What is cybersecurity?
To the dedicated researcher, the question appears trite. Yet in practice, the question proves perplexingly deep. On the one hand, cybersecurity obviously means protecting your enterprise’s network from digital threats: insider threats, fraudulent logins, malware, phishing attacks, dwelling threats like cryptojacking programs, etc.
On the other hand, cybersecurity is more than that. It’s a business process as fundamental to the optimal fulfillment of your company’s mission as any other. It’s the responsibility not just of your security team but of every one of your employees. After all, your employees are your largest attack vector and the most vulnerable target for digital threat actors.
In order to best incorporate cybersecurity into your business processes, you need to foster a culture of cybersecurity in your enterprise. There are many elements to creating and growing a culture of cybersecurity:
- Instilling a sense of ownership on cybersecurity in all employees.
- Closing gaps of cybersecurity knowledge.
- Making cybersecurity a clear priority in your business.
- Conducting regular and optimized training sessions.
- Constantly reviewing and adjusting your cybersecurity policies to find vulnerabilities.
- Making cybersecurity an area of employee evaluation and a consideration for promotions.
Of course, your enterprise’s culture of cybersecurity will differ from another enterprise’s; it has to fit with your individual identity and your unique processes. This means evaluating how your employees handle emails to protect against phishing attacks, or how financial information moves through your enterprise so you can know where you need the most visibility.
To gain a different perspective on developing a culture of cybersecurity in your enterprise, we spoke with Kim Del Fierro, Vice President of Marketing at phishing security vendor Area 1 Security. Here is our conversation, edited slightly for readability:
Solutions Review: What would you say constitutes a “culture of cybersecurity” for enterprises?
Kim Del Fierro: Enterprises that have strong and thorough technology controls in front of cybersecurity education makes for a healthy cybersecurity culture.
SR: What necessary precautions are enterprises failing to enact?
KDF: Most enterprises have spent millions of dollars on cybersecurity solutions that don’t stop breaches and often feel they’ve done everything they can. What they’re failing to procure is a performance-based solution that stops phishing attacks—the root cause of breaches.
SR: How do enterprises reconcile the need for disruption to enact a culture of cybersecurity and their need for short-term success?
KDF: Making their cybersecurity culture stronger is not a daunting task. It’s as simple as implementing an anti-phishing service on top of what they already have. They’ll be more secure and would rely less on employees to act as members of their security team.
SR: How should employers engage their employees in cybersecurity education?
KDF: Employers should make learning about cyber-threats fun by energizing employees through incentives or performance-based cybersecurity program. Encourage employees to report deficiencies through an internal bug bounty-like program.
Thanks to Kim Del Fierro, Vice President of Marketing at Area 1 Security, for her time and expertise in developing a culture of cybersecurity. You can learn more about Area 1 Security here.
- The Best Cybersecurity Certification Courses on Udemy to Consider - May 19, 2022
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021