82% of cybersecurity breaches have a human element to it. Regardless of the firewall and cybersecurity technology implemented, if the workforce is not trained in spotting suspicious attempts, these measures will never be sufficient to safeguard any organization from any form of cyber-attacks. Cybercriminals have truly malicious if not downright destructive missions going as far as targeting critical facilities to access valuable data and disrupt organizations and even nations.
James Emerson and TJ Nicholls lead this session to discuss the risks and threats of cyberattacks and effective means to prevent these from happening within your facility. James is the Vice President at the National White Collar Crime Center (NW3C) and has 43 years of law enforcement experience focusing on cybercrime and computer forensics. Meanwhile, TJ is the Information Security Services Manager at Nlets who has 7 years of security experience, specifically in the public safety industry.
Specifics of their discussion include:
- The value in appreciating the risk to understand the threat of cyberattacks.
- A rundown of the massive infrastructures that are critical to our everyday lives at risk to cyberattacks.
- A glimpse into the threat landscape looking at:
- The top countries and sectors that fell victim to cryptographic attacks.
- The common methods of attack, the targets, and the goal behind the attacks.
- Common vulnerability exposures that demonstrate how the attacks permeate systems and networks.
- State-sponsored cyber threats and activities and the different critical infrastructure and industries that they’ve targeted and attacked.
- Considerations when prioritizing risks such as shut down of services and utilities we depend on daily, monetary costs in cases of ransomware, and access to confidential and critical data.
- The common risk exposures, the goals of cybercriminals in their actions, and the attack outcomes.
- Solutions to these threats that address the human element to it through security education programs.
- A step-by-step look into a security education program’s implementation from testing, user onboarding and group segmentation, and identifying potential targets.
- The components of the program’s day-to-day executions to ensure its effectiveness.
- Training modules that are provided with different formats, recipient groups, lengths, and frequencies to ensure a comprehensive understanding of cybersecurity concepts.
- Social engineering campaigns and exercises to gauge the employees’ understanding of concepts covered in training.
- Auxiliary education/training that takes into account people’s different learning styles to ensure thorough comprehension and integration of lessons.
- Quarterly themes that focus on trending threats or identified weaknesses of employees on the security front to further augment their awareness.
- Creating a security culture where people are constantly reminded of the need for cybersecurity, conversation around it is encouraged, and efforts and awareness to uphold it are incentivized.
- Monitoring metrics and capturing data that provides insights into the program’s effectiveness.
- The importance of making the program repeatable and scalable and steps do make it as such.
Questions from the attendees are about:
- Getting white hat hackers to test system security and precautions to take when doing this.
- Gauging utility providers’ cyber security and resiliency.
- The frequency of attacks on criminal justice agencies and getting leadership to take this threat seriously.
- Resources to help agencies identify emerging threats.
- Foreign and domestic cyber actors.
- Cyber security for smaller agencies.
- Getting non-technical employees to pay attention to and be interested in cyber topics.
- The manpower required to run a security education program.
Other Webinars with this Organization:
- Jan 27: Support Your Officers on the Street by Leveraging the Nlets Secure Cloud Platform
- March 2: The Most and Least Used Message Keys for Investigators
- March 31: Improving Police Information Sharing on a Global Scale
- Aug 23: Preparing for Trial
- Sept 27: When Things Get Tough
- Oct 25: How to Build a Security Awareness Program that Works for Your Agency (this webinar)
- Nov 1: Are You Missing Critical Data That Could Help Your Investigations?
- Jan 31, 2023: Investigating Vehicle Theft and Car Jacking
- May 2: Investigating Catastrophe Fraud Cases
- Sept 7: Investigating Staged Accidents
- “All important points were discussed…valuable to know that it depends on who is on the keypad whether a local or foreign cyber intruder.” — Alejandro
- “A very good webinar.” — Diana
- “Very helpful.” — Jacqueline
- That this is very complex.” — Allan
Nlets is a self-funded nonprofit, established in 1967 with the objective of connecting law enforcement, justice, and public safety agencies for the purpose of exchanging critical criminal justice information. They strive to ensure that the right information gets to the right person as quickly as possible. Nlets connects more than 1,000,000 users, 45,000 agencies, and 800,000 devices, with more than three billion transactions traversing their secure network last year.