Cybersecurity Training Gets an Upgrade with Gamification and Catchphrases
As businesses continue to combat a barrage of cyber threats, creating effective cybersecurity education for employees is more critical than ever. According to a 2024 Proofpoint report, conventional computer-based training tops the list of cybersecurity education methods within organizations. However, professionals in the industry, such as LinkedIn CISO Lea Kissner, feel that these traditional models often fail to engage participants fully. To tackle this issue, IT Brew spoke with security experts who are infusing a bit of creativity into cybersecurity training by incorporating elements like gamification, memorable catchphrases, and interactive activities. For instance, Mastercard’s deputy chief security officer, Alissa Abdullah, mentioned the company’s use of brief, captivating videos and a unique catchphrase, “I don’t know you like that,” for phishing awareness. They have also introduced spear phishing tournaments with incentives for employees who report phishing attempts, making the learning process both fun and practical.
YeshID Simplifies Identity and Access Management for Small Businesses
While maintaining stringent security measures is essential, for small businesses, implementing enterprise-level identity and access management (IAM) systems can be overwhelming. Recognizing this, YeshID offers an IAM solution tailored for the specific needs of small businesses, especially those using Google Workspace. With YeshID, companies can automate complex processes such as onboarding, access reviews, and audit preparations without the cumbersome infrastructure typical of enterprise IAM tools. This balance enables smaller organizations to reinforce their security and compliance without unnecessarily burdening their IT departments.
AI Advancements Could Pose New Security Risks, Experts Warn
The AI revolution shows no signs of slowing down, yet as excitement mounts over new developments like the Chinese AI platform DeepSeek, security experts voice concerns about the potential for increased vulnerabilities. DeepSeek’s introduction earlier this year shook the tech industry due to its cost-effectiveness, causing significant market reactions. Nevertheless, there are apprehensions regarding the safe deployment of such technology, particularly in connection to application programming interface (API) frameworks. Field CISO at F5, Chuck Herrin, highlights that the rush to integrate AI across various platforms has expanded the attack surface and the range of potential cyber threats, stressing the importance of preemptive security measures in the face of these advancements.
Google Moves Toward QR Codes for Email Account Verification
Google is taking significant steps to improve the security of its email account verification process by transitioning from six-digit codes to QR codes. This move is aimed at mitigating security risks associated with SMS-based verification, which can be susceptible to phishing and phone number hijacking by attackers. Google Workspace spokesperson Ross Richendrfer outlined the company’s plans to redefine phone number verification to Forbes, mentioning the development of new, more secure mechanisms like QR codes, less vulnerable to exploitative tactics used by cyber criminals. This transition is expected to be rolled out gradually, as part of Google’s ongoing efforts to bolster account security.
Anticipation Builds for 2025 Gartner Security & Risk Management Summit
As cybersecurity remains a hot topic in boardrooms and IT departments alike, the industry awaits the Gartner Security & Risk Management Summit 2025 with keen interest. Scheduled for June 9-11 in National Harbor, Maryland, the summit offers a unique opportunity for professionals to network, share knowledge, and explore the latest trends in cybersecurity leadership, risk management, and operations. Early registrants can look forward to a substantial discount, adding an extra incentive to join what promises to be a significant and informative event.
