Emphasize Education in Your Cybersecurity Strategy

Blog

A recent report by the Council of Economic Advisorsestimates malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.

Jan 02, 2024

Cybersecurity

A recent report by the Council of Economic Advisors estimates malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.

"Cyber threats are ever-evolving and may come from sophisticated adversaries," the council wrote in its report. "Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate."

What are the sources of this mounting cyber-threat? A range from cybercrooks victimizing individual citizens with social engineering techniques and corporations with ransomware to international cyber-espionage between our nation and “bad actors” in countries such as Russia, China, Iran and North Korea.

Industries most targeted? Manufacturing, government, healthcare and finance. The healthcare sector, in particular, has suffered record numbers of data breaches in recent years, prompting renewed attention to compliance with HIPAA regulations.

How did the problem grow so large? A mix of factors contributes to today’s escalating cybersecurity crisis from the dynamics of globalizing cyberspace to the diversifying spectrum of emerging technologies. But two clear conclusions can be drawn from the current melee of malicious activity:

  1. Every organization needs to develop “cybersecure corporate culture.”
  2. Managing cybersecurity without expert support is a continuing challenge for any business operating at any scope on any scale.

We believe adopting a strong framework for guiding policies and processes is a critical key to addressing both imperatives, as advocated in our “Manual Malware” series of posts. And central to this effort must be cybersecurity awareness training.

How can you be sure to educate your organization properly? For insights, CIO magazine asked a group of tech executives. Here’s a digest of best practices they offered:

  • Involve Everyone at All Levels – No level of an organization should be exempt from cybersecurity training, especially the firm’s leadership. In fact, having top management participate in programs demonstrates the importance of the issue.
  • Design Interactive Programs –Handing out manuals or distributing slideshows alone won’t make much impact or send the right message about the urgency of the issue. Engage staff by working with them one-on-one whenever possible and conducting a lot of Q&A.
  • Require Commitment, Enforce Accountability – Equip staff with tools and clear instructions, and then solicit formal commitment to using those measures. To thwart complacency, there should be some form of concrete accountability if individual or organizational adherence to policy grows lax.
  • Eliminate Ambiguity – Identify specific actions that pose risks, such as using random flash drives, provide precise instructions for avoiding those dangers. Communicate this information to the company on a regular basis. Cyber crooks work fast to develop new attacks; you should work fast to keep pace.
  • Make Training Continual and Vary Techniques – Like any set of good habits, best practices in individual cybersecurity need repetition and reinforcement to take root. Stage training sessions more than once a year, and conduct other activities in the interim, such as newsletters, alerts, security checks, etc.


Emphasize Education in Your Cybersecurity - Strategy