June 5th, 2017

Think of the human factor when developing a cybersecurity strategy

Behavior Change, Events, Information Security Awareness

Visit us at the Gartner Security & Risk Management Summit to learn more
When thinking about cybersecurity, what immediately comes to mind? Antivirus programs, firewalls, patches, scanning and clean-up software? While all the technology in the world can be installed on a system, the fact remains that a system’s users are its primary intruders! According to IBM’s 2016 Cyber Security Intelligence Index, 60% of attacks originate from within. That means that no matter what tools, software or processes are implemented, they won’t be effective unless users understand the importance of running these programs securely.

 

Despite their technology expertise, CISOs can be daunted by the challenge of launching a security awareness campaign and knowing where to begin.

To include the human factor in a cybersecurity strategy, the following factors should be considered:

  • Planning and promoting an in-house awareness campaign is just as important as deploying it. Clearly communicating the project to employees and rallying them around a common goal is a critical step that will make it easier to engage and interest them in the training you offer.
  • Be aware that employees learn concepts in different ways. It’s important to let them learn at their own pace and by different means. When you diversify the time, locations and methods for communicating information to them, you’ll be further ahead in achieving your objectives. Entertaining and highly interactive training methods should be considered. Gamification and inter-department competitions are also good options.
  • Rather than making it a mandatory annual training, spread out your program over time, reiterate key messages and use reinforcement methods to solidify newly adopted security behaviors.

For more information on this topic we invite you to come to booth #608 at the Gartner Security & Risk Management Summit on June 12-15 in National Harbor, MD. Our experts will be happy to answer any concerns you may have about increasing employee awareness of information security. They can advise you on the optimal way to establish a genuine cybersecurity culture throughout your organization.

We look forward to meeting you!

Share this article