The security gift guide
Give the gift of security, so people will give you the gift of not asking for help and advice.
Ira Winkler | 08 Dec | Read more
Stories by Ira Winkler
What awareness is supposed to be
Recent W-2 and accounts payable thefts show governance should be the cornerstone of awareness.
Ira Winkler | 26 Oct | Read more
What is phishing success?
A recent article asking the question to security professionals seemed to miss the mark, and raises more questions than it answers.
Ira Winkler | 07 Sep | Read more
What awareness gamification programs can learn from Pokemon Go
At the moment, the only intended gamification of Pokemon Go is to encourage people to spend money within the game. There are potentially future uses of the game, such as to get people to spend money at partner vendors. For now however, most gamification is exploiting the phenomenon by third parties.
Ira Winkler | 09 Aug | Read more
Pokemon Go: What security awareness programs should be doing now
Pokemon Go represents a tremendous security threat. As with all tremendous threats, it can also be your greatest opportunity.
Ira Winkler | 15 Jul | Read more
Pokémon Go: Into the real world, with real crime
The game is getting its players off the couch, which already wasn’t safe from the bad guys.
Ira Winkler | 12 Jul | Read more
8 reasons why your security awareness program sucks
I have come to the conclusion that most awareness programs are just very bad, and that like all security countermeasures, there will be an inevitable failing.
Ira Winkler | 03 Jun | Read more
Crying ‘Wolf!’ seems to work for security
Breaches that weren’t have gotten a lot of attention — and that’s not such a bad thing.
Ira Winkler | 31 May | Read more
Charges against Iranian hackers are ignorant, cowardly and dangerous
Iranian and Chinese governments directed and funded attacks, so why are Iranian and Chinese citizens being charged instead of the governments that directed their actions?
Ira Winkler | 29 Mar | Read more
Behind every stupid user is a stupider security professional
Security professionals should look in the mirror, before declaring a user, “stupid”.
Ira Winkler | 15 Mar | Read more
5 facts about Apple and the terrorist’s iPhone
The truth behind the hype and misunderstandings surrounding the case.
Ira Winkler | 19 Feb | Read more
FBI/DHS hack shows need for role-based security awareness programs
When a hacker released the contact information of 9,000 DHS employees, it was the result of several awareness failings. The reality is that these are failed awareness programs that are typical of industry as a whole.
Ira Winkler | 17 Feb | Read more
The threat of shoulder surfing should not be underestimated
Ira Winkler questions a recent column on the topic of shoulder surfing, also called visual hacking, and suggests that a better understanding of security awareness would go a long way.
Ira Winkler | 13 Jan | Read more
Black Hat survey reveals a disconnect between losses and security program focus
The recently published Black Hat Attendee Survey primarily focused on the concerns of practitioners, including how they actually spent their times and the losses that they incurred. For now though, the most notable statistic is the prominence of awareness related concerns, as a pain point for security professionals.
Ira Winkler | 03 Sep | Read more
User error is an expected business problem
When I read the article that human error was the source of most breaches and data loss in 2014, it was not a surprise. You can pick any study about computer-related crimes and data breaches in the last few years and you will find that humans are the primary attack vector for most significant breaches, and the criminals intend to initiate human error. In order to prevent this error, you have to understand what causes humans to make errors.
Ira Winkler | 17 Jun | Read more