I take more pleasure than I probably should in watching the bewilderment within organisations as the technology landscape rapidly changes and rushes ahead of them. Perhaps “pleasure” isn’t the right word, is it more “amusement”? Or even “curiosity”? Whichever it is, I find myself rhetorically asking “so you just expected everything to stay the same forever, did you?”
A case in point: you should look for the green padlock on a website so that you know it’s safe. Except that you can’t say that anymore because so many phishing sites are using HTTPS (remember, encryption is morally neutral) which is why Barclays Bank had their ad pulled earlier this year. You also can’t say “green padlock” anymore because after Chrome 69 hit earlier this month, they’re all grey. Unless, that is, you’re on iOS and using Safari in which case it’s green but only if it’s an EV cert and even that changed just a couple of weeks ago when Apple killed off the company name in the address bar for EV. Which, of course, also means you can’t tell people to look for the company name in the address bar either!
The point of all this is that technology – including information security – is a rapidly changing landscape and that’s exactly what I’m talking about in the latest Security Culture episode on Pluralsight. This is the quarterly series we launched earlier this year which aims to help organisations better understand how to create a culture of security within their organisations. Not just the hard skills, but the knowledge people need to really ingrain security into the organisation. Best of all, we’ve made this series easily accessible to everyone:
This course and the entire Security Culture series is still 100% free!