Cyber attacks are on the rise, threatening infrastructure, supply chains, brand reputations, and revenues. Of these breaches, over eighty-two percent involve the human element.Given this statistic, it is evident that technology alone is not a viable solution. To confront new and emerging threats, workforces and leaders need increased visibility into areas of weakness and practical strategies for filling these gaps.To illustrate how organizations can prepare their people to better combat cyber threats, I sat down with Christopher Porter, CISO at Fannie Mae, and Ed Amoroso, CEO and Founder at TAG Cyber, to discuss actionable solutions on a recent webinar.
Think Outside the Ticked Box
Research resoundingly demonstrates that tick-box compliance doesn’t alter human behavior, which is why a people-centric approach to cybersecurity is necessary. To safeguard revenues and brand reputations against cyber risk, a behavioral psychology lens must be applied to better understand adult learning and application across teams and individuals.By offering employees continuous upskilling through real-life cyber simulations, leaders can discover and fill cyber capability gaps before it’s too late. This experiential shift not only drives exercise engagement, but also creates a learning environment that allows individuals and teams to assess outcomes and explore different decision-driven pathways.This approach to cybersecurity is more meaningful and effective compared to one-off training sessions or expensive certification programs.
Exercise, Exercise, Exercise!
It’s no secret that skills atrophy, and cybersecurity skills are no exception.To ensure people are adequately prepared for a cyber attack, organizations must employ continuous training exercises that span the entire enterprise. When executed cyclically, cyber simulations can highlight areas in need of improvement for teams, individuals, and processes.Armed with this data, organizations can target specific skill sets, increasing overall performance outcomes and building confidence. These metrics can then be compared against industry benchmarks, enabling organizations to truly prove their level of cyber resilience both internally–to Boards and C-level executives–and externally to other key stakeholders.
Create a Cybersecurity Learning Culture
To truly encourage employees to embrace cybersecurity best practices, organizations must prioritize developing a culture centered on learning. By offering education at every juncture of an employee’s career, skills are constantly growing and evolving.This focal shift to a people-centric learning first culture also alleviates blame placed on employees if a cyber breach does occur. Rather than enacting punitive processes, the organization as a whole will look for solutions and learning opportunities that can be applied to eliminate risky behaviors in the future.Interested in learning more about how to prepare your people for cybersecurity success?Watch the webinar HERE.