Instilling a Culture of Cyber Security

Uploaded on 2015-06-15 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NTT-skills_challenge-s.jpg

Every company that sells cyber security technology markets how their tools will “defend”, “stop threats” and “protect”. There is no doubt that the technologies that exist today are quite incredible in helping fight malicious adversaries. However, the reality is that technology can sometimes cause a false sense of security.

Put simply, no technology exists today that is a “fire and forget” solution and every device has vulnerabilities that it cannot defend against. Despite great technology, new vulnerabilities and exploits are being found all of the time. And of course there is the human element: the reality is that the majority of breaches occur, not because of a technology failure, but because a person failed to be vigilant or did something they should not have done.

With a recent survey on technology-related security risks finding that almost two-thirds of public sector workers would not report a serious data-protection breach if they thought it would cause problems in their workplace, it is clear that employers could be doing more to improve the human element of data security. So, what can your business do to make sure that your employees are part of the solution, rather than part of the problem?

Make security-awareness a key part of your company culture from the top down

Unfortunately, there is still a wide disparity among organizations on the level of training and education for security threats. There is an assumption that providing employees with a policy or a couple of hours of training will suffice. While that does “check the box” for the organization, it really does not develop a culture of cyber security.

Take the focus away from how to get everyone in a training room for several hours or take an online course and move it to conspicuous frequent messages that people cannot avoid seeing or hearing. It is important to get the information out to everyone often – repetition is key. An always-vigilant mentality is what organizations need to focus on creating so that cyber security becomes a reflex.

A true culture of security needs to come from the top down. If the leaders of a business do not set the example it should come as no surprise that others will not see cyber security as a priority.

The first thing that any CIO or CISO should do is get a baseline about how well-trained the organization really is. This can be done by running a phishing and social engineering exercise or by bringing in a company who provides this as a service. I recommend this for two reasons. The first is that it will be eye-opening for business leaders to see just how many people fail the exercise. The second is that it will provide CISOs with the justification they need to support investment required for a formal program.

At the end of the day, organizations have a fixed amount of funding to spend and far too often training, let alone cyber security training, is much lower on the priority list. If the CIO or CISO demonstrates that 70 percent of their employees are unfamiliar with basic security practices, there is a very compelling reason to find the resources for additional education. None of these efforts are particularly time consuming or costly to do, but they encourage employees to think about how they are always a potential target.
Net-Security:  http://bit.ly/1Bhu2Ff

« North Korea Threatens US with Cyberattacks
Health Industry Needs Urgent Cyber Surgery »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Panda Security

Panda Security

Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Assystem

Assystem

Assystem delivers a comprehensive security approach for the industrial and service sectors that integrates physical security systems, industrial cyber-security, functional safety and dependability.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

ITsMine

ITsMine

ITsMine’s Beyond DLP™? solution is a leading Data Loss Prevention (DLP) solution used by organizations to protect against internal and external threats automatically.

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Let's Encrypt

Let's Encrypt

Let’s Encrypt is a free, automated, and open digital certificate authority, run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG).

doIT Solutions

doIT Solutions

doIT solutions specialize in IT security and infrastructure, security automation, data center, and cybersecurity.

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services

Exceed Cybersecurity & I.T. Services is a premier Managed Internet Technology (I.T.) company with a focus in cybersecurity risk management and CMMC compliance management.

Oman Technology Fund (OTF)

Oman Technology Fund (OTF)

Oman Technology Fund aims to make Oman the preferred destination for emerging tech companies in the region, and an attractive and stimulating destination for venture capital.

ISSQUARED

ISSQUARED

ISSQUARED is a leading provider of Cyber Security, Cloud, Infrastructure, Consulting and Digital Transformation services.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.