It is common to see such directive in subway, airport, key facilities, incident respond playbook etc.

The problem is different people have different interpretation of “suspicious”.

Take phishing attack as an example. Email is apparently sent from the one you know. Should it be suspicious? If so, there won’t be so many successful cyber attacks originated from phishing to launch ransomware, data exfiltration or remote access trojan (RAT).

Therefore, more needs to be done to elaborate what is “suspicious” to raise situational awareness. Of course, it is a challenge to include so many information in a sign board. If the facility is so critical, each personnel (staff, visitor, contractor) should be briefed the threat scenario (like the safety rules before the aircraft departure) while the signage is just a reminder of what has been briefed.

Leave a Reply