1 of 13

Quantum Leaps & Password Myths: Spotting the Noise in Cyber Advice

Barry Foley

IT Security Officer

2 of 13

Signals and Noise

  • Auditors
  • Suppliers
  • Consultants
  • Cyber Security Community
  • Users
  • National bodies
  • Media
  • Malicious Actors

3 of 13

Cyber Advice Quality

Accuracy

Stakeholder Focus

4 of 13

Change passwords frequently

BAD

ADVICE

5 of 13

Don’t Use Public WiFi

OUTDATED

ADVICE

6 of 13

More Cyber Training = More Security

NAIVE

ADVICE

7 of 13

Don’t use USB charging ports when travelling

NEVER

REAL

8 of 13

Don’t use company devices for private purposes

UNREALISTIC

ADVICE

9 of 13

Humans are the weakest link

UNHELPFUL

ADVICE

10 of 13

Quantum Computers will soon be able to break public-key encryption

POOR

EVIDENCE

11 of 13

Doing Better

  • Focus on real and significant threats
  • Challenge governing assumptions
  • Enforce security controls technically
  • Cyber security is not everyone’s job
  • Make cyber training relevant
  • The most secure way should be the easiest way

12 of 13

Noise

  • Amplifies the imbalance in treatment of cyber risk
  • Response is focused but leads to inaccurate “Likelihood” risk treatment
  • A reassessment of risk - human focus treatment would lead to greater organisational resilience

13 of 13

Thank You