Monday, May 27, 2024

Tech News, analysis, updates, comments, reviews

The Cybersecurity Culture

There’s an ever present theme in my discussion about cybersecurity; Cybersecurity should be a culture.

You see, when most people talk or hear about Cybersecurity, they immediately almost associate it to the opposite of hacking. Inasmuch as that has some truth in it, it leaves a lot to be desired.

By definition, it means the practice of deploying people, policies, processes and technologies to protect organizations, their critical systems and sensitive information from digital attacks.

This shows that it is not only a people-problem. It is an entire department in itself. It has procedures, processes, systems and personnel, not to mention specific skills.

What I mean when I say it is a culture, is that it is not a do-once and forget thing. It is a do-and keep doing process. One that keeps changing, sometimes too fast and too quick.

The culture

In an organization, to ensure maximum compliance to security, a security posture has to be developed and embedded to the actual duties of each staff. Every checklist must not be missed or else a breach occurs. And as we know, it only takes a single point for the entire system to be compromised.

Password security, email security, physical security, phishing tests, security policies, are all procedures that once done several times, seem okay and obvious that most employees them repetitive and therefore abandon them.

One way to make them feel non-obstructive is by making them enjoyable, and shuffling activities every time an activity is done.

Once your employees get that they need to change their passwords every 90 days, that they will not open links they don’t trust, etc. it becomes embedded in them. It becomes an identity they can identify with. It becomes a culture. They then can spread this to other people, friends, colleagues, etc. and when your employees are indoctrinated to this culture, your CISO will have an easier time managing your Cybersecurity posture.

It will mean less security incidents, less money on recovery, more efficiency, cleaner reports, increase customer trust. Today, this can hugely benefit fintechs, as they are the ones with the most trust issues right now.

Final thoughts

Cybersecurity is slowly getting the voice it needs in our boardrooms, but still the accountability lies primarily with leaders in IT.

For instance, there’s still an ever growing gap in Cybersecurity professionals globally. Companies are not changing their hiring procedures and requirements, meaning that this is going to go on for a while.

And mind you, companies are now more than ever prone to cyber attacks. This is due to the mass migration to digitization of business processes, having more sophisticated systems and the de-centralization of systems, like the cloud architecture.

Cybersecurity mostly fails because of lack of adequate controls. No organization is 100% secure, and organizations cannot control threats or bad actors. Organizations only control priorities and investments in security readiness.


Por favor ingrese su comentario!
Por favor ingrese su nombre aquí

Get notified whenever we post something new!


Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Google I/O 2024 Unveils the Future?

Google I/O 2024 was an impressive showcase of how Google continues to push the envelope with artificial intelligence. This year's event introduced significant advancements across multiple services and platforms, demonstrating Google's commitment to an AI-first future. Below, I try...

On-Premises vs. Cloud Security

As usual, we begin by championing cybersecurity. It stands as the foremost concern for organizations striving to safeguard their sensitive data and digital assets. Among the many strategies available, two dominant paradigms have emerged: on-premises security and cloud security....

Regulation Insights from Starlink’s in Zimbabwe

In recent times, the journey of Starlink, Elon Musk's ambitious satellite internet venture under SpaceX, has been marked by regulatory challenges, particularly in Zimbabwe. Meanwhile the Posts and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) issued a directive instructing Starlink...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.