Our Information Security Consultant, Miral Laurie, had the privilege of attending the Google Cloud Women in Security Community Event at the famous Google headquarters in London.
Here, Miral shares some of the key takeaways from this fantastic cybersecurity event! Check out Miral’s great account from the event below.
“Yesterday’s women in security community event hosted by Google Cloud was insightful, informative, and of course fun (because girls just wanna 
).
“It was a privilege to hear the illustrious Jenny Radcliffe talk about her experience as a ‘Human hacker and burglar for hire.’
“Jenny started her talk by stating,’ I don’t need to work on the lock, I need to work ON the human.’ She went on to say that if a business has 5,000 staff, those are 5,000 points of entry she can exploit to get into a secure building irrespective of how sophisticated the physical access control systems are.
“If there is no luck there, she will then move onto your supply chain! Jenny quoted from Kevin Mitnik’s book ‘The Art of Deception’ where he states ‘95% of breaches are due to human error.’ We live in an age post covid where hybrid and flexible working has become the norm. Great for work/life balance and great for businesses to be able to offer additional flexibility, however, Jenny made an interesting point by stating that your perimeter security moves with your users, giving attackers more points of entry from locations that may not be as secure as your office. Security protocols and awareness tends to naturally wane when users are working from the comfort of their own home.
The solution
“So, what’s the solution? Annual training and threats of more training if you breach policies may not necessarily be the ideal way forward. We are all human, we all make mistakes, and security awareness should be instilled on a regular basis, in team meetings and company updates, ensuring that staff are switched on when it comes to protecting company, partners and client assets. We need to make it easier for users to follow the rules rather than finding ways to circumvent them.
“Yes, there is an element of humans being the weakest link. However, at the end of her talk, Jenny changed her quote to ‘I don’t need to work on the lock I need to work WITH the human.’ Stating that humans are both the cause and the cure.
“Social engineering attacks prey on humans using:
- Money and financial gain
- Manipulating humans when their emotion is high and logic is low
- Instilling Urgency
- Call to action
“Jenny showed us some great examples of how social media and preying on human characteristics and behaviours can be used to gain access and entry without using technology. Highlighting how careful we need to be with the information/images we share online as well as the way we behave. Security is everyone’s problem not someone else’s problem.
Holistic information security management
“At Inavate, we go beyond implementing boilerplate ISMS’ for this specific reason, instead, we will help to instil the right culture, processes, and systems to ensure that your ISO 27001 certification is effective and adds value to your organisation. User training is a key part of that and we try to make it as fun as we possibly can whilst aligning with your organisation’s culture!
Women in the cyber security sector
“After Jenny’s keynote speech, we were introduced to a set of women in security panellists or supporters of women in security. They spoke about their journeys over the last 30 or so years, the obstacles they have had to overcome, what measures they are taking to entice more women into the industry, and how they can support them in their careers.
“You don’t have to be technical to work within the Cyber security sector! Some very good work is being done in the background to level the playing field. Thank you to all the panellists Danielle Sudai , Manija Poulatova , Mindy Player, Rich Radley, Sharon Jones, Veronica Amestoy for all their thought-provoking insights and ideas.
#Iamremarkable
“The event ended with the introduction of #Iamremarkable by Lorna Heppell. #IamRemarkable is a Google initiative empowering women and other underrepresented groups to celebrate their achievements in the workplace and beyond. This was of great interest to me, not only as a woman but as a parent/carer of two autistic young men. It’s great to see how the landscape is changing for those with wonderfully neurodiverse brains and gave me a little comfort knowing that their unique skills and differences may be celebrated, recognised, and utilised by businesses in the future.
“Post-event we had the opportunity to meet and have discussions with all the amazing women that work within Cyber Security, and of course eat and drink the yummy spread laid on by Google Cloud.
“All in all, it was a great event, with lots of thought-provoking key takeaways and I look forward to attending more of these events in future.”
Protect your company with an ISMS review
We’d like to thank Miral for this amazing round-up from this key cyber security event. If there’s any of the points that you would like to discuss further, talk to us.
At Inavate, we take a holistic approach to reviewing your Information Security Management System which enables us to advise on strategies that are aligned with your company culture.
