Instilling a Culture of Cyber Security

NTT-skills_challenge-s.jpg

Every company that sells cyber security technology markets how their tools will “defend”, “stop threats” and “protect”. There is no doubt that the technologies that exist today are quite incredible in helping fight malicious adversaries. However, the reality is that technology can sometimes cause a false sense of security.

Put simply, no technology exists today that is a “fire and forget” solution and every device has vulnerabilities that it cannot defend against. Despite great technology, new vulnerabilities and exploits are being found all of the time. And of course there is the human element: the reality is that the majority of breaches occur, not because of a technology failure, but because a person failed to be vigilant or did something they should not have done.

With a recent survey on technology-related security risks finding that almost two-thirds of public sector workers would not report a serious data-protection breach if they thought it would cause problems in their workplace, it is clear that employers could be doing more to improve the human element of data security. So, what can your business do to make sure that your employees are part of the solution, rather than part of the problem?

Make security-awareness a key part of your company culture from the top down

Unfortunately, there is still a wide disparity among organizations on the level of training and education for security threats. There is an assumption that providing employees with a policy or a couple of hours of training will suffice. While that does “check the box” for the organization, it really does not develop a culture of cyber security.

Take the focus away from how to get everyone in a training room for several hours or take an online course and move it to conspicuous frequent messages that people cannot avoid seeing or hearing. It is important to get the information out to everyone often – repetition is key. An always-vigilant mentality is what organizations need to focus on creating so that cyber security becomes a reflex.

A true culture of security needs to come from the top down. If the leaders of a business do not set the example it should come as no surprise that others will not see cyber security as a priority.

The first thing that any CIO or CISO should do is get a baseline about how well-trained the organization really is. This can be done by running a phishing and social engineering exercise or by bringing in a company who provides this as a service. I recommend this for two reasons. The first is that it will be eye-opening for business leaders to see just how many people fail the exercise. The second is that it will provide CISOs with the justification they need to support investment required for a formal program.

At the end of the day, organizations have a fixed amount of funding to spend and far too often training, let alone cyber security training, is much lower on the priority list. If the CIO or CISO demonstrates that 70 percent of their employees are unfamiliar with basic security practices, there is a very compelling reason to find the resources for additional education. None of these efforts are particularly time consuming or costly to do, but they encourage employees to think about how they are always a potential target.
Net-Security:  http://bit.ly/1Bhu2Ff

« North Korea Threatens US with Cyberattacks
Health Industry Needs Urgent Cyber Surgery »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Norton Rose Fulbright

Norton Rose Fulbright

Norton Rose Fulbright is a global business law firm. Practice areas include Data protection, Privacy and Cybersecurity.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

SERMA Safety & Security (S3)

SERMA Safety & Security (S3)

SERMA Safety & Security provides a comprehensive cybersecurity offering incorporating Expertise, Evaluation, Consultancy and Training, covering hardware, software and information systems.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

Precise Biometrics

Precise Biometrics

Precise Biometrics develop and sell fingerprint software for convenient and secure authentication of people’s identity in mobile devices, smart cards and other products with fingerprint sensors.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Bangladesh Association of Software & Information Services (BASIS)

Bangladesh Association of Software & Information Services (BASIS)

BASIS is the national trade body for Software & IT Enabled Service industry of Bangladesh.

Blockchain Solutions

Blockchain Solutions

Blockchain Solutions Limited is a technological One Stop Solution provider, for Blockchain technology.

SoloKeys

SoloKeys

SoloKeys provides the first open-source FIDO2 security key: Protect your online accounts against unauthorized access by using the most secure login method.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

IT Acceleration

IT Acceleration

IT Acceleration is a full-service IT management and support, IT compliance and Digital Forensics company.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.