07 Dec Mastercard Shares Free Cybersecurity Resources With Small And Mid-Sized Businesses
How partnerships reduce cyber risk Sponsored by Inspired eLearning
–Steve Morgan, Editor-in-Chief
Northport, N.Y. – Dec. 7, 2019
How does one become a CISO Ambassador?
Earlier this year Cybercrime Magazine asked the venerable cybersecurity spokesperson, Dr Jay, to be ours. A liaison to the world’s CISOs (chief information security officers) if you will.
Dr Jay has been involved with math and STEM since she was a middle schooler. There aren’t many people who have been a certified cryptologic engineer for the U.S. Department of Defense, White House Deputy CIO, and CISO for multiple Fortune 500 corporations. This is the type of broad and deep experience, and credibility, that we wanted.
Cybercrime Magazine sat down with Dr Jay, now deputy chief security officer and senior vice president of Cybersecurity Technology for Mastercard, to learn about her new employer’s best practices for training end-users on cyber safety.
We learned that Mastercard is an ambassador of sorts as well. The financial services giant shares free cybersecurity resources and tools with small to mid-sized businesses (SMBs) globally.
The Mastercard website takes SMBs to school on cybersecurity. It explains that 60 percent of cyberattacks target SMBs.
A first step for any SMB is to understand the various cyber threats and consequences. Mastercard steps them through the basics such as authentication, phishing, ransomware, and more. For each topic, there’s an easy-to-understand definition, meaningful statistical data, and even an actual cyber incident.
Global Cyber Alliance and Mastercard recently launched a cybersecurity toolkit to enable small businesses to stay protected. This free online resource is available worldwide and offers actionable guidance and tools with clear directions to combat the increasing volume of cyberattacks, according to a joint press release.
Back to school.
Dr Jay is helping to train employees on how to stay out of cyber trouble at Mastercard, which has a very progressive security awareness training and ongoing reinforcement program.
Mastercard has 14,000 employees. To Dr Jay, that’s 14,000 ways for an adversary or cyber intruder to go where they don’t belong.
“It only takes one click to bring the whole company down,” says Dr Jay. And it’s true. Employees need to understand the potential magnitude of being duped into a phishing scam.
Mastercard has one of the most aggressive and effective cyber education programs for employees that Dr Jay has witnessed. While many organizations run annual or quarterly phishing simulation programs, Mastercard runs them monthly.
“You’re 30 percent less likely to click on a phishing email if you send a (phishing) simulation to your employees once a month,” according to Kyle Metcalf, CEO for Inspired eLearning, a leading security awareness training company. His company offers a tool that is used to send fake phishing emails of varying degrees of difficulty to their employees — to figure out who’s going to click on it.
Dr Jay takes issue with the complex terms that often confuse employees, such as spear phishing and whaling. It doesn’t do the HR or finance staff any good, and it makes learning about cybersecurity that much more difficult for them. Instead, people just need a solid understanding of what a phishing scam looks like when it hits their inbox, and how they should react to it.
Around six months ago, one company was breached when a cyber intruder stole the security awareness training email. Then the cyber thief used it against the organization it was swiped from.
Dr Jay explains that our information is on social media and the dark web, and the cybercriminals know us. They can use intimate details, such as our high school teacher’s name, to lure us into an email exchange.
Five years ago, there were mainly hit and run hacks. For the black hat, it was about how quickly they could strike and take something. Whereas now it’s more of a waiting game. Cybercime is a business, and the cybercriminals are more patient. They’ll take time to profile a user and ultimately send a highly targeted spear-phishing email.
Thoughts of spear phishing keep Dr Jay up at night. She can put all of the tools and technologies in place, but that can’t stop an employee from entering data where they shouldn’t be. And then there are the consequences for these people, who are after all her co-workers. They don’t have malicious intent, and they can feel bad or even be devastated after falling prey to a phishing scam. At some companies it can even put their job at risk.
“All of that (cybersecurity) tech is deemed completely useless,” says Inspired eLearning’s Metcalf, “if a hacker gets someone to hand over their credentials and walks in the front door.”
There are adversaries. No sense in making believe otherwise, or softening it up. It is what it is. And Dr Jay says “Bring it.” She aims to be the toughest defender they’ll ever go up against. Mastercard is her team, and she’s going to do what a great teammate does — make everyone else better.
Dr Jay applauds some of Mastercard’s efforts. For instance, they brought in a comedian to engage employees on cybersecurity — and it really resonated with everyone.
Advice for consumers.
It’s shopping season. Your data is out there. It’s open enrollment time. Dr. Jay urges all consumers to take personal accountability for their cyber defense. She practices what she preaches. This means checking her credit report regularly, and reviewing what’s going in and out of her bank account and PayPal every day. It’s not rocket science, but most people don’t do it. You lead by example, and sharing.
Dr Jay is about educating organizations of all sizes and types on how to protect themselves against cybercrime. Starting in January of 2020, she’ll be the host of a new weekly one-minute cybersecurity podcast sponsored by Mastercard.
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Sponsored by Inspired eLearning
At Inspired eLearning, we are committed to delivering eLearning solutions of the absolute highest quality, ones which don’t simply check a box, but which drive positive and measurable changes in organizational culture as well. We want to help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations, and maximize the return on their investment in organizational training with our eLearning for employees.