FEATURE
five years , 16 % of respondents noted the creation of a culture of security .
While this is a step in the right direction , establishing a baseline for good cyberhygiene must begin with CISOs helping their employees take cybersecurity seriously . This can be achieved in the following ways :
1 . Prioritise cyber awareness training
Social engineering attacks are extremely prevalent across organisations simply because they work . In fact , Verizon ’ s 2019 Data Breach Investigations Report ( DBIR ) found that approximately onethird of all data breaches involved phishing in one way or another . To combat this risk , CISOs must educate their employees about common attacks that could appear in the form of phishing , spear phishing , smishing , or other tech support scams . Whether these lessons are provided through online meeting spaces , video chat , or email , they should be prioritised . Understanding these threats and their associated red flags will be critical in helping employees avoid falling victim to fake emails or malicious websites .
In addition to teaching about common indicators of cyber-scams ( i . e ., the promotion of ‘ free ’ deals ), these training offerings should also feature simulated phishing exercises designed to test knowledge and determine which employees might need more assistance . Through tactics such as these , employees will be better equipped to know when they are the target of a social engineering attack and can , therefore , act accordingly . Fortinet ’ s NSE Training Institute offers a free Information Security Awareness training service to educate employees about the increasing risks of cyberattacks and how to identify threats .
2 . Create a partnership between the security team and other departments
Cybersecurity cannot fall on the shoulders of the security and IT teams alone ; especially as cyberthreats continue to grow more sophisticated and challenging to detect . In addition to ensuring that employees can identify phishing attacks , leaders should also encourage collaboration between the security team and other departments . This means helping both sides understand expectations . While the security team will be the expert in terms of determining the risk and threats , other departments will be critical in helping to develop user-friendly policies that are easy to follow both in the office and in remote work environments , even for those who are not entirely cyber-aware .
Through collaborative efforts , CISOs can ensure that all individuals across the organisation are not only aware of security policies , but also understand the impact their actions can have on the organisation as a whole . Helping employees understand safe cybersecurity practices and
It is more important than ever that CISOs prioritise their employees ’ cybersecurity awareness to help them understand the role they play in keeping networks secure and reducing the insider threat risk .
38 www . intelligentciso . com