“It takes 20 years to build a reputation and five minutes to ruin it.
Board meetings will never be the same again! Following a number of high profile cyber-attacks and embarrassing boardroom apologies in the UK over the last six months, business leaders are finally realizing the real damage that a cyber-attack can have on their organization. Competitive advantage, market value and hard-won reputations, both corporate and personal, competitive advantage and market value are all at risk.
Global investment on cybersecurity technologies continues to rise, and with good reason. Symantec's Internet Security Threat Report, released in April 2016, reports that they '... discovered more than 430 million unique new pieces of malware in 2015, up 36 percent from the year before. Perhaps what is most remarkable is that these numbers no longer surprise us. As real life and online become indistinguishable from each other, cybercrime has become a part of our daily lives. Attacks against businesses hit the headlines with such regularity that we’ve become numb to the sheer volume and acceleration of cyber threats.'
But there’s something missing from our continued investment in and expectation that technology can solve the problem of the growing number of cyber-attacks.
Verizon’s 2015 Annual Data Breach Investigations Report highlighted one stark fact. The great majority - estimated to be 90% - of successful cyber-attacks succeed because of human error. Anyone in any organization, irrespective of their role or seniority, can enable an attack to succeed through their unwitting actions. Put more simply, cyber-attackers can find it easier to communicate and engage with our people than we do. How confident are you that your people are displaying the appropriate behaviours and understanding of the practical things needed to effectively protect the information and assets most precious and valuable to your organization?
The challenge appears clear. All our people must play a more significant and effective role in our organizational resilience. The sad truth is that most organizations only educate their people through annual information security awareness e-Learning, and it’s widely acknowledged that this yearly, compliance ‘tick-box’ approach to learning frequently fails to engage and has little or no lasting impact on people’s cyber awarenss and behaviours.
So can e-Learning really change behaviours?
Yes. But not in its traditional form. In this vital area of staff training and development, one size doesn’t fit all, and the current ‘all staff, once a year’ approach simply doesn’t influence or change behaviours in the long term. At best it reminds us of some essentials, at worst it’s treated as a necessary evil, a distraction and as something ‘I have to do’. Annual eLearning will not instil and sustain the cyber resilient behaviours that employees need today. We’re trying to ‘program’ our people in the same way we program computers to do certain things, in certain ways at certain times. It doesn’t work.
A new approach is required - one where information security and cyber awareness learning is conceived and implemented as a continuous, ongoing and sustainable campaign over time. Just as our technical security controls must evolve and adapt to ever-changing cyber threats and vulnerabilities, we need to ensure all our people maintain their training and awareness and are provided with appropriate, practical guidance on a continual basis that fits the needs and requirements of the particular organization.
RESILIA™ Awareness Learning modules have been designed to do just that. They provide your people with the knowledge, skills and confidence to adopt new behaviours in order to grow your firm’s cyber resilience, and use a range of innovative learning tools and techniques that build, maintain and measure the effectiveness of the awareness learning provided to your workforce.
It’s simply a matter of time before you’ll be required to respond to a successful attack or significant data breach. Where would you rather be when that happens?
See our RESILIA section for more information.
Contact Nick Wilding or Gemma Moorhead today to find out how RESILIA Awareness Learning can enable your organization to adopt a new approach to cyber awareness learning.
You can also continue the discussion with your peers on The AXELOS Community.
Read more AXELOS Blog Posts from Nick Wilding
Did you know you were a whale?
21st century cyber awareness for a 21st century threat
A cyber resilience Q&A with Karoliina Ainge, head of Estonian cyber security policy - Part 2
A cyber resilience Q&A with Karoliina Ainge, head of Estonian cyber security policy - Part 1
Cyber Resilience: it’s all about behaviours - Digital Leaders Conference presentation
Cyber Resilience: it’s all about behaviour, not bits and bytes
Cyber Resilience: We need to TalkTalk
Cyber Resilience: developing a new language for all
Looking for Business Leaders in the Cyber Resilience Race