FEATURE
information security more seriously in their personal lives .
3 . Measure the metrics that matter and respond with appropriate and fair remediation .
How can companies ensure employees are able to define basic concepts and terminology to build a security awareness culture ?
To educate their users , and with the best intentions , many organisations provide one or two hours of security awareness training annually . But this limited approach lacks staying power . It doesn ’ t promote lasting changes in behaviour . And it doesn ’ t instill the kind of security mindset that can transform your biggest attack surface into a critical layer of defence .
Bert Skaletski , Resident CISO for EMEA , Proofpoint
all cybersecurity strategy . CISOs need to consider an individual , tailored program , which corresponds with real-time events , related to their region , industry and company risk appetite . As threat actors constantly evolve their techniques , to new , unknown attacks , it ’ s difficult to state that every organisation has a fully robust cybersecurity strategy – which again , is why threat intelligence insights are so important .
How can companies create an individual security policy tailored to real life threats and user risks ?
While threat actors are constantly homing in on new techniques , one thing will remain the same : they are targeting people , as opposed to infrastructure ( on most occasions ). Organisations must consider how they can tailor an individual cybersecurity strategy that incorporates people , process and technology .
When looking at the people part of this policy , organisations should consider the below :
Reduce complexity by asking the right questions .
1 . Who in my organisation is being attacked ? 2 . Where are the current defensive gaps ? 3 . What are my priorities to mitigate human risk ?
Pair threat intelligence with organisationwide security awareness education .
1 . Identify which users are most likely to be targeted and who is most likely to succumb .
2 . Match training content to threats currently circulating .
3 . Train people to recognise phishing using the lures targeting them .
Build a security culture that goes beyond training .
1 . Training is crucial but not singularly sufficient .
2 . A strong workplace security culture will encourage users to take
What can we do better ? The answer lies in developing a systematic , sustainable and customised security culture – one that pervades the organisation across all users and all digital activities . Worryingly , only 58 % of UK organisations with a security awareness program train their entire workforce and only 39 % conduct phishing simulations – both critical components to building an effective security awareness program .
Most attacks target people before they target systems – what can CISOs do to improve their strategies for 2023 and beyond ?
Our CISO team ’ s predictions all point to the same theme : organisations need to go back to the basics to ensure they are protecting their people and their data . Whatever weaknesses threat actors exploit in 2023 people will remain their favorite attack surface and data their desired prize , underscoring the importance of cyberhygiene and a holistic approach to defence strategies .
Taking a broader lens beyond individual organisations , we see a growing need for public and private sectors to come together to boost our resiliency . With cybersecurity emerging as a national security concern in recent years , our industry and the government must work collaboratively to address these pressing cybersecurity issues . u www . intelligentciso . com
39