Lars S.

Melissa G. In my opinion, it is all about linking the security processes. If incident management, risk management and implementing measures are not linked, the reaction becomes slow and then the result will be the mentioned 19days. If the root cause is a human risk, then awareness measures should follow immediately if the risk evaluation is high or very high for the organisation. The key point is how urgent and concrete the risk is. For an high and immediate risk, 19 days is far too long. For a more abstract or long‑term risk, 19 days sounds "fair". For me the reaction time needs to defined and evaluted by the inherent risk (incl. the orginal threat)

Dr. G. -- mainly policies and training. We are currently rolling out purview to restrict the use of certain labeled documents by AI Services/DLP. In regards to OpenClaw it wont help a lot. 🤔

Melissa G. Dr. G. -- to be honest, currently I am focused not on attackers using AI, its more about colleagues early adopting AI without clear guidelines. In particular colleagues experimenting and maybe even granting Openclaw access and rights to systems and services keeps me up at night. OpenClaw led to a high dynamic with missing awareness to the security implications.

Hi Robert, how long was the awareness campaign active before you questioned the employees? I will definitely look into adopting it once some time has passed.

Lets give it a try 🙂 Something that looks phishy would definitely be an email telling Santa that Christmas Day has been postponed or that there’s a “new global delivery address” for all gifts. To keep his workforce cyber aware during the off-season, I would recommend introducing security challenges adapted to the season. for example in summer: "Spot the most phishing mails an win a security beach towl" - just to keep everybody engaged and informed.

Melissa G. - tbh I'm not entirely sure how to integrate these insights into my security measures. Adapting simulation activities to specific timeframes doesn’t seem right to me. At the moment, my thoughts are leaning toward incorporating them into my security communication strategy. I currently publish an internal security newsletter (Security Schnipsel) every month. I’m considering switching to something like a “Monday Morning Security Briefing.” However that would require a lot of effort. 🤔

Hey Robert K. - Thanks a lot for the insights and the idea. Currently i am preparing an executive presentation at my company regarding our progress with sosafe. Analyzing the raw data helps a lot to gain further insights. 🙂 Sharing is caring (and as data owner i classified them as "non sensitiv" 😉 ) + "early hours" are critical + Monday is critical because of the weekends

Melissa G. It will be displayed on a digital screen in our cafeteria or entrance area. The official announcement and recognication will take place in person during an (quaterly) infomation event. 🙂