People have the potential to be an organisation’s best defence against cyber threats and fraud. This is especially true as companies continue to embrace work-from-home models and hybrid office and remote working structures. With perimeter security lines blurred, more people being left to their own devices, and most cyber threats leveraging the human factor, building a cyber secure culture should be at the heart of effective cyber risk management.
“Many cyber criminals target individuals through malware and phishing scams, putting employees on the frontline of the fight against cyber crime. It is evident in the scourge of cyber crime since March that work-from-home models have made companies, their people and their data vulnerable. However, suppose cyber security is a culture within your organisation. In that case, it does not matter whether your employees are at the office, at home or a bit of both,” says Charl Ueckermann, who has recently been appointed to Group CEO at AVeS Cyber International.
Inculcating a cyber secure culture has its roots in training staff on the dos and the don’ts around their use of technology and data resources. Yet, many companies are not providing ongoing cyber security training, despite the increased risks associated with remote working.
A survey by Malwarebytes: Enduring from home: COVID-19’s impact on business security, showed that 44% of companies did not provide cyber security training focused on the potential threats of working from home and 55% of company leaders cited the need to train employees on how to securely work at home as the top challenge.[1]
“The dilemma is that cyber security is a difficult concept to grasp. People struggle to believe in what they cannot smell, taste or feel. Similarly, the average user of technology cannot hear, see, smell, touch and taste cyber threats. They feel removed and untouched by them. That is until they are impacted by a cyber incident, data breach, fraud or identity theft.”
“That is why developing a cyber secure culture, where everyone at every level of the organisation buys into and participates in the cyber security strategy, is more effective than merely having a tick-box approach to cyber security awareness training. When cyber security becomes a culture in an organisation, two things happen: employees understand their role in the cyber security strategy, and they know how management expects them to respond to incidents.
“Culture is developed from strongly held value systems that are strategically supported. When safety forms part of your business values, your business continuity, the integrity of your data and sustainability of your business becomes a culture. These values must be driven from the top and be reinforced by both structure and strategy to ultimately shape employee perceptions and behaviour.
“Management plays an instrumental role in shaping and sustaining a strong cyber secure culture. If a company’s leadership does not buy into the importance of a cyber secure culture, it is unlikely that employees will,” explains Ueckermann.
Citing a 2020 Gartner report: The Urgency to Treat Cybersecurity as a Business Decision, says company leaders are realising globally that they need to change how they approach cyber security and risk management.
“For decades, IT and business have been separated, with few senior managers or execs understanding the impact that cyber security, or lack thereof, had on the business. This is changing, and company leaders realise that cyber security is not solely a technological issue. It is a business issue that can’t simply be addressed with a few add-on solutions. It must be integrated and aligned with the business objectives. People, processes and technology all work together to form a secure culture.”
Ueckermann concludes: “Inculcating a cyber secure culture can create a stronger defence against cyber threats than the most robust technologies or any single policy or procedure. Start building a robust cyber secure culture by embracing cyber security as a core business value, making it a key organisational priority, and reinforcing its importance through ongoing communication, clearly defining policies and procedures, and investing in training.”
Reference:
[1]Whitney, L. (2020,08 20). How the shift to remote working has impacted cybersecurity. Retrieved from techrepulbic: https://www.techrepublic.com/article/how-the-shift-to-remote-working-has-impacted-cybersecurity/
Share
AVeS Cyber Security
AVeS Cyber Security is a specialist in industry-specific IT Governance & Architectural services, combining expert knowledge and services with leading technology products to provide comprehensive Information Security and Advanced IT Infrastructure solutions. Over the past 22-years, AVeS Cyber Security has strategically honed its solutions and services to help Southern African businesses future-proof their IT environments against the continually evolving threat landscape while achieving their digital transformation aspirations. The company offers a leading portfolio of professional services, products, and training in security, infrastructure, and governance solutions. In 2019 and 2020, the company won eight awards from some of the world’s top technology vendors, indicating competency, strength, innovation and robustness in an industry that is fast growing in complexity due to evolving challenges, such as ransomware, advanced targeted attacks and the Internet of Things. The awards include Kaspersky's Africa Partner of the Year 2019 and 2020, Kaspersky's Top META Learning Partner 2020, ESET's Regional SMB Sales Champion 2019 and 2020, ESET's Product Champion 2019, Symantec's SMB Partner of the Year 2019, and Sophos' Upcoming Partner of the Year 2020. AVeS Cyber Security also received four new partner statuses, namely, Microsoft Gold Datacentre Partner, DellEMC Gold Partner, Veeam Silver partner and Sophos Platinum partner.