No Phishing

Linked: How to Build a Rock-Solid Cybersecurity Culture

posted in: Links, Tech 0 |
Reading Time: 2 minutes

I find this approach to building awareness around refreshing, because I’m betting the answers to these questions may not be what you’d expect:

“Go ahead — survey a few co-workers with this question,” says Gamblin, a principal engineer with Kenna Security, as he plants his tongue firmly in his cheek. “Were you satisfied with the answers? Did they understand clearly what your organization collects and why it’s important to protect it?”

Ay, and there’s the rub. The lament of so many CISOs and managers around the globe is this: While the organization may claim to care about security, do those within it understand why? Do they know what is truly at stake should a breach or security incident occur?

I would take it even one step further, and ask whether they even care, but that might just be me being cynical. 😉

The thing is, most people in your business are there to simply do their jobs, get paid, maybe built up some nice resume-fodder, network, and move up. Understanding what your business collects, why it collects it, what value it has, and what damage would be caused by not keeping it secure is, in many cases, just not part of the day-to-day reality of coming to work. So, they don’t think about it. Oh yeah, they get the memos, and they know there’s some nebulous “bad” thing that might happen if they were to be the one who gets phished, but in reality, they don’t care that much beyond just how it impacts them personally.

The more we can help people understand how it does impact them, and their job, personally, the more likely they will start to care enough to pay attention. Until then, well we see what it looks like out there now.

It’s only going to get worse if the people who have your don’t know why they should care about keeping it safe.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.