One of the most valuable commodities in the twenty-first century is data security. While information security may appear to be solely the responsibility of IT professionals, employees play an important part in ensuring that corporate or employee data is safe and secured against unauthorized access, inspection, or destruction.
Many information security awareness programs have traditionally been delivered to just “tick a box,” and as a result, the workforce views them as just another administrative exercise. They speed through the questions in order to get back to their regular jobs, only to return the following year. Cyber threat actors, on the other hand, continue to alter their techniques as technology advances, taking advantage of human error, ignorance, and deception.
“Having IT teams report into security departments is a model that will definitely start gaining traction in the industry,” says George Gerchow, Chief Security Officer at Sumo Logic. Furthermore, he predicts that by 2030, 50% of the industry will be operating this way. With the tech sector leading the way, this will affect companies everywhere – from FinTech to healthcare. With all organizations trying to become software companies, it’s time for them to behave like one.
Also Read: Three Cybersecurity Threats IT Leaders should Watch in 2022
George hopes that by 2040 security departments don’t even exist anymore. What this means is that organizations will have security programmed into their entire systems so that everyone follows the best security practices and behaves in a secure fashion. “With more and more hygiene in security, this concept is going to grow and eventually happen,” adds George Gerchow.
Furthermore, the COVID-19 situation has compelled organizations to function remotely, putting the organization’s critical data at greater risk. According to a 2020 Gartner survey, 82% of CEOs expect to allow staff to work remotely at least part of the time after the pandemic, with 47% allowing employees to work remotely full-time.
As firms move toward long-term remote or hybrid work arrangements, enhanced measures to protect, identify, respond, and recover from a cyber-attack or data breach are more important than ever. So, how can companies foster a security culture within their company?
Make security personal
Employees are the first line of protection against criminal actors and cyber-attacks. Companies should encourage employees to consider safeguarding themselves and their families, not simply the company, against a cyber-attack. To aid in this, businesses should create innovative programs and think outside the box in order to develop a sense of responsibility among their employees in the face of cyber-attacks.
Also Read: Three Cybersecurity Threats IT Leaders should Watch in 2022
Security awareness campaigns should be implemented
According to IBM Security’s 2020 “Cost of a Data Breach Report,” having a remote workforce increased the average total cost of a data breach by $137,000, resulting in a global average cost of $3.86 million. Hackers can spend months attempting to figure out who their targets are and then hack them. In exchange, they are willing to spend thousands of dollars on advanced IT control but not on an effective awareness program. Employers should therefore treat information security awareness training as a precondition for altering behavior and invest in security awareness programs that benefit their employees professionally and personally.
Teach the concept of cause and effect
Creating an engaging environment in which employees can learn about information security can go a long way toward ensuring that the training program is taken seriously. When employees are made aware of the financial and reputational costs of cyber-threats, they are more likely to understand the relationship between their actions and the results. The goal of such campaigns should be to modify employees’ behavior rather than to close a loophole or check a box.
For more such updates follow us on Google News ITsecuritywire News
