Cybersecurity culture reflects the understanding that the organization’s actions are dependent on shared beliefs, values, and actions of its employees, including their attitude towards cybersecurity. As an organization is made by its employees, the sense of cybersecurity of each employee contributes to the success of an organization in terms of security.
In the upcoming RSA conference, cybersecurity will be discussed in various forms. This event is taking place from February 24 to 28th in San Francisco. Many famous names in Cybersecurity will be coming in the upcoming conference, like Dr. Lorie Cranor Director and Bosch Distinguished Professor, CyLab Security, and Privacy Institute, Hugh Thompson who is an advisory board member. Dr. Jessica Barker will also be speaking on the psychology of fear and cybersecurity. This has become a rising concern with growing cyber attacks.
In a business environment, where breaches are very frequent, only investing in robust infrastructure will not yield fruitful results. This can be very evident where security breaches are due to lack of human awareness, for example, sharing confidential data over Nonsecure channels, or communicating confidential data on public platforms. Now, it becomes mandatory to take an optimistic approach towards cybersecurity in order to spread awareness among society.
Role of Leaders in Security of Organization
Ken. M Shaurette says
“Security is not just about Technological Controls. Security cannot be achieved solely by the application of software and hardware. Any attempt to implement technology controls without considering the cultural and social attitudes of the corporation is a formula for disaster”.
To sway the environment with your attitude and be the one who is heard by everyone, a leader should follow the basics of security, like always card, taking caution on tailgating, not sharing information on unofficial sites and emails. This will encourage other employees to follow the suit. If people live in fear, they might never report an important incident which could lead to immense failure for the organization. For example, if people are scared of losing their job, they might never report malfunctioning of their system, if blame was to come on them.
Security Training and Awareness
Apart from following the basic security process in an organization, there are many parameters whose miss can be a huge loss for an organization. For this, organizations follow mandatory security awareness training for every employee each year, yet the training vitals are not implemented at ground level. To make the training successful and practice for all, the training should be relevant, interesting and engaging for employees. Such training should be enjoyed and incorporated by every employee of the organization. A good training, once enjoyed by an employee is definite to create a ripple effect. This will grow not just in an organization, but also in society.
Fear, Uncertainty, and Doubt (FUD) have always been used as a weapon for employees to follow the code of conduct. Fear only brings out half-hearted efforts, thus resulting in minimal security. Uncertainty and irresponsible behavior of an employee towards an organization will be the cause of uncertain results. Creating fear about threats and attacks is not a way to create cybersecurity awareness, rather it is a gateway to increased attacks. This lack of education and awareness is leading to two types of companies emerging – one that knows it has been hacked, and one that does not. If individual employees are not fully aware of how breaches occur and do not take steps to not only protect IP but also monitor and alert managers about cyber issues, the door is continually left open for cyber-attacks.
The Misconception of a security measure to be immeasurable has been made impassive by many Security experts now. Kai Roer, a security culture expert, and CEO of CLTRe, explained how security culture can be measured in different levels of the organization through a toolkit
The Cybersecurity Culture in Organizations report is based on multi-disciplinary research, conducted to better understand the dynamics of how cybersecurity culture can be developed and shaped within organizations.
Let Us Know If LIFARS Can Help Solving Your Cybersecurity Issues.