Cybersecurity is a big challenge for most organizations - so we need to fix the culture first. Source: Shutterstock

Cybersecurity is a big challenge for most organizations – so we need to fix the culture first. Source: Shutterstock

The WEF believes that CXOs need to create a culture of cybersecurity

LIVING in the digital world means defending against cyberthreats on a daily basis.

CXOs and business managers understand that and, as a result, are constantly investing in new tools and creating new strategies to protect themselves better.

According to a new report, The Cybersecurity Guide for Leaders in Today’s Digital World by the World Economic Forum (WEF), one of the most important things when defending against threats in cyberspace is to build a strong culture of cybersecurity within the organization.

The WEF acknowledges that users, even those in an enterprise ecosystem, move between devices and networks when accessing sensitive data and corporate applications — and that gives rise to several cyber risks.

Climbing the digital maturity curve means that employee’s access cannot be limited or restricted, but equally, it means that greater emphasis must be placed on employees acting as custodians of the organization’s digital boundaries.

“Keeping an organization secure is every employee’s job,” claimed the WEF report, and reminded business leaders that “[…] this puts users in the first line of defense and recognizes the critical role all employees play in the organization’s security.”

“It is important that the security rules and the technology provided enable users to perform their job as well as help keep the organization secure.”

WEF cited another study that said 48 percent of all compromised records were linked to human error and misconfigured IT services.

In a bid to defend against external actors in cyberspace, organizations and business leaders often neglect the threat that internal actors pose — both, intentionally as well as unintentionally.

Clicking on a link in an email or plugging in a USB device offered as a ‘freebie’ at a conference might cause significant damage to an organization if users are not careful and don’t take the precautions necessary to protect their device and sensitive data they have access to.

In order to defend against internal threats, the WEF suggests that businesses develop user awareness and training tailored to the business context and for different user groups across the organization.

Training and development for cybersecurity is something that has consistently proven to be ineffective in the past — however, that was in an era when breaches weren’t as common as they are today.

Now, employees are just as concerned about cyberattacks as businesses and seem to take cybersecurity training more seriously. To make the training even more effective, the WEF recommends streamlining awareness campaigns by leveraging diverse and novel ways for better engagement and penetration across the organization.

Finally, the WEF understands that fostering a strong culture of cybersecurity is hard, especially as attacks get more sophisticated.

As a result, CXOs, when demanding that employees be more vigilant, are advised to adopt the stick and carrot approach and incentivize employees for participating in the awareness campaign and reporting suspicious activity.

Of course, that also means employees must be penalized, especially if they’re repeat offenders, in line with the organization’s code of conduct.

Through the report, the WEF shares that CXOs and managers should aim to build organizations where a basic knowledge of cybersecurity is mainstream and accepted by every member of staff across hierarchies and functions.