Cybersecurity – Creating a Culture of Shared Responsibility

Cyber attacks have become commonplace across every industry and function from start ups to major enterprise.

According to recent research by betanews, cybercriminals can reliably penetrate 93 percent of organizations’ networks. Additionally, the emergence of AI has made attacks less detectable.

Scary stuff!

But interestingly the greatest threats to organistional cyber security are not necessarily external forces, they are more likely to come from within.  

While enterprises can instill multiple technical defences against attacks, educating the workforce is paramount to mitigating risks.

The team at Kyndryl suggest 4 safety steps that every organisation can implement to mitigate risks and help employees enhance their awareness.

1. Build a company culture of responsibility and transparency

No employee wants to be the one who clicked on the phishing email that caused a massive data breach. Knowing this, company leaders must create an environment where employees understand that everyone plays a role in creating a cyber resilient environment. Additionally, make employees feel comfortable reporting any potential security issues without embarrassment or repercussions. By providing cybersecurity education and emphasizing the importance of reporting a potential incident, everyone can better understand and commit to building a cyber resilient and transparent culture.

2. Invest in meaningful and up-to-date training

Cybersecurity education and training needs to be prioritized. Enterprises must validate that the training is meaningful and explain its importance to employees. The most effective training encourages engagement, which helps employees retain more information. Through communication and meaningful training, workforces will feel more equipped to address potential breaches before they cause lasting damage to the business.

3. Instill awareness and healthy skepticism

With the emergence of generative AI, coupled with employee information viewable on social media, it is easy for attackers to craft well-executed and more convincing spear phishing attacks. Suspicious emails or texts with spelling errors or urgent requests used to be easy to spot. But with generative AI, those attacks are becoming more sophisticated and difficult for employees to differentiate between a legitimate link and a phishing link in disguise. By educating employees regularly about these complex threats and encouraging a healthy level of skepticism, teams can recognize and avoid a potential attack.

4. Reward cyber-safe employees

Organizations often deploy phishing simulation testing to assess their employees’ cybersecurity readiness. While it is essential to support employees who fail through additional education and training, it is also important to reward those who correctly spot and report the attack. Having a reward system incentivizes those who are following best practices and motivates employees to actively engage, remain suspicious and empower a culture of cybersecurity awareness.

Continual focus on cybersecurity awareness is critical to organizational safety and responsibility. Awareness and understanding must evolve as the attacks evolve and become more frequent and sophisticated. By instilling a culture of cybersecurity awareness and healthy skepticism, underpinned by meaningful training, organizations empower employees to handle any situation in the ever-changing threat landscape and remain cyber safe.


Source: Kydryl