Instilling a Culture of Cyber Security

Uploaded on 2015-06-15 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NTT-skills_challenge-s.jpg

Every company that sells cyber security technology markets how their tools will “defend”, “stop threats” and “protect”. There is no doubt that the technologies that exist today are quite incredible in helping fight malicious adversaries. However, the reality is that technology can sometimes cause a false sense of security.

Put simply, no technology exists today that is a “fire and forget” solution and every device has vulnerabilities that it cannot defend against. Despite great technology, new vulnerabilities and exploits are being found all of the time. And of course there is the human element: the reality is that the majority of breaches occur, not because of a technology failure, but because a person failed to be vigilant or did something they should not have done.

With a recent survey on technology-related security risks finding that almost two-thirds of public sector workers would not report a serious data-protection breach if they thought it would cause problems in their workplace, it is clear that employers could be doing more to improve the human element of data security. So, what can your business do to make sure that your employees are part of the solution, rather than part of the problem?

Make security-awareness a key part of your company culture from the top down

Unfortunately, there is still a wide disparity among organizations on the level of training and education for security threats. There is an assumption that providing employees with a policy or a couple of hours of training will suffice. While that does “check the box” for the organization, it really does not develop a culture of cyber security.

Take the focus away from how to get everyone in a training room for several hours or take an online course and move it to conspicuous frequent messages that people cannot avoid seeing or hearing. It is important to get the information out to everyone often – repetition is key. An always-vigilant mentality is what organizations need to focus on creating so that cyber security becomes a reflex.

A true culture of security needs to come from the top down. If the leaders of a business do not set the example it should come as no surprise that others will not see cyber security as a priority.

The first thing that any CIO or CISO should do is get a baseline about how well-trained the organization really is. This can be done by running a phishing and social engineering exercise or by bringing in a company who provides this as a service. I recommend this for two reasons. The first is that it will be eye-opening for business leaders to see just how many people fail the exercise. The second is that it will provide CISOs with the justification they need to support investment required for a formal program.

At the end of the day, organizations have a fixed amount of funding to spend and far too often training, let alone cyber security training, is much lower on the priority list. If the CIO or CISO demonstrates that 70 percent of their employees are unfamiliar with basic security practices, there is a very compelling reason to find the resources for additional education. None of these efforts are particularly time consuming or costly to do, but they encourage employees to think about how they are always a potential target.
Net-Security:  http://bit.ly/1Bhu2Ff

« North Korea Threatens US with Cyberattacks
Health Industry Needs Urgent Cyber Surgery »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

DLA Piper

DLA Piper

DLA Piper is a global law firm with offices throughout the Americas, Asia Pacific, Europe and the Middle East. Practice areas include Cybersecurity.

Cybint Solutions

Cybint Solutions

Cybint provides customized cyber education and training solutions for Higher Education, Companies and Government.

Randori

Randori

Randori is an attack platform that provides "red-teaming" as a service - basically, staging simulated hack attacks to test for vulnerabilities and gaps in the security response.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

Liberty Mutual

Liberty Mutual

Liberty Specialty Markets offers specialty and commercial insurance and reinsurance products, including Cyber, across the USA, Europe, Middle East and other international locations.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

Zeta Sky

Zeta Sky

Zeta Sky offers a full range of IT and cyber-security services for your business.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

StackGen

StackGen

StackGen (formerly appCD) automatically generates Infrastructure from Code (IfC) based on application code with golden standards applied.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

ArmorX AI

ArmorX AI

ArmorX AI (formerly Kapalya) operates an encryption management platform designed to encrypt all data in transit and at rest on mobile end-points, corporate servers, and cloud servers.

RELIANOID

RELIANOID

RELIANOID is an application delivery controller and load balancing system that ensures high performance and security of IT services on a massive scale.

Freeze

Freeze

Freeze prevents attacks before they can start by finding, removing, and stopping the spread of information about your organization and employees.