As we enter the Cybersecurity Awareness Month 2021, we focus our newsletter on exactly that: What's does the current state of security awareness look like? Why is there a need to keep reiterating its importance? And what best practices should you follow to facilitate a positive security culture in your team and the larger organization?
A recent industry survey among more than 1,000 U.S. employees tried to gauge the current state of privacy and security awareness. The results leave a lot to be desired: 45% of participants do not feel confident enough to identify a social engineering attack. Worse even, during the COVID-19 pandemic -which posed significant security challenges to many businesses- only 55% of employees received continuous cybersecurity and data privacy training.
Securing an organization and its assets starts with building a capable security team. In order to succeed in this task, a few best practices should be taken into account. One key factor is that successful cybersecurity teams are as diverse as the broader population, comprising a range of different skills and backgrounds helping to address security holistically. Another point to consider is ensuring adequate training time and resources in order to enable team members to stay on top of new technologies and security threats.
Security knowledge is not just required in the security team – every employee must possess a basic set of skills to do their part to keep the organization secure. A recent report outlines five aspects that are key for a company culture that facilitates security and empowers its people to do the right thing. These are Trust, Responsibility, Confidence, Engagement, and Outcome. Building such a mindset has a significant impact on an organization's overall security posture.
Particularly for technology companies, embedding safeguards into the complete system lifecycle is crucial for ensuring security effectively. One way of spreading security know-how and oversight throughout the business is a security champions program. These champions should be confident and passionate individuals who are able to evangelize security in their teams. Identifying risk early on not only improves the security posture of the system itself, it also benefits engineering teams by reducing urgent mitigation tasks later on.
In a recent interview with Cybersecurity Magazine, Jonathan Hiroshi Rossi of Saya University shared best practices for developing effective cyber security trainings. Among other things, he highlights that training contents must recognize and cater to cultural nuances of the work force, match the employees' day-to-day tasks and challenges, and make learning about security fun and approachable.
Cybersecurity Magazine Editorial Team
For our latest video discussions and podcasts please see the River Publishers YouTube.
The latest journal articles from River Publishers in all areas of cyber security can be found on the River Publishers website.