A joint study from Stanford University Professor Jeff Hancock and security firm Tessian revealed that nine in 10 (88%) data breach incidents are caused by employees’ mistakes. The study “Psychology of Human Error” highlighted that employees are unwilling to admit their mistakes if organizations judge them severely. So, it can be concluded that humans are the weakest link in the supply chain and are frequently targeted through phishing attacks, malware, and social engineering. But why are security awareness levels so low in organizations and what do they need to do?
In an exclusive video interview, Brian Pereira, Editor-in-Chief, CISO MAG, discusses the organizational challenges for security awareness with Dr. Frank Ofori, Cybersecurity Specialist and a former U.S. Army veteran.
Dr. Ofori says everyone in the organization is responsible for security awareness and must practice cyber hygiene at work and home for personal computing. It is not just a top-down approach. It could also be bottom-up. He also offers some tips and advice for creating an incident response plan.
Dr. Ofori is a retired U.S. Army veteran with over 13 years of experience in both IT and Cyber Security. He is a Cyber Security Specialist with the U.S. Department of State and an Adjunct Professor at Stratford University with concentration in both Offensive and Defensive Cyber Security.
He specializes in corporate and enterprise security, development of cyber defense programs, and business operations protection for both US Federal and commercial clients.
He has been certified an industry professional by the International Information Security Certification Consortium (ISC2), Information System Audit and Control Association (ISACA), and the EC-Council as Certified Chief Information Security Officer (C|CISO).
Dr. Ofori started his career as a technical networking specialist; he then specialized, trained, and qualified in a number of disciplines including but not limited to ethical hacking, international management systems, risk management, business continuity, international governance frameworks, financial service regulations, cyber laws, and project management.
Dr. Ofori is noted for his ability to integrate competing objectives (like a “cloud-first” policy, data transparency, clarity of multiple-party responsibilities, Privacy, and security) in customized and practical compromises that are acceptable to all parties involved. He acknowledges that information security is multi-disciplinary, multi-departmental, and often multi-organizational. He is also noted for his ability to synthesize and document cybersecurity policies in contracts, security architectures, system security requirements, risk assessments, project plans, policy statements, and other clear action-oriented documents.
About the Interviewer
Brian Pereira is the Editor-in-Chief of CISO MAG. He has been writing on business technology concepts for the past 27 years and has achieved basic certifications in cloud computing (IBM) and cybersecurity (EC-Council).