In this series of blogs, I’ve been looking at how cybersecurity professionals can help bridge the security perception gap. This gap was identified in Accenture’s latest report on the subject, which revealed that while the majority of security professionals are confident in their cybersecurity strategy the fact is that one in three breaches are successful.So, businesses need to reframe their perceptions of just how secure their organisations actually are; before rebuilding their security capabilities. For me, a huge part of this change must be around creating a culture of cybersecurity awareness across the entire enterprise. This is because employees play such a critical role in the threat landscape.
Employees: a key link in the security chain
If untrained, and unaware of security issues, employees can inadvertently take actions that enable a security breach – such as downloading a malicious link or failing to password-protect files. And sometimes, of course, these breaches are intentional: 45 percent of security professionals we spoke to say that the greatest security impact comes from malicious insiders.
Conversely, an educated and security-savvy workforce is a huge advantage. In our report, we found that employees are often the first line of defence when it comes to cybersecurity – in fact, internal security teams detect only 62 percent of security breaches. For breaches not detected by the security team, the company learned about 43 percent of them from employees.
It’s therefore surprising that cybersecurity training for all is not as widespread as you might think. When we asked our panel of security experts what they’d like to spend more money on if extra budget was made available, only 6 percent selected cybersecurity training. The problem is that all too often cybersecurity is seen as the sole responsibility of the compliance or security team. This view needs to change if organisations are to be as secure as possible.
Building the right culture
At Accenture, we’d like to see companies prioritise employee training as a fundamental element of their cybersecurity strategies, and to get across the message that everyone needs to integrate secure behaviours into their everyday activity. In our digital age, all employees need to understand the value of protecting customer and colleague information, and their role in keeping it safe. They also need a basic grounding in risks and how to make good judgments when online. The key is helping people realise that cybersecurity is a key part of their own work and not something they can simply trust to IT.
The need for leadership
Of course, such a change demands investment and support from the c-suite. Employees will always follow the example of their business leaders and the cultural environment these leaders establish. The role of CISOs and CIOs is to build this c-suite support by communicating just how critical an enterprise-wide, cultural approach to security is in combatting today’s complex threat landscape. It will also help realign perceptions across the organisation to ensure they fit better with the realities of modern cybersecurity.
Read the full report, Building Confidence: Facing the Cybersecurity Conundrum.
Alternatively, if you’re interested in finding out more about how Accenture could help your organisation with their Cybersecurity Strategy contact Sanjeev Shukla.