Most businesses struggle with cyber protection strategies that enlist stakeholders and key employees as critical components in their resiliency roadmap. On the physical security side, security experts across the world have expertise to protect facilities and experience assuring vigilance within an organization. They have learned to guide and advise personnel to assist in the process of reducing physical risks. Whereas on the cyber side, the widespread ever-changing entry ways and emerging opportunities for cyber exploitation requires a new kind of strategy.
Our dependence of cybersecurity tools, reliance on traditional intelligence and law enforcement approaches will not lead organizations to the “network resilience” results they desire. Ultimately, we have learned that employee participation in the security process is paramount in effective security management. Hence, the Department of Homeland Security’s (DHS) slogan “See Something, Say Something.”
The numerous frameworks and security mindset supporting risk management practices will not make employees competitive in efforts to keep hackers out. Generalized security practices and IT compliance training will not assure critical asset, systems and networks function as they are intended to do.
The lessons learned from physical events have assisted in creating the assessment and continuity practices we employ today. With a building, we can see if people are coming in or going out. Barriers can be erected that can physically stop a person for passing. However, the ability of cyber exploits to ride legitimate functions of networks creates a different dynamic when attempting to identify intruders.
Corporate officers, ranging from the members of Boards of Directors to the Chief Information Security Officer, are seeking cost effective methods to reduce cyber risks. The employee is the answer and needs to move from employee to team member. This transformation is critical as more exploits are targeting the worker than ever before. It starts however with a strategic approach to training.
Developing a culture of cybersecurity provide a cost-saving realized through cybersecurity capacity building that makes everyone a “partners.” Engaging them requires training. A lack of awareness by employees, regarding their role in cybersecurity, will minimize their vigilance, and ultimately their assistance. The employer essentially negates in-house assistance and the opportunity to create a force multiplier.
Employees should know that hackers can gain enough information to impersonate legitimate business associates and community partners. With personal information, hackers can build communications appearing to come from legitimate sources. Thus, employees can be moved to take an action because of their confidence and faith that the impersonator is making a legitimate request, or order.
The communications and coordination across technology, policy, operations, and strategic leadership areas have become key to assuring cyber resilience in these business areas. The increased value of data, connectivity of systems and growth of social media exacerbates opportunity leading to a successful breach.
Although all employees are usually provided IT compliance training, their part in cyber risk reduction is lost on the general workforce. Bringing them into the cybersecurity resilience strategy means creating an expectation of security among them. If employers fail to realize now that every employee is a “key employee” in the new digitized work environment, the organization will financially and reputationally pay a cost later. Every employee requires the training and inclusion in the security process to effectively secure critical environments. There is a net return when you invest in employees. Their understanding of cyber threats, and the consequences that result from successful exploits, makes them powerful no matter their pay grade or position.
The goal is to enhance protections against electronic systems disruption and unauthorized access to corporate and personnel data. When a breach does occur “all-hands on deck” should tie to a metered strategy that is backed by employees who are conditioned to readjust services. Their recognition and ability to provision service offerings on the fly will assist in maintaining regulatory compliance and providing information to responding cyber experts. This makes it easier to bring affected systems back to near normal operations a lot sooner.
As a former DHS cybersecurity planner, I am afforded opportunities to simultaneously take a broad look at the security threats facing critical infrastructure, and how the risk is being managed. My work with critical infrastructure organizations across all sectors still provides a “birds-eye” view of unfolding approaches to managing cyber threats. This is how I am sure resilience is only achieved when we go beyond IT compliance training. Don’t find out the hard way that you can’t just depend on cybersecurity professionals to build a resilient network. We are only as strong as our weakest links, but stronger when we weave them together.
This is timely for mycrowd on FB-*applause*!
whoah this blog is wonderful i like studying your articles. Keep up the great work! You know, many persons are searching round for this info, you could help them greatly.
Appreciate the recommendation. Will try it out.
I cannot thank you enough for the article post.Really thank you! Great.
Kendall,
Thank you for the encouragement. Stay well!
I definitely wanted to compose a simple word in order to express gratitude to you for all of the nice ways you are showing on this website. My extensive internet research has now been recognized with professional facts and strategies to write about with my family and friends. I would express that we website visitors actually are undeniably endowed to exist in a remarkable community with very many wonderful people with great plans. I feel really fortunate to have come across your website and look forward to plenty of more amazing minutes reading here. Thank you again for all the details.
I am sure this piece of writing has touched all the internet visitors, its really
really fastidious post on building up new web site.
I’m gone to inform my little brother, that he should also pay a quick visit this weblog on regular
basis to get updated from hottest information.
We need to get the world out so people can protect themselves. The more readers the better.
Participo en algunos sitios de encuestas en línea y nunca he oído hablar de YouGov o algo similar. Parece algo nuevo para probar y también me gusta el sistema de recompensas. Bueno, buena suerte, gracias por el post y la revisión honesta y pronto estaré revisando YouGov. -Jason