the biggest security gaps in every business – people . People are often the weakest link . The ones who click on the link , who open the phishing email , who share their company passwords and who accidentally create vulnerabilities within the organisation .”
A recent study undertaken by KnowBe4 examined the behaviour and security culture of more than 97,000 employees across 1,115 organisations worldwide . The study dug down into the components and building blocks of security culture and unpacked
There is a clear link between security culture and secure behaviour , and that , in itself , correlates to a clear reduction in risk for the organisation
how this has become a critical component for any robust security structure in a detailed whitepaper .
“ IT leaders have always known exactly how important people are to the perfect security triumvirate – people , process and technology . But , over the years , process and technology have been pushed to the forefront of investment and conversation , leaving the human element wide open and the business at risk . The reason for this shift is multifold – it ’ s hard to engage with a diverse workforce and the security message is not always that exciting ,” added Collard .
Yet , the research found a very clear proof that a robust security culture reduces the risk of credential sharing and improves the entire organisation ’ s security posture . In fact , it found that there was a 52 times difference between the behaviours of people sharing credentials in a poor security class and the best which highlighted how a focus on security culture can significantly change the way employees adopt secure practices and behaviours . Which again underscores the value of setting up a security culture programme that explores the seven dimensions of security culture and how these can be improved within the organisation .
These seven dimensions include : attitude , behaviour , cognition , compliance , communication , norms and responsibility . And they provide the organisation with a solid framework within which to build an equally solid security culture that has longevity and relevance .
“ The more that the business focuses on security culture , the more likely it is that employees will follow secure practices and adopt more secure behaviours ,” said Collard . “ This ground breaking research has provided a very clear and measurable link between security culture and secure behaviour and emphasises the value of investing into people , training and security communication best practice to ensure that this link is always maintained .” •
INTELLIGENT TECH CHANNELS
INTELLIGENT TECH CHANNELS Issue 39
39