Why is a Cyber aware culture important in any company?
Cyber-attacks like ransomware are more successful than ever - and this even though companies invest a lot of money into their defence measures. This trend plus the fact that 90% of all successful cyber-attacks start with human error, makes it more important to focus on the human factor of security. This requires more than classic awareness training.
Von Andreas Wuchner, cybovate AG
In recent years, the industry has invested a lot of money in IT security. The focus has almost always been on technology. Despite all this investment,the number of successful cyber attacks has increased. As a result, cyber insurances are becoming more and more expensive because the number of claims and, above all, the amount of damages are increasing. One reason for the successful attacks, despite all the technology, is that most companies neglect the human factor: Technology is used and operated by people. The technology calculation only works if - the user is trained, assumes responsibility, and the organization has established the appropriate culture.
The Cybercrime Threat Response Report of Interpol shows a significant increase in ransomware attacks against computer and mobile users, companies, and organisations of all kinds. Such attacks are successful because users simply click, and existing technical solutions have clear limitations. At the same time simple awareness training with computer-based tests combined with phishing simulations are not enough to prevent such attacks. This approach helps companies demonstrate compliance on paper - but it does not bring any real security gain nor does it anchor a security culture in the company and among the employees.
Cybersecurity culture: looking at all factors
Behind the concept of cybersecurity culture is an end-to-end consideration of all factors that form the basis of why we do what we do and why we decide in the first place to take action. Knowledge, attitude, assumptions, values, and pressures are all part of it.
It is people that make an organization secure, not the technology used – although the addition of technical defenses is necessary. However, it is mostly the users who fall for targeted cyber-attacks. This means that employees are often seen as the weakest link, while in reality, they can be the strongest defense mechanism if educated well.
For this reason, it is fundamentally important to create an environment in which employees and users are well trained and feel secure in dealing with digital media - both at their workplace and at home.
Building on existing strengths
Cybovate, together with its partner CybSafe, offers a platform that allows companies to approach the issue of cyber security holistically. Once the existing corporate culture has been analyzed and understood, CybSafe builds on existing strengths with targeted measures, influences user’s routines and creates a link between personal and business related activities within the digital interactions.
CybSafe’s cloud-based platform can be accessed from anywhere. Access is available on the go on any mobile device within the CybSafe app. A user’s learning journey has long surpassed just the workplace. Modern solutions must allow users to find answers to current questions when they need them, at any time and wherever they are.
Trained employees, customers, and partners who feel safe but also have the necessary skills and support at hand, move an organization forward. Confidence and self-assurance in one's own abilities make a difference, and this is no different in private life. In this context, one often encounters the term "cyber hygiene", which describes very well what is at stake. Once the secure handling of digital media and devices has become standard, an organization can concentrate on the essentials of its business; supporting the digital transformation of any company.
Employees are part of the solution
For this transformation to succeed, behavioral change is needed. Organizations have to look more closely at understand the interplay of ability/knowledge, motivation and the environmental variables such as values and pressure. This is the only way to actively support each employee.
The CybSafe platform is based on three pillars:
1. insights and best practices derived from the psychology of behavioral change
2. Scientifically validated understanding of what works in behavioral change and why
3. People-centric to keep users productive and safe at work
Behavioral change is challenging for all of us. We humans are creatures of habit and influencing our behavior, let alone changing it, is difficult and complex. Anyone who has ever been on a serious diet is intimately familiar with this problem.
Picture: COM-B-Modell - a framework to understand behavior
However, the founders and employees of cybovate firmly believe that it is absolutely worth-while tackling the challenge. Our company helps people protect themselves online, offline, at home, on the road, and at work.
Most "training and awareness" tools on the market only focus on imparting knowledge. But just because you know you want or need to lose weight, and even despite knowing how to go about it, you haven't lost weight. Therefore, these tools fail time and time again: they may achieve compliance and a sense of measurability is instilled by tracking click-through rates - but understanding and cultural change is not created this way. One cannot state with confidence whether the resources invested in these campaigns have generated any value at all.
The NCSC and CIISec accredited CybSafe platform comes with three modules that allow users to find answers to current cybersecurity questions at any time at any place. This way, the answers are there when employees need them and not when training schedules dictate.
PROTECT: Cybersecurity
Users get access to knowledge plus tips in daily life with a focus on sharpening daily behavioral patterns. In addition they can raise awareness of their own behavior by setting personal goals.
ASSIST: Get the help you need when you need it
This function provides answers and helps whenever anyone needs it. In addition to practical tips and technical help, it also offers further background information or explains what to do if the user has done something wrong, for example.
Abbildung: Interaktion und Lernen, wann immer es zeitlich passt – auch von unterwegs.
LEARN: Create and expand awareness
Individual role-based modules create awareness and interest in the topic. Simple situations of daily life at home and in the office create "aha-moments" again and again.
Abbildung: Hilfe und Tipps wenn sie benötigt werden.
Fazit
CybSafe is based on a scientific approach and on the COM-B model of behavioral change. This approach is fundamentally new and addresses the root causes of why we do certain things and not the symptoms. Boring learning, driven by compliance requirements was yesterday. CybSafe and cybovate is the destination for all those who want to better understand and address the human factor in cyber security and their inherent risks.
Try it yourself or see it in action
Start immediately with: SSO via Google Workspace (formerly G Suite), Azure and others; SCIM provisioning; and out-of-the-box awareness training and phishing.
