SIT Summit 4 Special (raw transcript)
arcy Milne 0:05
Hi, welcome to the cyber security cafe podcast. This is where Louisa and Beverly bring you the experts, the stories and the research impacting the cyber security profession
Louisa V 0:16
today. Hi, Beverly. I was reading that around 38% of Australian businesses don't provide any cyber awareness training to staff.
Louisa V 0:28
Why do you think that is? Is there any any reason behind that?
Beverley Roche 0:31
Yeah, absolutely. Louisa you know, those companies that had a starting to really establish a secure maturity posture, really understand that, you know, texts important. The people side of security is delivering really good results for them. And it's just a play. It's just a really a game of catch up for the rest. They're starting out their cybersecurity journey. And really haven't having a invested yet and be a really dealing with a lot of other issues.
Louisa V 1:09
Yeah, and I think there was some other kind of broader stats that said, we've quoted these multiple times on this podcast that I think two thirds of Australian businesses don't have a cyber security professional. And that could be anything from you know, technology specialist right through to awareness specialist. So we've still got this big, big gap and clearly growing community here in Australia, of professionals in the cyber awareness and influence space. And Beverly, what's the plan for this show? Because we're doing something a little bit different today because we're at an event which is a first for us.
Beverley Roche 1:46
It is and we're just delighted to be invited by sit to do the coverage for them. I think what they're really see is this being able to be amplified out about how good this is. It is and the participation and some of the new things that come out of it. And the rest of the community will hopefully get on board as we're able to amplify it through our podcast.
Louisa V 2:13
Yeah, so there's security influence and trust group is a community of people who believe that collaboration, consistent messages and simple actions are key to empowering people to protect themselves in the digital world. So they work together to amplify consistent tips that help the community build their online safety skills. And they were founded in 2015 in Australia. So this is their fourth summit, which is really exciting. And I think they're expecting around 170 plus attendees today from 86 organizations. It's held here in Melbourne, we're actually in the Telstra building in their new insight center. So it's really We're just so excited to be here. Beverly, any thoughts on what you're hoping to see today,
Beverley Roche 3:06
really looking forward to some of the new ideas that this group have come up with. And just excited the agenda looks fantastic. There's some awesome people here from the banks from insurance companies, you know, really the top 200 companies in Australia. So looking forward to catching up with some of our colleagues, and a lot of energy and everyone's excited about the event.
Louisa V 3:34
Fabulous stuff. All right, Beverly. Well, this time, it's not about us going to the chat. This is actually about us running off to the sessions that we're going to go and either participate in or observe today. So let's head to those and we'll be back again shortly with our insights
Beverley Roche 3:51
and Louisa. Good luck with your panel session.
Louisa V 3:54
Oh, thank you. I'm I'm really looking forward to that.
Hello Beverley we are back - How was this morning?
Beverley Roche 4:07
Just really good. Jen Stockwell is just did the opening remarks from Telstra. And she's doing a great job. And then we moved really quickly into Carl hand more. He was first Assistant Director General from the ACC. He talked about the new draft cyber security strategy, and how much engagement came back from the Australian community about all sorts of things. The stand up for me was small business and small business really getting that engagement. The other thing you talked about was, how important this this conference was about the engagement that they're doing with the Australian business community, which is really great to see it because we could really lead with this Now the other great one, of course, was Lance pfitzner. I've met Lance before. What was what was your takeaway? Given? That was the first time you've seen lance?
Louisa V 5:11
Oh, well, I'm going to come to that. Yeah, I was just gonna very briefly come back to Carl. Okay. There was a cup couple of couple of things he said, which I actually wrote down about how I mean, these are things we already know, cyber crimes increasing in Australia. It's a low risk crime with huge payoff. So I like kind of like that, that really clear what it is, and and it costing well to cost 29 billion. That's the Australian Government government estimate per year of what cyber crime is going to cost the Australian economy, which is significantly higher. I'm I'm pretty sure I didn't miss her. Yeah. And that's significantly higher to some of the estimates will all the reports we've heard, and a third of Australian adults being impacted by cyber crime in 2019 is not just a It's absolutely
Beverley Roche 6:00
phenomenal and that's money will never get back on the bottom line. Yeah,
Louisa V 6:04
yep. Yeah, it's a real challenge. Now back to Lance. Well, first off, kudos to Telstra who are hosting this event, who made sure that Lance was there a lot on Livestream on video on the big screen, and it was absolutely working perfectly. So what an amazing opportunity to have an expert like that in the room, virtually even though he can be here physically. So I really love that. And I thought James did a great job of interviewing him. But I think my observations having never seen Lance, the things I took away from it, there was a bit of a debate around whether we call what we do awareness or influence, and I really liked Lance's answer on that which was it doesn't really matter what we call it. Our goal is to change behavior to manage human risk. So I really like that love it. I'm sorry. And then he told talks about, you know, really simplified it down to the building blocks of what we do what what is the risk we want to communicate, and how we want to change behaviors to manage that risk. And the fewer behaviors, the better. And shifting from that risk management mindset to the marketing and communications mindset. So, again, just so many so many nuggets that I got from his session, and he just talked about that importance to look at those really effective ways of changing behavior. Things like and we've talked about this on the podcast, you've talked about it, our guests have talked about it, but that focus on the personal benefit, what's in it for me, and create that really simple behavior change that you want to see. link it to people's personal lives and yeah, just love that. So I think it's pretty pretty impressed with Lance, I really enjoyed the session.
Beverley Roche 8:04
And I think what's amazing is that if you look at some of the sessions that we're going to go to today, it'll be interesting to see whether we're seeing more of that in their programs.
Louisa V 8:18
There were two other really useful tips that I wanted to share from Lance's session, as well. I know we're short on time, but very quickly, first one was around whether you could have anything less than an F t, dedicated to security awareness and influence. His guidance was you wouldn't have a part time sock so you should absolutely have at least one ft dedicated to security when it's an influence. If you have half an FDA means you're never effectively changed behavior. The other guidance from Lance which I really loved and I actually asked this question have to confess was about ethics. So specific Typically about the ethics of security awareness training.
Beverley Roche 9:04
And his guidance was
Louisa V 9:06
that very much, you know, you should never look to try to embarrass people with your awareness programs. So don't send a fish that's going to embarrass people. Don't share information of anyone that has clicked on the phishing training emails. Never make that first phishing training email. highly targeted or really difficult to detect. make it really easy to start easy. Let people know that you're here to help them. Don't craft overly hard emails that hackers wouldn't even use and let people know the ground rules ahead of time. Let them know that you're not going to trick them. You're here to help them. So I thought that was a really great tip from lions about ethics.
Beverley Roche 9:54
Hey, Louisa, you've got to go because you've got you're speaking the language of yourself. Stakeholders session coming up.
Louisa V 10:02
Yep, I better head off and get ready for that. So I'm going to interview some industry experts around how we're currently using language in cybersecurity and how we need to adapt that and make sure that we're speaking that language of our of our stakeholders in the business and also externally as well. So I'm really looking forward to that.
Unknown Speaker 10:23
See, okay, good luck. Thanks. Bye.
Louisa V 10:30
So Beverly, we're back. We've just split into the two streams that they the organizers of the event have come up with this fantastic idea to split us in these two groups. One is for brand new beginners in security awareness who've never run a program in in awareness like myself, and then the other program, which is the enhancing streams, the string you've attended, because you've been doing this for a while and this is, you know, an opportunity for you to enhance your existing skills. So I thought that was really great. And your workshop was about metrics. Is that right?
Beverley Roche 11:08
Yeah, measuring for the change that we want. And the session was absolutely oversubscribed. It seems that, you know, we're up to that next generational pace of, you know, matrix is really hot. Everybody's needing to understand. How can we measure. So the enhancing stream was run by Laura Hartley and Andrew Robertson from National Australia Bank, and Erica Harding, and Jackie listo and Fiona on from ANZ. They did a great job. So the team came up with quite a good framework, actually quite a new framework that really helped go through the workshop and sort of asked some questions, any security behaviors that you want to change today? What are the things that you want to address to Today, rather than this all encompassing, what are we seeing? We're actually just focusing drilling down on, what's the one behavior that that is working today? And what are you struggling with? And who are you struggling to get? So these were the questions that they really asked at the beginning of the workshop in relation to so is a particular audience that you just can't get any engagement with. And then really walking us through, you know, don't try and change everything, just try and work on this. One thing that gets this one behavior, right, so that you can actually start measuring. And I think the difference is that when we been in these roles, people keep asking us from a reporting perspective. Tell us what you can report on From a metrics perspective, and we try and look at everything, rather than do a good story around one set of behaviors that we're really focusing on. So that was, that was the game changer different way of looking at the problem, rather than, you know, click rates reporting, you know, the all encompassing just one thing and, and maybe for those people listening, it's we're just not getting enough traction with HR or we're just not getting enough traction with that particular segment of the workforce. Go after that, and use that to story tell the winds that you're getting
Unknown Speaker 13:43
Beverley Roche 13:44
so it was really good and they came up with great framework to actually help plan that out with some action steps and walk you through we were had a group activity and it was just
Louisa V 13:55
great. It was really good. Sounds really sounds really helpful. So it If I've understood correctly, is it? Is it using metrics to tell a story about a behavior? Is that that you're changing through the program? Is that right? abs?
Beverley Roche 14:09
Absolutely. But just using one key focus area rather than lots because lots don't tell a story. Lots will tell you that you're improving your posture. Yeah, but what, but one will tell you that way. You're saying really good engagement and talking, telling a story around that good engagement, because that's what you really need. Does that help?
Louisa V 14:33
Yeah, definitely does. And that definitely links to what Lance was saying this morning. I wrote down, you know, he said, focus on three to five of the most useful metrics, so and that measure the behaviors that you want to change, so yeah, absolutely. That sounds like you nailed it in that workshop, which is great.
Beverley Roche 14:51
Yeah, it was fantastic. It was good. And how is your lightning round? It was great. So
Louisa V 14:56
we had Chris croissant. towel. We had Christy Wilson from uni suka, who we're going to hear from later. And then we had Philip Hall from cuvier. And they were talking about how to establish a brand new security awareness program from scratch, how to influence behaviors and how to amplify some of the messages throughout the organization. And honestly, I was just so impressed with the willingness to share. I think that was a key takeaway for me, from all of the the team that presented you know, they'd already gone through this over the past 12 months, and they had been set here at the sit summit a year ago, you know, with this daunting task of needing to start a security awareness and influence program from scratch. And then they would kind of both Chris and Christy gone out and done that. And they were sharing their learnings and they in fact, were willing to share their materials and how they done things and it was just a really energetic fun session to be in and it certainly gave me me the confidence if I was to go and start an awareness program from scratch myself, I felt like I had the tools thanks to them. So it was a great session.
Beverley Roche 16:11
And this is the power of the C group is this collaboration that we're really saying where, you know, no one's saying, well, this is my IP, I created this, that everybody's just absolutely willing to share everything that they're doing, and collaborate and bring the benefits of all of that to all Australian companies.
Louisa V 16:34
Yeah, absolutely. Yeah, Beverly, in fact, I asked Christy Wilson from uni super after her session, the establishing stream, whether she would mind sharing just her advice to somebody starting an awareness program from scratch. And here's what she said.
Christie Wilson 16:53
So my advice for someone who's starting an awareness program from the ground up is really to look at the resources that are readily available. I start with Stacey online. And I'd start with the Australian Cyber Security Center. Those two are really great resources for you to be able to find a lot of information that you can just reuse within your own organization and tailor to the people that you want to talk to about cyber safety. The Australian Cyber Security Center, the icse is a great way for networking with other peers, and for learning lots and lots of different things about different areas of cyber security. I'd also suggest looking at groups on LinkedIn, and looking at groups like the citizen powers group, as a way of being able to build a network and to be able to speak to like minded people around where you want to go with your security journey.
Louisa V 17:48
Great advice there from Christie with Matt and I, I know Beverly, you also asked Erica Harding for her advice. She's part of the enhancing stream sessions this afternoon. So let's hear what she said.
Erica Hardinge 18:04
Firstly, I would say tap into our wonderful, generous community. There are so many people doing amazing things, ask them, learn from them. Don't make the same mistakes, we have made different ones and share those back to us. But I'd also say start small, start with one audience group or one behavior research and talk to people about what's really causing that undesirable behavior. And then test and trial interventions to see what works in your context. And start with things that help to make cybersecurity visible, because so often, it's intangible and something that happens to somebody else.
Louisa V 18:38
And Beverly, we're heading to lunch now, which is exciting.
Beverley Roche 18:43
I love to chat. So I'm looking forward to catching up with some of my
Louisa V 18:47
favorite colleagues. Yes. And we're going to try and grab a few people to get their thoughts on the awareness and influence profession and why it's important so we'll hear from them when we get back.
Beverley Roche 18:58
Okay, catch the show. Lovely.
Christie Wilson 19:05
Beverley Roche 19:07
It was a bit like speed dating at lunch. I was trying to catch up with everybody.
Louisa V 19:14
But it was great to get we managed to grab a few of the speakers from this morning's sessions. So and and what was really great is we were able to ask them why awareness and influence is important and why they're passionate about it. So we'll hear from them now.
Erica Hardinge 19:32
I'm Erica Hardinge. I'm the joint head of security behaviors and influence at INSEAD. I am so lucky to job share this role with Jackie Lewistown. Primarily, we are responsible for educating and influencing more than 40,000 people across 30 geographies, including board and executives with increasing focus on customers, third party suppliers and wherever possible, the broader community. So pretty small. I frankly think of it as Educating and influencing rather than awareness. Maybe for me, it's partly to add weight to what we do to contribute to tackling cyber security, beyond the traditional technical solutions, which let's face it, that's often what gets the focus and the investment. And we do so much more than just make people aware. And for that reason, I'm passionate about this field, because I really think we have so much potential to change the world. I know that sounds a little idealistic, but given the internet offers so many amazing opportunities, both for businesses and for individuals, then helping people to make the most of this new world securely seems really, really important. Of course, it also helps that I work with such great people by that I ended and in the industry, people who are also incredibly passionate, full of ideas and so amazingly willing to share and collaborate. It's really a pretty exciting place and space to work in.
Christie Wilson 21:02
I'm Christie Wilson and I'm the cyber resilience lead at Uni Super, I focus on teaching our employees at uni super, I really haven't been cyber safe in the day to day work and at home as well. I'm passionate about awareness and influence because technology is a part of everything that we do. It's a part of our day to day work. It's part of our social lives. It's a part of the way that we do our baking in our shopping. It's just a part of the way that we do everything. And I think it's really important that people learn to embrace technology, and to not be scared about it, but to stay true to security as something that they just do as part of their day to day life. I call it security is a life skill.
susie Jones 21:47
I'm Susie Jones, the co founder and CEO of safe security.We work with micro and small business owners like your financial planners, your accountants, your boys. We focus on businesses that are too small to have in house tech staff. rely heavily on external support to help them with both technology and cyber security. experiencing a cyber incident can quickly become one of the worst days of your working life if you're a small business owner, and every improvement in cyber security starts with understanding the problem. This is my cyber awareness and influence is so important.
Beverley Roche 22:22
Hi, Louisa, look, we didn't get time before lunch, to have a chat about your business leaders panel. And speaking the language of your stakeholders, you facilitated it, how did it go?
Louisa V 22:34
It was really fun. Yeah, I think we could have gone for a couple of hours actually. Because I think my observation is really we do have a very varied audience to communicate with. When we think about speaking the language of our stakeholders. We have everybody from members of the public, to government to boards to highly technical people to it's just this whole plethora. of stakeholders that we have in our industry and it is so important that we communicate effectively to them and that we tailor that communication to them and their needs. And in fact, I asked Suzy Jones, who we heard from earlier about the panel, and what was her key takeaway and we'll just hear from her now.
susie Jones 23:19
On the business leaders panel, we focus on the language that you use to help people understand what we're talking about with their messages and to help us influence them. My key takeaway from business leaders panel is to consider what the goal of your audience is and help them achieve that rather than trying to give them and you go
Louisa V 23:37
so Beverly with with nearly come to the the end of the day at sit what happened for the rest of this afternoon and Jonna Yeah, cuz there's someone especially,
Beverley Roche 23:49
it's just so full on the day has just been so busy. So we had Darren Paul is writing session which you which I did. Yeah,
Louisa V 24:01
yeah. And actually, yeah, I grab Christie from uni super to get some insights about that. So we'll share those in a little bit. But yeah, I attended a writer effective writing workshop, which was super helpful. And in fact, Darren Pauly from Telstra, who headed up that workshop, he's an ex journalist, has actually put all of the information from the workshop online, via sit in powers website, which will will put the details in the show notes. So you can absolutely learn everything you needed from that session from Darren's blog, which is great, yeah, how generous and I went to the second phase of the enhancing stream, which was the lightning round, taking it to the next level.
Beverley Roche 24:47
And there was some great things from the Telstra team about how to scale your influence program using automation. So they've come up with a self service, security influence And trust as a self service. So if you want a session, you go on to a portal, look at sensational. Erica and Jackie share, roll, their job share and they talked about awareness is dead. And that's really just, let's not use awareness anymore. Let's move into influencer engagement and language that really describes more about what it is we're doing. And of course, we had the a Triple C The astraying. Competition and competitive commission presenting as well, they brought along Who was
Louisa V 25:40
that? Yeah, so if the session was called it could happen to you and it was a session where it is started and was so appreciated. It was a member of the public Sarah, who shared how she had been the victim of credit card fraud. So what happened to her and how that made her feel. So it It's always really appreciated by the community when individuals share their stories. And that's definitely something we discussed on the business leaders panel is that it is actually quite, quite challenging to get people to come and share that share their stories of being victims of cyber crime. And sometimes that is because we don't make the environment as comfortable for them, which which I thought was a really interesting thing we discussed on the panel because we have a tendency, and I'm I'm saying we broadly, because I know a lot of a lot of this particular community and security awareness and influence wouldn't do this. But there is a behavior of kind of victim blaming and shaming. And so this actually makes us it's a lot harder for us to get these kind of conversations shared. So I thought that was great that Sarah was willing to do that. And she obviously self felt safe to do that in this environment, which is great.
Beverley Roche 26:58
I think we know from our Previous guests on the podcast, there is no intellectual difference between those that fall for scams. You know, this is not. This is not something that it happens to everyone. And that's lovely and brave of her to come and talk to us about Yeah,
Louisa V 27:19
agreed and the a Triple C shared some really interesting stats. So the latest stats for this year in Australia. investment scams is the biggest scam in terms of losses for Australians. So we've clocked up around 50 million in losses to investment scams. The one of the other really challenging scams that's happening out there is dating and romance scams. So think it's that reminder that romance and dating scams are pretty prevalent at the
Christie Wilson 27:55
moment. Yeah, and
Beverley Roche 28:00
That money will never be recovered. And you know the impact to their personal lives
Louisa V 28:06
and total losses to scams in Australia so far this year, hundred and 18.5 million in losses. Hundred and 44 996,000 scams reported to scam watch, which is our national program which we report scams to here in Australia, which is run by the a Triple C. So yeah, some sobering statistics. They're
Beverley Roche 28:33
one of the five countries of choice for scams. there be other global countries out there really feeling it as well. And you know, it'd be interesting to see how the numbers stack up against ours.
Louisa V 28:48
Yeah, and they also mentioned because probably worth sharing the current trends they're seeing as well, that in those in the space of investment scams, there's some celebrity endorsements happening. So there's sort of clickbait that's created, that you might think you're going to a news article about a particular celebrity who's invested in something and wants to share how lucrative it's been for them. So just have a awareness that that's happening. And also Bitcoin investments is up there as a trend that's not going away anytime soon.
Beverley Roche 29:23
And I think the other takeaway, that when I talked to them offline was really that you know how much they want to work with the sick group across industry, to get those messages out and get bigger campaigns going.
Louisa V 29:41
Yeah, and I thought as well, what's really probably worth sharing is they gave some really clever advice about what individuals can do after a compromise. And the first thing that they recommend is contact your bank, your financials, you even if it's been days, that's what you do first. I know dkr second. So we interviewed Dave Lacey on the podcast a few episodes back. So contact them second. And then thirdly report to police and government after you've done the first two. And also that includes reporting to scam watch. So we can help other people to learn from the scams that have happened and maybe prevent them calling falling victim, sorry, prevent them falling victim to so I thought that was really clear three step advice. Just wanted to amplify that. And now we're going to go to our wrap up. So we're going to actually start with the voices of again, those three presenters that we managed to grab today and get their insights. So we've got Erica Harding, Christy Wilson and Susie Jones, and we're going to hear from them now. What they really enjoyed about the summit today. What was the thing that most surprised them? And also more importantly, what amplify me To them
Christie Wilson 31:00
learning from the other organizations around where they going, so that I can look at where we are, where we're at compared with other people in the industry, but also learning from people that have gone before us and further down their maturity journey to get ideas and tips for where we can take the conversation, even organizations will,
Erica Hardinge 31:22
I have to say is really quite overwhelmed by the whole day. Our little community has come such a long way from an idea and a desire to just share and learn from each other, to a group of more than 150 people willing to dedicate a whole day to collaboration, learning and showcasing your ideas. It's so inspiring to see such openness, such passion to doing this together. And it's so clear. This isn't a competitive sport for our community, but one where people really see themselves as being on the same team. And that's kind of incredible.
susie Jones 31:59
The community aspect, there was no competition, just open collaboration and helping each other out. It doesn't happen at many conferences generally, let alone other cyber security conferences.
Christie Wilson 32:09
Darren Pauli's presentation on how to communicate to different audiences. For me, that was something quite simple and straightforward, but really powerful. And he's given me some really good tips that I'm going to be able to use on a day to day basis, including getting on to the grammar function within Office so that it can help me in my written words, which I think is fantastic.
Erica Hardinge 32:35
Well, I'd have to say I was blown away by just how many people wanted to work together to improve the way we tackle matrix. Guess it's clearly a challenge we all share. And if I can have a second one I know that's a bit greedy to say the approach to automating service offerings for ambassadors. We really need this
susie Jones 32:56
the eight to 10 second videos from a and Zed show the powerful messages can be given in tiny bite size clips, they were great
Christie Wilson 33:02
for me Amplify is around adding color to an idea. So it's taking an idea, getting a lot of different people's heads together to, to fill it idea to give us some color to give it some life, and really taking something that starts off as a scratch head idea and bring it to life that is used across not only an organization, but also across the industry as well. This is something that I'm really passionate about. We had Lance and James talk about this true, we're not really helping ourselves or anyone else for that matter. whatsoever. We have a laundry list of behaviors that we're trying to change or actions that we need people to take. So to me, amplify is all about us as experts in industry and government saying the same simple thing in the same simple way to drive the same core outcome. Therefore not confusing people. We're not adding to the fear and putting cyber security into the terrifyingly important, but frankly, old too hard bucket. We need to avoid that. So Angela, amplify is about making sure we are heard above the noise, and most importantly, about driving change together. Please don't get me wrong. I know this is a challenge. There's there was so many workshops and debates that went into us creating our four steps of pact. But I really think that if we can achieve this together, the result will be really powerful.
susie Jones 34:32
Getting the messages out beyond our tight knit cyber security community. I would love to see people from all industries speaking the same language as us.
Louisa V 34:41
Beverly, wasn't that wonderful? We couldn't have said it better than they did.
Beverley Roche 34:46
Yeah, the the underlying themes about community working together what amplify means in terms of bringing these ideas to life and taking it out into the industry. Just the one. The one thing the same way with the one message that's for everybody will make it just so much easier for people to grasp as we amplify out over society. I think I think that was really compelling. Agreed. Yeah.
Louisa V 35:22
Yep. And, and just to finish up any takeaways that you have Beverly to add to those anything you want to add?
Christie Wilson 35:31
Yeah, a couple of things.
Beverley Roche 35:34
The framework that the team came up with the security behavior index, you know, these are some really new and surprising things. Security, influence as a service. So it's a portal and you self serve. You want posters, you want a presentation, you know, because that means you don't have to scale up and scale out and As a group, you can actually take these things and do it yourself. And it really helps. You know, as, as we heard with Jess Barca, if you get those champions taking ownership, they'll push, they'll just keep amplifying out and using them as a barometer as well, for the things that you're developing, so it creates that great feedback loop.
Louisa V 36:25
Yeah, absolutely. And I think I would also I'd like to add to that that SIT published a guidebook today as part of the conference. It's available online. It's an amazing guy book with some fantastic people, including Blair Adamson, who featured on our very first podcast this season. And so we will put the link in the show notes and this is available to anybody who wants to download it. So again, a wonderful example of everything you just talked about. And we heard from, from the ladies earlier just about this community and how willing Are to share which is great.
Beverley Roche 37:03
And we saw this is the end of season one for us.
Christie Wilson 37:08
Louisa V 37:11
I couldn't think of a better way to end the the the first season with such an event that's close to our hearts.
Beverley Roche 37:20
Yeah, it was just fantastic and thank you for just being the best pod sister. You know we've had a lot of learning this year and we're looking forward to season two. But for now we're going to have a break for Christmas. celebrate Christmas with our family and friends and we want everybody to be safe and have a happy Christmas I
Louisa V 37:43
couldn't have said it better myself. everything you just said right back at you and wishing everybody a happy holidays. And just to close us off. We have got a wonderful Christy Susie and Erica sharing with us that one That one thing the security industry could change, to help us to really drive those positive security behaviors in humans. So we'll, we'll leave with those thoughts.
Christie Wilson 38:14
And this is security industry could do one thing to make a difference to human security. I think it would be to encourage people to be alert, but not alarmed. I think it's really easy when you start to delve into security, to get really overwhelmed and quite, quite frightened pretty quickly. It's around lifting that bag so that people start to treat security as a life skill, so that they thinking about what they need to do at any one point in time. To be able to interact with technology safely, and to enjoy dealing with technology
susie Jones 38:51
use the same language as every other professional. Just because we can come up with a cool new term for something doesn't mean we should do.
Erica Hardinge 38:59
I think when Need to really consider the people. When we're creating security solutions, we have to focus on making it easier to do the right thing, the secure thing. whatever that may be. Type passwords is just one great example. It's easier for people to reuse passwords, then have lots of complex, unique passwords. And that's just one example. How do we, how do we make it easier for people basically and design thatin?
Darcy Milne 39:29
Thanks for listening to the cyber security cafe podcast? Be sure to subscribe for future episodes and for more information, visit cyber security cafe calm and find us on Twitter at cyber ACC cafe.