BUSINESS surveillance reflect the evolving security posture of the business and the ever-changing cyberthreat landscape .
Building a cybersecurity culture at all levels
Cybersecurity is a team sport . Any person in the organisation can be a target or fall victim to a compromise through a phishing or social engineering campaign , accidentally misconfiguring or not patching a vulnerable system , or inadvertently developing code that a threat actor could exploit .
Research from Fortinet ’ s 2023 Security Awareness and Training Global Research Brief revealed that 81 % of organisations faced malware , phishing and password attacks last year that were targeted at individual users . It also showed that more than 90 % of leaders believe that increased employee cybersecurity awareness would help reduce the occurrence of cyberattacks . Periodic training and ongoing awareness about the most common cyberthreats and techniques used by adversaries are essential to build a ‘ human firewall ’ and prevent an initial breach .
Leading organisations that implement robust cybersecurity awareness training , require software developers to be proficient in secure code development practices , and periodically exercise their members ’ readiness to detect cyberthreats through simulated phishing campaigns , tabletop exercises to test incident response and implementing robust threat-hunting practices .
Those at the top have a duty to understand and monitor the critical cyberthreats that could impact the organisation .
Developing a cybersecurity culture can take time , but active participation at all levels of the organisation helps to ensure that all employees understand their significant role in the organisation ’ s defense against cyberthreats . Effective training helps users become proactive in risk mitigation and remediation . A mature cybersecurity culture creates a more cyber-resilient organisation and helps keep you out of the headlines .
Cybersecurity strengthens business resiliency
For too long , cybersecurity has been treated as a mere technology issue . It ’ s not . Cybersecurity must be seen as an enterprise risk-management imperative . Given the potential impact of cyberrisks on business resiliency and increased regulatory requirements on the public and private sectors , it is now vital for organisations to demonstrate they have clear oversight , processes and procedures to prevent , detect and respond to cyberthreats .
WWW . INTELLIGENTCISO . COM 65