Rekt Casino Hack Assessment Transformational Series Feeble Security Culture Disconnected from Business Objectives Part 3 of 4

  • Wednesday, 17 Feb 2021 11:59AM EST (17 Feb 2021 16:59 UTC)
  • Speakers: Lance Spitzner, Russell Eubanks

The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach.

The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. It's as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. '

If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees ' approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It's not enough to acknowledge that security requires more attention, you also have to act on that knowledge.

In this Part 3 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to the security culture of the Rekt Casino. We will dive into topics such as:

  • What is a security culture and why it is important
  • How to establish a security culture
  • Building a strong security culture over time
  • Making the business case for security culture
  • Concepts of Organizational Change

Don't wait! Register now for the other webcasts in the series!