As we launch a new year and continue on the path of digital immersion in our everyday lives, personally and professionally, it’s a great time to plan for awareness in 2022.
In America, 90.3% of the population have access to the internet, which means in the last 20 years, internet usage has increased by 1266%. Additionally, 96% of Americans shop online, at least 1 time per year. The global pandemic forced many leaders to pivot their strategies to manage the changing regulatory, social, economic and technological environments. Many argue that digital consumption and remote work are here to stay, therefore, moving your organizational culture to a cybersecurity-focused culture should be a high priority if you haven’t already done so.
Last year was a record year for cyber attacks. A recent article in Forbes magazine highlighted some cybersecurity nightmares such as supply chain hacks, vulnerabilities of the Internet of Things (IoT) and the continued proliferation of phishing, ransomware, social engineering and insider threats. The last, insider threats, highlights the importance of having a solid, consistently monitored and managed cybersecurity plan. The “great resignation” stemming from the pandemic had many more employees quitting after reevaluating their life, how they were treated during the pandemic and their work-life balance.
Adopting a cybersecurity culture will focus on the role employees play in the organization, engagement and training activities which likely result in a happier and more secure workplace. But this type of culture starts at the top with the CEO leading the charge, not just with words but through actions.
A cybersecurity culture is an important element in a company’s security strategy. The security culture is foundational to its ability to protect information, data and employee and customer privacy. This is not a short-term goal, it requires a long-term view by focusing more on communication and culture than demands from IT and new policy mandates. The new remote working trend has caused many companies to have challenges with communication and training programs, and see an emergence of new security issues and concerns. The distributed workforce resulted in a drastic increase in Covid-19-themed phishing campaigns impersonating trusted brands like Netflix, Microsoft and the CDC to commit fraud.
So how do you plan for awareness? It starts with people. There are seven dimensions your business can evaluate to nurture a strong security culture:
Attitudes: What are employee feelings, beliefs, and understanding about security protocols and issues.
Behaviors: How do employee actions impact security directly or indirectly.
Cognition: Do employees understand, have the knowledge and awareness of security issues and activities.
Communication: How well do your communication channels promote engagement and offer support for security issues and incident reporting.
Compliance: Do employees have knowledge and support of security policies?
Norms: Are employees aware of and adhere to unwritten rules of conduct related to security?
Responsibilities: How do employees perceive their role as a critical factor in helping or harming security for your business?
A cybersecurity culture is essential as we move forward in today’s digital society and tomorrow's metaverse. By focusing on a cybersecurity culture, businesses can better adapt to the rapidly changing threat landscape. Prioritizing your bottom line and ignoring your people; you are likely to watch the decline of your business as a result of ransomware, data theft, business interruption, decline in reputation and lack of trust by employees, vendors and clients alike.