https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • Microwave/RF
    • T&D World
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookies Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Training


Partner content

How IT teams can use ‘harm reduction’ for better cybersecurity outcomes

How IT teams can use ‘harm reduction’ for better cybersecurity outcomes

  • Written by Tara Seals / Dark Reading
  • 4th August 2022

It’s a well-known fact that humans are — and will continue to remain — one of the weakest links in any company’s cyber defenses. Security admins have tried to help the situation through random phishing tests and training, ultimatums, eliminating local control over a given device, and even naming and shaming those unlucky souls who clicked on the wrong link in an email.

Results have been middling at best, as shown by the finding in Verizon’s “2022 Data Breach Investigations Report” (DBIR) that the vast majority of breaches start with phishing and social engineering.

Kyle Tobener, vice president and head of security and IT at Copado, says that it doesn’t have to be that way. Instead, businesses can take a page from the medical community and find a much more effective approach through the principle of harm reduction. That essentially means adopting a focus on minimizing or mitigating bad outcomes from bad behavior rather than attempting to eliminate bad behavior completely.

How Harm Reduction Applies to Cybersecurity

In a session next week at Black Hat USA entitled “Harm Reduction: A Framework for Effective & Compassionate Security Guidance,” Tobener plans to discuss this fresh way of thinking about user behavior, education, and awareness when it comes to cyber threats.

“Harm reduction is a big topic in the healthcare space, but it hasn’t really made its way into information security all that much,” he tells Dark Reading, adding that as a cancer survivor and brother of someone who wrestled with substance addiction, he learned about harm reduction firsthand.

“Unfortunately, what we see is still mostly abstinence-based guidance being in a lot of scenarios by security people,” he says.

To illustrate the contrast between the two approaches, he uses the example of the attention-grabbing Super Bowl ad back in February from Coinbase, which featured a QR code bouncing around the screen, pong-like.

“If you went to Twitter, right after that, there were thousands of security people saying that you should never use a QR code if you don’t know where that QR code’s from,” he says. “That guidance is not effective whatsoever. I’m sure millions of people used that QR code, and if your focus is giving guidance that isn’t practical or pragmatic, that people aren’t going to follow, then it’s going to be very ineffective and you’re wasting an opportunity to educate those people in a way that’s actually useful.”

In a harm-reduction approach, the answer would have been to assume that people were going to click on such an intriguing item (and indeed, QR codes are so widespread in their use in general that asking people to never use them is a simple non-starter), and build a defensive strategy with that in mind.

To read the complete article, visit Dark Reading.

 

Tags: Applications Critical Infrastructure Cybersecurity Enterprise Federal Government/Military Incident Command/Situational Awareness Interoperability News Policy Public Safety Security Software State & Local Government System Design System Installation System Operation Tracking, Monitoring & Control Training Partner content

Most Recent


  • Research claims driverless tech still too easy to trick
    Autonomous vehicles can be easily manipulated into performing undesirable driving behavior through the placement of ordinary objects on the roadside, according to a study from the University of California, Irvine (UCI). The research team set up a course on the UCLA campus to test the reactions of driverless cars, running the open-source AD systems Apollo […]
  • Coalition expresses urgent need to NG911 funding, wants more than proposed $10 billion
    ANAHEIM—Public Safety NG911 Coalition representatives expressed support for legislation that calls for as much as $10 billion in spectrum-auctions proceeds to be used to fund the transition to next-generation 911 technology, but they want the money to be available soon and believe more than $10 billion is necessary. These statements were made yesterday during a […]
  • APCO releases NG911 guide, quickly clarifies stance on NENA's i3 standard
    ANAHEIM—At its annual trade show, the Association of Public-Safety Communications Officials (APCO) yesterday announced the release of its “Definitive Guide to Next-Generation 911” and, hours later, issued a press release to clarify its position on the i3 standard developed by the National Emergency Number Association (NENA). APCO International Executive Director and CEO Derek Poarch announced […]
  • 10 malicious code packages slither into PyPI registry
    Administrators of the Python Package Index (PyPI) have removed 10 malicious software code packages from the registry after a security vendor informed them about the issue. The incident is the latest in a rapidly growing list of recent instances where threat actors have placed rogue software on widely used software repositories such as PyPI, Node Package […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Humanoid robot explores shipwrecks
  • House passes bill with $10 billion in NG911 funding, sends to Senate
  • Average data-breach costs soar to $4.4 million in 2022
  • Open RAN so easy to hack it's 'scary,' says top security boffin

Commentary


LTE and liability: Why the fire service must move forward with digital incident command

  • 2
6th May 2022

Partnership and collaboration must be the foundation for emergency communications

18th April 2022

FirstNet success means no hypothetical ‘shots’ need to be fired, Swenson says

22nd February 2022
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

Research claims driverless tech still too easy to trick dlvr.it/SWMDts

10th August 2022
UrgentComm

Coalition expresses urgent need to NG911 funding, wants more than proposed $10 billion dlvr.it/SWL5VW

9th August 2022
UrgentComm

APCO releases NG911 guide, quickly clarifies stance on NENA’s i3 standard dlvr.it/SWKcCY

9th August 2022
UrgentComm

10 malicious code packages slither into PyPI registry dlvr.it/SWKHxl

9th August 2022
UrgentComm

Verizon Frontline deploys 1,000 connectivity services for nationwide wildfire response efforts dlvr.it/SWKGpW

9th August 2022
UrgentComm

Newscan: Verizon counts 5.1 million first-responder subs; AT&T has 3.7 million dlvr.it/SW84Gv

6th August 2022
UrgentComm

Taiwan crisis another blow to the supply chain dlvr.it/SW7GSs

5th August 2022
UrgentComm

Motorola Solutions seeks contempt finding, global injunction against Hytera for not paying royalty dlvr.it/SW6Ldm

5th August 2022

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X