Intelligent CIO APAC Issue 22 - Page 26

• However , training regarding cybersecurity impacts employees ’ views and makes them more likely to take responsibility for their own role in keeping the organization safe .
Those who have received training are more likely to believe it is the employees ’ responsibility ( 16 %) compared to those who have not received training ( 11 %).
While in contrast , those who have never received training are more likely to believe it is the IT department ’ s responsibility ( 29 % compared to 17 %).
We asked Jacqueline Jayne , Security Awareness Advocate for APAC at KnowBe4 , further questions to find out more .
What are the reasons for employees being unaware of who is responsible for cybersecurity ?
Historically the IT Department has been responsible for cybersecurity . The attack vector has increased exponentially over the last 10 years . Technological developments , increased Internet speed , accessibility , the growth of mobile devices and more recently the move to remote working has meant that cybersecurity is literally on the move as we take our devices everywhere with us .
As a result , the responsibility when it comes to cybersecurity has spread from IT to literally everyone in an organization . IT remain the subject matter experts , policymakers and strategists in this space . However , with the increased level of risk and threats , we all have a role to play .
What is the best way to educate employees about their cybersecurity responsibilities ?
The proven and most effective way to educate employees about their cybersecurity responsibilities is with an on-going , relevant and engaging cybersecurity awareness and education program . This includes a whole organization approach with executive buy-in , change management principles , training , conversations , communication and an opportunity to apply new knowledge with simulated social engineering ( such as phishing emails ). Also , make sure you explain the WIIFT ( What ’ s In It For Them ) – telling people to do something without a reason why just won ’ t work .
Why is training such a positive move when it comes to helping employees keep their organizations safe ?
You don ’ t know what you don ’ t know . Continuous knowledge leads to awareness which after time will result in a change of behavior . Employees will be grateful that their organization is taking the time to keep them safe online as there are so many transferable skills that can be applied at home , with extended family and friends and especially with keeping our kids safe online .
Why is a combined approach to cybersecurity so important ?
Let ’ s look at a non-cyber analogy . When you learn to drive a car the first thing you need to do is theory – the road rules . Then , you need to pass a test to obtain your learners permit where you can start to drive a car with a licensed driver for about 12 months . Then , there is another test to make sure you can apply everything you have learned about the road rules and can safely drive a car .
During this test , you need to demonstrate what you have learned . Here in Australia , it could take you three years until you can drive by yourself ( without an L or P plate on your vehicle ). Even after this , there are reminders on the road , safety campaigns from the local government ( Drink and Drive , You ’ re a Bloody Idiot ), speed cameras , red-light cameras , changes on the roads etc .
This study was conducted online between December 2 and 7 2021 . The sample comprised of : 1,045 Australian office workers ( any industry ); 204 Australian IT decision makers ( any industry ); 1,012 Singaporean office workers ( any industry ); and 200 Singaporean IT decision makers ( any industry ).
It never ends . Taking a combined approach when it comes to cybersecurity is very similar . We all need to know the cyberthreat landscape , what red flags we need to look for , how to avoid the dangers , have an opportunity to apply and demonstrate our new knowledge , understand that it will take time for us to do ‘ all the things ’ naturally as behaviour change takes time . Even when we are at the top of our game , know all the red flags to identify a scam email or disinformation on social media , there is always something new to learn as cybercriminals are always changing the rules . p
26 INTELLIGENTCIO APAC www . intelligentcio . com