Kevin Mitnick || Confusing Security Advice
CyberInsights #104 - An ode to the industry trendsetter || Are you guilty of giving vague cybersecurity advice?
Kevin Mitnick (Aug 6, 1963 - Jul 16, 2023)
The infamous hacker who influenced a generation of cybersecurity professionals is no more.
Kevin Mitnick is no more. See the obituary here.
Also, remember his books and read them.
The Art of Deception. — The first Kevin Mitnick book that I read. It changed how I viewed social engineering forever.
The Art of Intrusion. — Dive deeper into hacking here.
The Art of Invisibility. — The need of the hour. How to protect your identity on the internet.
There are more books that Kevin Mitnick has authored.
Cybersecurity advice is confusing
Now there is research to show it.
This post on Dark Reading got me thinking. There will be a research paper presented on the confusing advice given to people about cybersecurity. I am looking forward to reading the paper when it is released.
The key messages are simple:
Learn to prioritise information - more importantly, learn to deprioritise. If the end message is “patch your system”, don't send messages about new CVEs and the intricate details about them if the message is going to be ‘patch your system’.
Identify Key Messages - This is more related to the industry at large. What are the key messages that you want to give? It would be great if one of us could start a GitHub repo on the key messages and limit it to 5.
If I come across more info about this, I will keep you posted.
Meanwhile, I have recently concluded a 1 day workshop at the ISACA Mumbai Chapter about Risk Management for Artificial Intelligence. A very august gathering of people who, like me, were concerned about the maturity of the cybersecurity profession to identify and manage cyber risks around AI. An area that I believe is very important and the cybersecurity profession has to get up to speed faster than we have ever done before.