MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Why Cyber Security Is Everyone’s Responsibility

cyber security

Human beings are a naturally cooperative species. We feel at home collaborating with others and working on successful projects together. This cooperation, this feeling of togetherness, helps to build more robust and smoother running societies.

Pulling together, in one direction, is also something that can help to build a cyber-safe organisation. However, making everyone understand that this shared responsibility is the reality of modern-day cyber security threat control is another matter.

To get to a place where we can tackle the increasing onslaught of cyber attacks, an enterprise needs to instill a sense that cyber security is everyone’s responsibility. However, how to make that a reality needs some thought and preparation.

Cyber Security Is About More Than Technology

Security attackers look for an easy ride; after all, why make life hard for yourself? The ‘easy ride’ comes in the form of cyber security attack scenarios that make use of a human being, usually an employee or business associate, to open the door to the corporate network.

Typically, cybercriminals use social engineering techniques and phishing to get inside the network, and once inside, cyber attackers can feast on data, install ransomware, and cause general havoc.

Researchers at Stanford University found that 88% of security breaches had an element of human error with employees often being unwilling to admit mistakes. The report also identified phishing emails as the cause of 25% of breaches, with phishing scams catching out employees using social engineering and psychological tricks to manipulate behaviour.

Compounding the success of the human element in cyber attacks, traditional security tools such as anti-virus software have been demonstrated to be only 50% effective at detecting threats. This double-whammy of social engineering, coupled with less than 100% effective security technologies, has led to IT teams understanding that they need a more holistic approach to protect resources.

Instead, security professionals know that to take on cyber attacks they must incorporate a mix of Security Awareness Training and technological measures led by robust policy enforcement.

Ultimately, everyone in an organisation has a part to play to create a protective layer against cyber attacks. The use of five core values helps to cement the responsibility of everyone within a company.

Create A Responsible Cyber Security Mindset Through Five Core Values

By recognising that cyber security is everyone’s responsibility and that employees are a crucial part of an effective cyber security strategy leads to the concept of the human firewall. This is an idea that is based on enabling employees to act as a shield against human-focused cyber-threats.

Employees are a target of cybercriminals looking for easy ways into an organisation. Effective and actionable responsibility requires the tools to protect against attacks that focus on employees; an empowered employee reduces the likelihood of a successful attack.

Building a robust human firewall requires a change in mindset. This mindset shift creates a culture of cyber security, built upon good security education and tools and measures that provide employees and other non-employees the means to help detect and tackle phishing and other scams such as Business Email Compromise (BEC).

This security-first mindset is upheld by the National Institute of Standards and Technology (NIST). A 2018 NIST publication “Security is everybody’s job” sets out five core values that are used to create a cyber security culture that NIST deems “critical” to a successful cyber security posture:

Core Value One – Mindset

NIST says that a culture of cyber security is fundamental to imbue the entire organisation with a security-first mindset. This foundation stone of enterprise security sets the scene for better security through awareness of the tricks and scams that lead to data exposure, ransomware, and other security breaches.

Core Value Two – Leadership

The tone for security responsibility must come from the top to encourage and enforce the security mindset needed to thwart cyber attacks.

This top-down leadership in security is being formalised, as Gartner, Inc., predicts that “by 2025, 40% of boards of directors will have a dedicated cyber security committee overseen by a qualified board member.” Leaders should lead by example, and act to influence and model good security habits.

Core Value Three – Training and Awareness

NIST recognises that a fundamental building block of a secure organisation is to implement Security Awareness Training. By educating employees on social engineering tricks and training them to spot phishing emails, employees can ‘slam the cyber-threat door’ in the cybercriminal’s face.

Core Value Four – Performance Management

The goals of the organisation must align with individual performance goals. NIST suggests using incentives and disincentives to help modify poor cyber security behaviour.

Core Value Five – Technical and Policy Reinforcement

Technical measures, such as multi-factor authentication (MFA) and password policies should be used to augment and enforce good security hygiene.

Cyber-Safety Through Cyber-Responsibility

Cyber security is everyone’s responsibility. But when you make someone responsible for something you must empower them with the tools to act on that responsibility.

To begin the process of becoming a cyber-responsible organisation, an enterprise must create a culture where security is second nature. Human beings are naturally cooperative, and a sense of responsibility can be cultivated by implementing the five core values from NIST, as shown above.

These values let you underline and enforce a sense of cyber security responsibility and provide employees with the means to meet that responsibility and act as a combined force against social engineering attacks.

Security Awareness Training for Third-Party Vendor

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

UK GDPR Series Available Now

Privacy is an ongoing concern for every organisation, however, the notion of consent isn’t without its complications. To help organisations navigate data protection protocols, we
Read More »

Seasonal Phishing Templates

Phishing is a year-round activity for cybercriminals, and just like retailers, they use seasonal events as an opportunity to cash in. Seasonal occasions, including St
Read More »

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations
  • All fields are required. No free emails.

  • This field is for validation purposes and should be left unchanged.