Building Cybersecurity culture

September 3, 2021
|
No items found.
|

Cybersecurity is an important topic for most organizations, but it doesn’t find its due priority on the management agenda. Is your Cybersecurity culture conducive enough?

NCSC has published an intriguing toolkit to engage boards in the Cybersecurity agenda. One of the key topics in it is about the enterprise Cybersecurity culture. During our discussions with several industry leaders, Organizational Cybersecurity culture came up as a critical point in the future of enterprise security. There are broadly two aspects to driving the positive Cybersecurity culture in an organization:

First and foremost, making Cybersecurity teams empowered to talk the business language and, secondly - driving participating culture across the organization.

Empowering Cybersecurity teams to talk the business language

Every day, we see new threats discovered and exploited. While many of these threats are discovered and patched before they can cause damage, every day still brings news of potential intrusions or breaches - sometimes not even reported to management. We need to bridge the gap between the technical and business world if we're going to make any progress in preventing cyberattacks and protecting business networks. The fact is that a large proportion of executives don't know how to engage in cyber security, let alone know that it's something they need to do.

Most security teams struggle to make the technical information business-friendly, and in the process, they spend time filtering out and creating charts and graphs that look good but are not comprehensive and accurate. From a business leader's viewpoint, conversations about information security are often viewed as nerd talks. That's unfortunate because the technology industry could use more good-natured, positive exposure. It's time we stop trying to fit in and start celebrating the amazing things both sides can do to inspire positive Cybersecurity culture.

We can start by giving business executives opportunities for more training and awareness, but we must go further to overcome these barriers. We must start viewing Cybersecurity with an Industry lens - its potential business impact - both in terms of risks and competitive differentiator. It will enable Cybersecurity

leaders to understand the business context in greater detail, and at the same time, equip business leaders to appreciate the potential Cybersecurity risks in their businesses.

Driving participative Cybersecurity culture

Building a participative Cybersecurity culture starts by building awareness across the organization. For example - you can invite Cybersecurity experts into some of the critical meetings. It will help raise the overall Cybersecurity awareness in your organization. These experts can be from the peer industry, academics, or even from your competitors. Information sharing around the policies, best practices, and expected behavior will bring down human mistakes and internal threat actors.

More recently, Industries like Retail, consumer goods, and travel have become more active in tackling Cybersecurity risks proactively. The next strategic direction for these industries will be to enable the participation of suppliers in managing cybersecurity risks. The way to ensure this is to empower the supply chain community to work together effectively by leveraging best practices and Cybersecurity models. The challenge for the suppliers is to understand - how they can contribute meaningfully to an integrated approach and help identify cyber threats in a way that is consistent with their processes and improves their overall security posture.

Furthermore, building a Cybersecurity participative culture requires a structural adaptation. Cybersecurity must be embedded into the organizational structure to become the core differentiator and not the hindrance. Boards and executive teams must have critical conversations with their management teams to bring Cybersecurity to the forefront. The integration of information security into organizational structures can help improve data protection and protect IP, thereby creating a more resistant and resilient organization.

About two decades back, when the internal financial controls started to emerge, the board took an active role to enable the culture of financial integrity through financial processes and organizational-wide cultural change. The situation is the same now for Cybersecurity. Board must actively take charge and create a Cybersecurity committee to drive a participative Cybersecurity culture.

See Alfahive Live

More like this

September 3, 2021
|
This is some text inside of a div block.
Building Cybersecurity Culture
Cybersecurity is an important topic for most organizations, but it doesn’t find its due priority on the management agenda. Is your Cybersecurity culture conducive enough?
September 3, 2021
|
This is some text inside of a div block.
Building Cybersecurity Culture
Cybersecurity is an important topic for most organizations, but it doesn’t find its due priority on the management agenda. Is your Cybersecurity culture conducive enough?
September 3, 2021
|
This is some text inside of a div block.
Building Cybersecurity Culture
Cybersecurity is an important topic for most organizations, but it doesn’t find its due priority on the management agenda. Is your Cybersecurity culture conducive enough?

Meet Alfahive at