Cyber Security needs Smokey Bear
By Tim Campbell, CISSP, Director of Technology Services at Avid Communications
October is Cyber Security Awareness Month and as the month draws to an end, I thought it would be an appropriate time to ask if our Cyber Security Awareness programs should take some cues from Smokey Bear. I’ll readily admit, I’m not the first to drag Smokey Bear into Cyber Security and I probably won’t be the last, but I have some fresh thoughts that I hope will pique your interest.
The Smokey Bear awareness campaign is arguably the most successful awareness program ever devised; some will argue that it was too successful. Did you know that Smokey Bear is recognized by 96% of Americans? The only other figures recognized by more Americans are Mickey Mouse and the US President.
Why was Smokey Bear so successful?
Smokey Bear has a simple and clear message with relatable actions that everyone, both young and old, can easily understand and perform. Every good citizen knows that their actions will help prevent wildfires. In addition, the delivery of the message has been continuous. As a child, I remember hearing Smokey Bear’s message every Saturday morning while watching cartoons. As an adult, every time I enter a National Park, I still see him warning us of the current fire danger. Lastly, the message has been consistent. It hasn’t changed in over 75 years. We all know the message it’s engrained in us.
What can we learn from Smokey Bear?
If you have a quality Cyber Security Awareness program in place, and it delivers on Smokey Bear’s tenets listed above, you are in pretty good shape. If your organization doesn’t have a Cyber Security Awareness program, I would highly recommend rolling one out at your company. As a business owner, you will significantly reduce the risk of your company becoming the next victim of cyber criminals.
The Big Pink Elephant Smokey Bear in the Room
If we have an effective Cyber Security Awareness program, then why are very smart people in our organizations still getting duped by cyber criminals? Often the quick answer is to send them through more awareness training. Is that really the best answer? I would venture to say that if we polled our co-workers, nearly all, if not all, know the dangers of clicking on links or opening random attachments. So, I’ll ask again, why are these very smart people getting duped?
Psychology professionals tell us that we must look at human behavior to get the answer.
As humans we make more mistakes when we are fatigued, stressed or distracted. How many of us come to work every day burdened with at least one or two or all three of those factors? What if it’s 6:00pm on the last day of the month, you just asked your finance manager to give you a hairy financial report before they leave for the day, your finance manager is already late to pick up their daughter from volleyball, and in the middle of all this, a cyber-criminal starts MFA Bombing your finance manager? With all that going on, are we really expecting our finance manager to also be a human-firewall?
Note: MFA Bombing is the practice of sending a high volume of spamming multifactor authentication (MFA) login attempts to an account until the account’s owner accepts the MFA prompt out of desperation, wishing to make the spamming stop.
Smokey Bear’s purpose was to create community awareness around the dangers and prevention of wildfires. Smokey Bear never expected any of us to become forestry management experts. Likewise, we should stop expecting our employees to become human-firewalls and instead use our Cyber Security Awareness programs to help build a culture of cyber security awareness in our organization.
Avid Communications is well positioned to help your organization navigate these challenges.
Our Managed Service Provider team and Cyber Security team have a wide array of tools in our toolbelt. Our SIEM and EDR are advanced tools that can alert on and stop many cyber threats in real-time which can ease the human-firewall burden that was previously delegated to our employees. We also have tools to help you roll out or improve your Cyber Security Awareness program. Those are just a couple of examples of the many tools in our toolbelt.
If all of this is confusing, or you need to hit the ground running, we are here to help. Give us a call!
