Explore the website

Get email updates with every new article published

Looking for something?

No posts to display

Explore the website

Get email updates with every new article published

Looking for something?

No posts to display

Monday, December 23, 2024

Tech News, analysis, updates, comments, reviews

Explore the website

Get email updates with every new article published

The Cybersecurity Culture

There’s an ever present theme in my discussion about cybersecurity; Cybersecurity should be a culture.

You see, when most people talk or hear about Cybersecurity, they immediately almost associate it to the opposite of hacking. Inasmuch as that has some truth in it, it leaves a lot to be desired.

By definition, it means the practice of deploying people, policies, processes and technologies to protect organizations, their critical systems and sensitive information from digital attacks.

This shows that it is not only a people-problem. It is an entire department in itself. It has procedures, processes, systems and personnel, not to mention specific skills.

What I mean when I say it is a culture, is that it is not a do-once and forget thing. It is a do-and keep doing process. One that keeps changing, sometimes too fast and too quick.

The culture

In an organization, to ensure maximum compliance to security, a security posture has to be developed and embedded to the actual duties of each staff. Every checklist must not be missed or else a breach occurs. And as we know, it only takes a single point for the entire system to be compromised.

Password security, email security, physical security, phishing tests, security policies, are all procedures that once done several times, seem okay and obvious that most employees them repetitive and therefore abandon them.

One way to make them feel non-obstructive is by making them enjoyable, and shuffling activities every time an activity is done.

Once your employees get that they need to change their passwords every 90 days, that they will not open links they don’t trust, etc. it becomes embedded in them. It becomes an identity they can identify with. It becomes a culture. They then can spread this to other people, friends, colleagues, etc. and when your employees are indoctrinated to this culture, your CISO will have an easier time managing your Cybersecurity posture.

It will mean less security incidents, less money on recovery, more efficiency, cleaner reports, increase customer trust. Today, this can hugely benefit fintechs, as they are the ones with the most trust issues right now.

Final thoughts

Cybersecurity is slowly getting the voice it needs in our boardrooms, but still the accountability lies primarily with leaders in IT.

For instance, there’s still an ever growing gap in Cybersecurity professionals globally. Companies are not changing their hiring procedures and requirements, meaning that this is going to go on for a while.

And mind you, companies are now more than ever prone to cyber attacks. This is due to the mass migration to digitization of business processes, having more sophisticated systems and the de-centralization of systems, like the cloud architecture.

Cybersecurity mostly fails because of lack of adequate controls. No organization is 100% secure, and organizations cannot control threats or bad actors. Organizations only control priorities and investments in security readiness.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

Continue reading

Salesforce Flaw Allows Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications, which could potentially lead to a full account takeover. The flaw was identified during a penetration test and is tied to misconfigurations within Salesforce Communities, specifically within the Salesforce Lightning...

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.

Exit mobile version