Create a Culture of Cybersecurity
After completing this unit, you’ll be able to:
- Describe the importance of creating a culture of cybersecurity.
- List best practices for fostering a strong culture of cybersecurity.
Employ Users as the First line of Defense
The traditional enterprise security paradigm described a technology boundary that isolated and protected the workers behind it. Today, a growing number of user interactions with the outside world bypass the physical and network perimeters and the security controls they offer. For this reason, keeping an organization secure is every employee’s job. Front-door attack vectors such as phishing, for example, are leveraged by many attackers. This puts users in the first line of defense and recognizes the critical role employees play in the organization’s security.
According to IBM X-Force research in 2019, 43 percent of compromised records were linked to human error and misconfigured IT services. Effective organizations are mindful of the fact that a majority of data breaches are enabled by internal actors. This can occur through unintentionally disclosing sensitive information, clicking on a phishing link, the negligent use of USB drives, Wi-Fi networks, or use of weak passwords.
Foster a Stronger Culture of Cybersecurity
The following practices foster a stronger culture of cybersecurity.
- Customize: Develop user awareness and training tailored to the business context.
- Engage: Leverage diverse and novel ways to better engage the organization.
- Incentivize: Incentivize your employees to participate in the awareness campaign.
- Sanction: Enforce sanctions on major or repeat offenders.
Finally, security knowledge must be mainstream. Organizations benefit from partnering with academia and educational systems to develop a curriculum that is adapted to the needs of their industry, in order to develop a cybersecurity workforce with the skills for the digital age.
Sum It Up
In this unit you’ve learned how a successful cybersecurity strategy and its implementation are dependent on the culture of the organization. Throughout this module and the previous one, Cybersecurity Risk Management, you’ve learned more about how to think like a business leader and foster internal and external partnerships to achieve this goal.
The explosion of connectivity present in today’s digital economy provides companies with opportunities to increase operational efficiencies, and improve customer satisfaction. It comes with a caveat, however: As customer data, intellectual property, and brand equity evolve, they become new targets for theft, directly impacting shareholder value and business performance.
In response, business leaders need cybersecurity leaders to take a stronger and more strategic leadership role. Doing so enables you to implement the other tenets we have learned about, including practicing strong cyber hygiene, protecting mission-critical assets, and protecting the organization from phishing. When all users understand and work toward common security goals, the entire organization benefits. With the effective cyber-risk management strategies you have learned in this trail, your business can achieve a smarter, faster, and more connected future, driving growth.
Interested in exploring more cybersecurity-related information? Check out the Cybersecurity Learning Hub on Trailhead.
- External Site: Centre for the Protection of National Infrastructure (CPNI): Developing a Security Culture
- External Site: Center for Internet Security (CIS): Developing a Culture of Cybersecurity with the CIS Controls
- External Site: SANS: Creating a Culture of Cybersecurity in the Workplace
- White Paper: WEF: The Cybersecurity Guide for Leaders in Today’s Digital World