Ronnie Wong, ITProTV: “threats are happening at levels well removed from the individual”
One may feel a little helpless against events like a cyberattack or a full-on cyberwar, but with proper training in even the most basic concepts of cybersecurity, such as encryption, malware infection prevention, and everyday security measures, cyber threats may become less frightening.
Unfortunately, on individual and even organizational levels, not a lot of people choose to invest their or their employees’ time into cybersecurity training, underestimating the power that a somewhat knowledgeable individual can have in the face of an incoming supply chain disruption attack, for example.
To discuss this, Cybernews reached out to Ronnie Wong, an Instructor at ITProTV, an ACI Learning company. We talked about the influence that recent global events have had on cybersecurity awareness worldwide, as well as touched upon the importance of proper IT training.
How did ITProTV originate? What has your journey been like?
ITProTV started back in 2013 as an alternative to the high costs and time commitments involved in classroom training. We created the type of training we wish we’d had back when we were first getting started, which was more flexible to work around the schedule of a career changer, and easier on the budget for someone looking to start or advance their IT career. The result is a self-paced subscription service where members can learn and grow on their schedules.
Since learning about cybersecurity might sound tedious to some, how do you manage to keep your training effective, yet entertaining?
We call our teaching style edutainment because we’re really trying to merge education with entertainment. Most of our shows feature a host and a subject matter expert so it comes across as more of a conversation between friends than a lecture. Also, rather than just watching a voice over powerpoint, you see the host and their screen as they run through real demos.
What kind of threats can only be eliminated with the help of quality cybersecurity training instead of technical security measures?
From a business perspective, cybersecurity training today can eliminate many of the threats focused on the handling of digital information and physical equipment, such as mobile phones, laptops, and workstation computers. In terms of digital information, limit the access of company work to approved devices. What I mean by that in today’s environment is about what security features should be on those devices, such as understanding encryption, using multi-factor authentication, and keeping track of your assigned devices.
How do you think the recent global events influenced cybersecurity awareness around the world?
We go through these cycles where events drive short-term awareness of threat and risk, but then that awareness wanes over time. The interesting thing about the current global event cycles (Covid-19 & the war in Ukraine) are that they have led to a dramatic uptick in cyber incidents and attacks against both the public and private sectors, but those attacks are not gaining much coverage in the media, and do not seem to be on the average person's mind. Industry and government are taking notice, and we are seeing a concerted effort at the Federal level in the U.S. to drive policy change as a result of these attacks, but that is not trickling down as of now.
Why do you think certain companies turn a blind eye when it comes to employee cybersecurity training?
When it comes to training, proactive training appears to be common sense. Of course, every employee understands this and shouldn’t need it. The other aspect of company decision-makers has to do with time and utilization. They may believe it is more valuable to have individuals working instead of security training. In reality, the common sense aspect is not in question. It is setting the expectation of the employee that the decision-maker should be considering and ”if you don’t think it’s important, they won’t either.”
Additionally, what other security issues do you think are often overlooked, but could cause great damage to businesses?
Supply Chain Risks are the most important threat vector we are currently wrestling with. Nation-State sponsored hacking activity and cyberwarfare are also now an increasingly big issue due to the ongoing activities of Nations, such as Iran, Russia, China, and North Korea.
With work from home becoming the new reality, what are the most prominent security threats that affect the remote workforce?
Co-mingling of business data/personal data and business process/personal process. When the WFH person takes for granted the security that they are trained to handle, this is when unapproved methods, potentially less safe methods, slip into work life from home.
What actions can organizations as well as individuals take to protect themselves from these threats?
Individuals do not have much direct capability to protect themselves from many of the threats that we collectively face today in the cybersecurity area, as these threats are happening at levels well removed from the individual. However, the best course for an individual at all times, regardless of the threat levels that are active around them, is to be focused on controlling as much of the narrative about themselves that exists online as they can. Specifically, they need to understand the impact of the decisions that they make to share their PII with any entity, and that whenever they do so, they are making it easier for bad actors to find and steal that data and use it for nefarious ends.
And finally, what’s next for ITProTV?
ITProTV continues to record new shows daily to ensure the library is fresh, as IT changes every day. As priorities shift, whether it’s cloud technology or cybersecurity, we’ll continue to shift with it to give IT teams and those looking to break into the industry the most relevant content.