Despite the investments made to secure your organisation, it is the actions and activity of your people which remains the biggest risk to achieving this goal. Whether unintended (likely) or malicious (increasing), the biggest threat today still comes from within. Whilst there’s been a general rise in public awareness as data breaches and cyber attacks form part of our daily news cycle, outside of the IT dept. its clear that little of that translates into the working environment.
But even small improvements in the approach and attitude towards basic security hygiene has been shown to pay dividends. One of the most impactful transformations you can implement is to build a culture of awareness and responsibility amongst your employees for the security of the organisation.
Getting it right however is not easy:
Challenges facing employee transformation;
– Success rates of legacy approaches are low, creating scepticism as to the value in providing a positive outcome and improvement in security, versus cost / distraction
– Training programs create a vanilla user profile and then shoe horn the rest of the organisation in.
– People consume information differently. Some individuals are less confident, but learn quickly, others over confident but don’t retain information, and everything in between.
– Cyber is complicated, messaging needs to be straightforward and continuously drip fed
– Needs to be multi-dimensional, with information coming from multiple sources
In today’s digitally dependant world however, organisations need to go beyond maintaining a minimum base level of knowledge, to effectively communicating change. I’m not suggesting shock tactics, but the ramifications of a cyber incident can be catastrophic, and the knock-on effects potentially affect everyone, so in my view a basic premise of collective responsibility is a good starting point. If you can get it right, you have the opportunity to transform your people from one of the biggest headaches to an effective and responsive line of defence.
New technology approaches are also starting to deliver insight and understanding into the way employee information is consumed and retained. Developments that utilise the combination of behavioural and data analytics, alongside machine learning are providing ways to build awareness that focus on the individual employee. This analysis and automation-based approach is starting to unlock the potential of awareness programs, significantly raising individual knowledge levels and retention of information.
Benefits of new technology supporting business transformation;
– Leverages automation to improve success
– Delivers awareness at scale
– Reduces time, complexity and cost
– Measurable metrics to track maturity progression
– Determines complimentary awareness tools
A clear upside on all of this is that you now have the data at your fingertips. Armed with that information you ‘re then able to build a risk profile of your staff, and supplement additional training, awareness and controls to mitigate future risk.
The evolution of these tools will bring the ability to test the knowledge via real world scenarios that feed back into the model and can help continuous improvement and re-evaluation.
By Dominic Wordsworth, Senior Technical Consultant CBG
Contact our team of Cyber Security Experts to find out more about how CBG can help your organisation.
Find out more about our Cyber Services