Cyber resilience: Awareness is not enough

Abstract: Whether you call it human factor, insider threat, or human error, organization members comprise the #1 issue to tackle, when it comes to cyber resilience. It’s no secret, that either unintentionally or not, the human factor remains a substantial threat. While a lot of organizations have recognized this threat and established awareness trainings or relevant attack simulations (e.g. phishing campaigns), this has been proved to provide a push forward but not enough. Attacks become more sophisticated,complicated, and if they manage to evade technical controls, it’s up to the human factor to recognize and stop an attack.Within this context, the concept of Cyber Security Culture constantly ascends and while awareness might constitute a positive force to provide knowledge, Culture is a strategically set of actions that will institute a mindset of “this is how we do things around here”. Also, while awareness relies on individual’s skills, culture fosters dimensions including attitudes, behavior, norms and more.This presentation is an introduction and exploration of the Cyber Security Culture, what it is, what comprises it, why it is important and how it can be established and upcycled, in practice. Bio: Michalis works as a Security Operations Center Analyst at an international telecommunications and technology company. An MSc in Networks & Data Communications graduate, he looks for IOCs and how to make the most out of them to defend and preserve cyber resiliency. Following an 6-year career in IT including a 3-year complement course as freelancer, he is focused solely in cyber security over the last two years. Father, husband, owns a wine cooler and enjoys the outdoors as a volunteer of the Soma Hellinon Proskopon.