Author of Cybersecurity for Dummies
Mediaplanet had the chance to chat with Joseph Steinberg (CISSP, ISSAP, ISSMP, CSSLP), author of Cybersecurity for Dummies, to learn more about the ever-evolving world of cybersecurity.
With an expansive resume and your significant role educating a global audience on cybersecurity, what accomplishment are you most proud of?
While I’ve been involved in many interesting projects over the past few decades, I’m proudest about having helped many people without technology backgrounds stay safe from cyber threats. Information security can be quite a complex discipline and, to this day, I dedicate significant time to translating complex, technical concepts into simple-to-understand ideas and practical easy-to-follow advice.
What are some of the top cybersecurity threats that modern workplaces face?
Sadly, there are enough threats to fill an entire book. At a high level, one area of threats that does not receive enough attention is the problem of insiders. People outside of the information security industry often don’t fully recognize the magnitude of the danger posed by insiders like employees. Whether through malice or human error, the people who have access to the most sensitive data and systems within an organization usually pose a far greater danger to the organization than outsiders acting on their own.
Cyber threats are constantly changing. How is cybersecurity innovation able to keep pace?
This question assumes that cybersecurity innovation can, in fact, keep pace with treats — which is a claim that I’m not sure that we should take as a given. While great minds are constantly inventing new countermeasures against cyber threats, the reality is that attackers enjoy a huge advantage: most attackers need to succeed only onnce in order to achieve their goals, while defenders must fend off every attack on order to keep an organization safe. As such, a single advancement from the offensive perspective can sometimes be enough to wreak havoc. That said, there are brilliant people constantly working on improving cybersecurity education, technologies, processes, and procedures.
How has the COVID-19 pandemic changed the world of cybersecurity?
COVID-19 has forced organizations around the world to allow their employees and consultants to work remotely — many of those involved weren’t adequately prepared, creating tremendous opportunities for cyber criminals and cyber spies. Some organizations didn’t previously allow remote work at all and were suddenly faced with the challenges of having a nearly all-remote workforce. Others offered remote working before but had to suddenly scale it up in terms of the number of people working remotely, the percentage of staff not in the office on a regular basis, and the length of time that workers remained remote. Besides exposing organizations to all sorts of technical vulnerabilities, the pandemic has also created numerous social engineering risks worldwide.
What should business owners prioritize to build a culture of resilience within their company?
The most important thing is ensuring that everyone understands that the organization, and each person working in it, are targets — people who believe that criminals and others intent on inflicting harm want to breach their computers and phones act differently than people who don’t understand, accept, or internalize this reality.
People should know to avoid cyber-risky behaviours like opening attachments or links found in unexpected email messages, downloading files from rogue websites, using public Wi-Fi for sensitive tasks, or buying products from unknown stores with “too good to be true” prices and no physical contact information.