We’ve now closed in on week two of national cybersecurity awareness month, and the theme of the hour couldn’t be more appropriate: “From the Break Room to the Boardroom: Creating a Culture of Cybersecurity in the Workplace.”
PricewaterhouseCoopers recently released its 19th annual CEO survey, and this year, the board room listed cybersecurity among its most pressing concerns. This isn’t shocking considering the immense amount of damage cyberthreats have caused in the past 12 months. We’ve witnessed cyberattacks on the power grid, digital bank heists of historic proportions, hospitals being held hostage by ransomware and other horrific attacks that seem to have been lifted from the pages of science fiction. Far and wide, business decision-makers are asking themselves this key question: What can we do to better protect our assets?
The marriage of cybersecurity and risk management
In a separate survey, PWC found that 91 percent of organizations now follow a risk-based cybersecurity framework. This statistic is truly indicative of just how imposing cyberthreats have become to business assets.
While viewing cyberthreat less as an IT issue and more as a business concern is certainly a step in the right direction, the next move is to create a risk management strategy that’s inclusive of the entire organization – or as the architects of NCSAM put it, “From the Break Room to the Boardroom.” For the sake of remote workers who have a laissez-faire definition of the home office, we might even add the bedroom.
‘Education is the great equalizer’
“Every facet of an organization needs to be well-educated on the many sources of cyber risk.”
The important thing to understand about cyberthreat-related risk is that no one is immune. The C-suite is in just as much danger from phishing schemes that aim to implant ransomware and other cyberthreats on the network as the lines of business. In some ways, the high level of privileged access given to upper management puts them at greater risk of making a mistake.
Long story short, every facet of an organization needs to be well-educated on the many sources of cyber risk. This goes beyond just laying out workflow protocols that attempt to mitigate risk all at once. To truly improve cybersecurity, business leaders need to work with their IT managers to actively educate the lines of business – as well as fellow board members – about the types of actions that put an organization’s data at risk. This includes instilling cybersecurity best practices into employees, contractors and vendors but also keeping them up-to-date on the most recent threats.
One approach that can help yield results is to have monthly meetings or training sessions that bring colleagues, regardless of their rank, up to speed on the newest tactics being employed by hackers. A weekly email blast highlighting the newest schemes can prevent workers from being blindsided by the more clever schemes (one type of ransomware called PETYA spreads in fake job applicant emails sent to unsuspecting human resources departments).
For those organizations that need help developing a template for risk management training, there are plenty of third-party organizations that are dedicated to enhancing cybersecurity awareness, and making the virtual world a safer place, one business at a time.
To learn more, contact Arctic Wolf Networks today.
This is part two of a five-part series in observance of National Cybersecurity Awareness Month.