Cybersecurity Awareness Month: Digital Safety and LeadershipSecurity Practitioners Call for New Approaches to a Safer Digital World
October has been designated the Cybersecurity Awareness Month since 2004. During this month, various organizations - both public and private - engage in activities and campaigns to educate individuals and businesses about the risks and best practices associated with online security.
On the occasion of the 20th Cybersecurity Awareness Month, ISMG spoke to security practitioners and analysts to curate their messages for business leaders.
Cybersecurity Culture: Building a cybersecurity culture within the organization can happen only when we drive awareness from top to bottom. Cybersecurity leaders should encourage their teams to follow best practices for every activity they are involved in to support the business, said Dipti Shroff, AVP - security, Dentsu Global Services.
Consistent and Transparent Security Policies: A key challenge for the implementation of security policies - and compliance by users - is that security may be too restrictive in one area and too lax in another. CISOs need to rethink how they train and deliver policies to employees, said Nader Henein, VP analyst, Gartner. He advised a consistent and transparent approach so that employees do not have to "keep shifting from gear to gear."
Change the Approach to Awareness:Despite the prevalence of online security training, the pedagogy has remained stagnant, failing to effectively engage and resonate with people. People are not applying the lessons to their day-to-day functions, said Joseph Blankenship, VP, research director, Forrester. "We need to change the way that we think about cybersecurity awareness. We need to think beyond a once a quarter or year exercise and move to adaptive risk protection – and give users the tools to defend themselves," he said.
Implement What You Learn:Training by itself isn't going to change user behavior. So we have to ensure that all the learnings are implemented, said cybersecurity specialist Nilufar Alaskarli.
Make Collaboration a Priority:Brand reputation, customer trust and loyalty, operational stability and revenue growth are all interconnected to how you execute cybersecurity and how strong you make your cyber foundation. Therefore, collaboration across cyber, risk management and business units is critical to mitigate cyberthreats, protect business value, and sustain customer trust, said Tarun Kaura, partner and leader - cyber services, Deloitte India.
Create Playbooks and Systems: Organizations currently lack adequate playbooks and systems in place that helpdesk can use to guide users so that they don't get circumvented by cybercriminals who try to bypass security systems, said Ken Fishkin, information security and privacy evangelist.
- Dipti Shroff, AVP - security, Dentsu Global Services
- Nader Henein, VP analyst, Gartner
- Joseph Blankenship, VP, research director, Forrester
- Nilufar Alaskarli, cybersecurity specialist
- Tarun Kaura, partner and leader - cyber services, Deloitte India
- Ken Fishkin, information security and privacy evangelist | ISC2 chapter president