Instilling a Culture of Cyber Security

Uploaded on 2015-06-15 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NTT-skills_challenge-s.jpg

Every company that sells cyber security technology markets how their tools will “defend”, “stop threats” and “protect”. There is no doubt that the technologies that exist today are quite incredible in helping fight malicious adversaries. However, the reality is that technology can sometimes cause a false sense of security.

Put simply, no technology exists today that is a “fire and forget” solution and every device has vulnerabilities that it cannot defend against. Despite great technology, new vulnerabilities and exploits are being found all of the time. And of course there is the human element: the reality is that the majority of breaches occur, not because of a technology failure, but because a person failed to be vigilant or did something they should not have done.

With a recent survey on technology-related security risks finding that almost two-thirds of public sector workers would not report a serious data-protection breach if they thought it would cause problems in their workplace, it is clear that employers could be doing more to improve the human element of data security. So, what can your business do to make sure that your employees are part of the solution, rather than part of the problem?

Make security-awareness a key part of your company culture from the top down

Unfortunately, there is still a wide disparity among organizations on the level of training and education for security threats. There is an assumption that providing employees with a policy or a couple of hours of training will suffice. While that does “check the box” for the organization, it really does not develop a culture of cyber security.

Take the focus away from how to get everyone in a training room for several hours or take an online course and move it to conspicuous frequent messages that people cannot avoid seeing or hearing. It is important to get the information out to everyone often – repetition is key. An always-vigilant mentality is what organizations need to focus on creating so that cyber security becomes a reflex.

A true culture of security needs to come from the top down. If the leaders of a business do not set the example it should come as no surprise that others will not see cyber security as a priority.

The first thing that any CIO or CISO should do is get a baseline about how well-trained the organization really is. This can be done by running a phishing and social engineering exercise or by bringing in a company who provides this as a service. I recommend this for two reasons. The first is that it will be eye-opening for business leaders to see just how many people fail the exercise. The second is that it will provide CISOs with the justification they need to support investment required for a formal program.

At the end of the day, organizations have a fixed amount of funding to spend and far too often training, let alone cyber security training, is much lower on the priority list. If the CIO or CISO demonstrates that 70 percent of their employees are unfamiliar with basic security practices, there is a very compelling reason to find the resources for additional education. None of these efforts are particularly time consuming or costly to do, but they encourage employees to think about how they are always a potential target.
Net-Security:  http://bit.ly/1Bhu2Ff

« North Korea Threatens US with Cyberattacks
Health Industry Needs Urgent Cyber Surgery »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

Ripjar

Ripjar

Ripjar is a global company of talented technologists, data scientists and analysts designing products that will change the way criminal activities are detected and prevented.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

VivoSecurity

VivoSecurity

VivoSecurity is a pioneer in cyber risk quantification based on data science. Our products and services help organizations achieve optimal information security and GRC programs.

VKANSEE

VKANSEE

VKANSEE offer the world's thinnest optical fingerprint sensor for mobile device protection.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

Lasso Security

Lasso Security

Lasso Security is a pioneer cybersecurity company ensuring comprehensive protection for businesses leveraging generative AI and other large language model technologies.

Cydea

Cydea

Cydea are an optimistic cyber security consultancy of experts in security, data, technology and design that want to build a safer, more secure world where more things go right.

Thoropass

Thoropass

Thoropass (formerly Laika) helps you get and stay compliant with smart software and expert services.

Hartman Executive Advisors

Hartman Executive Advisors

Hartman Executive Advisors is an unbiased IT and cyber advisory firm uniquely designed to help mid-market executives maximize their IT investments.

Lupasafe

Lupasafe

Lupasafe is an all-in-one cybersecurity platform for MSPs and SMEs. See all your cyber risks: From training to phishing, darkweb scans, continuous tech monitoring, AI insights, reporting & compliance.

RELIANOID

RELIANOID

RELIANOID is an application delivery controller and load balancing system that ensures high performance and security of IT services on a massive scale.

Nyx Security Solutions

Nyx Security Solutions

Nyx is committed to excellence in embedded cybersecurity, delivering top-tier secure design, development, and penetration testing services that meet and exceed industry standards.