our business manager extraordinaire. She’ll work with you to brainstorm ideas and explore how John can tailor his speech to fit your needs perfectly.