One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8415314 |
| Date de publication | 2023-11-21 11:00:00 (vue: 2023-11-21 11:07:46) |
| Titre | 7 Questions incontournables pour les leaders sur la culture de la sécurité 7 must-ask questions for leaders on security culture |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. It\'s not uncommon in today\'s corporate world to see a creative marketer launching catchy security awareness campaigns, steering the entire company towards robust online safety practices. Elsewhere, job reviews increasingly assess how well employees are performing on the cybersecurity front. The shift in focus is clear. Organizations have come to understand that sophisticated tech tools aren\'t the ultimate solution. People are the weak spot. In fact, researchers from Stanford University revealed that roughly 88% of data breaches are caused by employee mistakes. Not to mention that we\'ve observed a surging trend of attacks that sidestep technology and instead, zero in on people. The strategy is proving effective. Prominent ransomware incidents, such as those affecting Colonial Pipeline, JBS Foods, and Kaseya, have dominated headlines. As our tech-driven defenses become more advanced, malicious actors are adapting, always looking for the easiest entry point. Seeking efficiency and reduced effort, these cyberattackers often find employees to be the most appealing targets. So, training everyone to have better awareness about cybersecurity isn\'t just a good idea; it\'s a must. Based on all this, we\'ve got some recommendations for what leaders need to know and smart questions they should keep in mind for their next big meeting. Five things leaders need to know about cybersecurity culture Understanding security culture The ambiguity surrounding the term "security culture" often stems from a foundational problem: its frequent usage without a clear definition. This lack of clarity paves the way for varied interpretations and assumptions. With this work, we aim to bring clarity to the concept. Security culture is described as the beliefs, traditions, and collective behaviors of a group that shape its security posture. Why does security culture matter? Sometimes, employees adopt poor security habits, either independently or due to a lack of proper guidance from the organization. Addressing these habits can be challenging. However, establishing a robust security culture can change their behaviors, enabling an organization to safeguard its reputation, brand, and financial well-being. What does a good security culture look like? Suppose an employee, Alex, receives an email from a bank filled with typos and featuring a suspicious link. At a workplace lacking a security culture, Alex thinks, "This is odd. I\'ll set it aside for now." However, in a company with a solid security culture, Alex’s immediate reaction is, "This could be dangerous. I need to inform IT." Such a prompt action gives the tech team an early warning, allowing them to act before more damage occurs. It isn\'t about turning every employee into a cybersecurity specialist; it\'s about ensuring each individual acts responsibly, embodying the qualities of a "security champion." Prioritizing values, attitudes, and beliefs over rules and policies Cyber threats often catch organizations off-guard because a significant portion of their workforce isn\'t adequately informed or prepared for these risks. Leaders hope for their teams to act responsibly, like locking an unattended computer or reporting suspicious emails. However, just organizing train |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | about acknowledging act action actions actively actors acts adapting address addressing adequately adopt advanced advantage affecting after against ahead aid aim alex alex’s all allowing also always ambiguity among analytics anchored answer anticipating anticipatory any appealing approach are aren article aside ask assess assessing assets assumptions at&t attacks attitudes author awareness bank based because become becomes before behavior behavioral behaviors being beliefs best better big brand breaches bring bringing business but campaigns can careful careless cast catch catchy caused challenging champion change choice clarity clear collective colonial come commitment companies company competitive complete completion complex computer concept concerns consider consortium content continuous contrast conversely corporate costly could creative critical crucial cultivating culture current customers cyber cyberattackers cybersecurity daily damage dangerous data decisions defenses defines definition delay depth described detect determine different directly discussions does dominated down drills drive driven due during each early easiest effect effective effectiveness efficiency effort either element elsewhere email emails embedding embodying emphasize employee employees enabling encourage endeavor endorse engage ensures ensuring entire entry equally established establishing evaluating evaluations even ever every everyday everyone evolving exactly example examples executives fact familiar features featuring figures filled financial find five focus foods foot forefront fosters foundational four frequency frequent from from stanford front future genuine gives good got group guard guidance habits handle hands has have headlines help hold hope how however human humans idea; immediate impact implement important inadvertently incident incidents increasingly independently individual inform information informed initial initiatives instead interactive interpretations isn issues its jbs job just kaseya keep key know knows lack lacking launching leaders leadership lesson; level levels like line link locking look looking machines maintaining make making malicious many marketer matter maturity means measures measuring mechanisms meeting member mention message methods metrics might mind mindset mistakes mit mitigate model modify moment monitoring months more most must need next not now nurturing observed occurs odd of data off often one online only optional organization organizations organizations’ organizing out over part patched path paves people performing phishing picture pipeline pivotal place play point policies poor portion position positions post posture potential practice practices precautions prepared principles prioritizing priority proactive problem: process prominent prompt proper provide provided provides proving qualities questions questions: quickly range ransomware rates react react; reaction ready real receives recommendations reduced reflection regular regularly related reliable remains remind report reporting reputation requires researchers resilient respond responding response responses responsibility responsibly retaining revealed reviews right ripple risks robust role roughly 88 rules safe safeguard safeguarding safety say secondary secure security see seeking seem self send sense session sessions set setting seven shadow shape shaping shared sharing shift should sidestep significant signs simulate simulation sloan smart solely solid solution solutions some sometimes sophisticated specialist; spot spotting staff stage stages stance stand standalone starting steering stems step stop stopping strategy strict strong stronger success such suppose surging surpasses surrounding suspicious system systems take taken talks targets tasks team teams tech technology term than them these they things thinks those threats threats; tier time today tools top towards tracking traditions trained training trend truly trust turning typos ultimate unattended uncommon understand understanding university unusual |
| Tags | Ransomware Tool Prediction |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.