With rising incidents of malicious cyberattacks and growing complexity of the threat landscape, organizations can’t stress enough on the need for a strong cybersecurity culture.
A recent report by (ISC)2 reveals what it means to have a resilient cybersecurity culture based on a study it conducted among 250 companies of various sizes with a solid cybersecurity track record.
The study set out to determine what these organizations do to better prepare their defences against cybersecurity threats so that organizations can learn from them on how to better secure their critical assets and build a resilient cybersecurity culture.
So, here’s what these 250 organziations are doing right that can serve a lesson for other companies to emulate.
Investing in People & Technology
People and technology form the pivot of a strong cybersecurity culture. Around 51% of the companies surveyed indicate that their company employs a dedicated cybersecurity staff, which they believe is critical to cyber readiness.
In building an effective internal cybersecurity team, the organizations focused on hiring certified professionals and providing continued cybersecurity training and promotional opportunities to the scurity staff. Almost 70% of organizations in the study give priority to hiring certified security professionals and 70% give priority to training and promoting them from within.
To strengthen their security teams once built, participants in the survey place a strong emphasis on offering training and certification opportunities to employees (57%), followed by cross-training on cybersecurity skills and responsibilities (55%). Attracting the right talent ranks lower (48%), which implies these organizations are confident in their ability to retain and properly train their cyber security professionals.
Interestingly, investing in technology ranks highest on the list (62%), so even though they view skills development as important, these companies do not overlook the need to invest in the right technology tools.
Ensuring Top Management Focus and Commitment
Top mangement’s commitment to cybersecurity has emerged as the other key element contributing to building a resilient cybersecurity culture within an organization.
The study of the 250 organiztions re-itertes this fact with around 97% of the organizations studied indicating that their top management understands the importance of strong cybersecurity practices and reinforces those messages with the staff. Around 96% indicate that their policies align with their board of directors’ cybersecurity strategy. This is not surprising considering cybersecurity is increasingly becoming a board issue.
The study states that gaining top management’s awareness and recognition for the importance of cybersecurity and aligning policies with corporate strategy can create more confident, effective and resilient cybersecurity teams and create a positive effect on the confidence to defend against threats.
Utilizing and Empowering the CISO
The presence of a strong and empowered CISO can go a long way in building resiliency into an oganization’s cybersecurity culture. In the study, almost almost 86% of the organizations that consider themselves adequately staffed with cybersecurity talent employ a CISO. Successful organizations overwhelmingly report that they employ a CISO and in many cases, that person reports directly to either the CEO or the Board of Directors.
However, who the CISO reports to may not be the best indicator of his/her empowerment within the organization. The study adds that who CISO reports to may be less important than ensuring they have the ability and resources to influence change and make cybersecurity a strategic priority.
(Image Courtesy: www.ciri.illinois.edu)