Taking Security Seriously

Explore strategies for modern companies to enhance cybersecurity in this 31-minute conference talk from GOTO Copenhagen 2019. Learn about the challenges faced by organizations in the wake of technological advancements and cloud-based services. Discover how to drive positive security behavior, implement effective methods, and enable good security practices. Examine real-world examples of major breaches affecting non-tech companies and understand the importance of adapting security approaches. Gain insights into managing identity systems, handling sensitive data, and addressing non-technical attacks like phishing. Leave with five essential questions to ask your teams to improve your organization's security posture.

Intro
Taking security seriously
Everyone struggles with security
Computing is evolving
Breaches
Security Despite Windows BlueKeep exploitation freak-out, no one stepped on the gas with patching, say experts Admins snoozing on fixes despite reports of active attacks
Average time to patch 69 days
Sort out the basics and make it possible to patch
Identity systems
Staff
Contractors
Consultants
Joiners Movers Leavers
Core data
What data do attackers want?
Personal data
Do you really need to collect it and store it?
Process
Phishing
CEO Fraud
Summary
5 Questions to ask your teams
Who works here anyway?
What data are we holding? Why?
What about non-technical attacks?