One Article Review
| Source |  ProofPoint |
|---|---|
| Identifiant | 8627064 |
| Date de publication | 2024-12-18 07:38:20 (vue: 2024-12-18 14:07:57) |
| Titre | Transform Human Risk into Strength: A Guide to Lasting Behavior Change (Recyclage) |
| Texte | Imagine this: you are a part of a security team that has invested heavily in cybersecurity technology, layered defenses and rigorous training for your team. Yet a single click on a phishing email from an unsuspecting employee at your organization could still open the door to a serious incident. If so, you\'re not alone. Even though you\'ve put security measures in place, held training sessions and distributed awareness posters, security incidents keep happening. But why? Because real security isn\'t just about what employees know. It\'s about how they feel about their responsibility in protecting your organization. It also about how they react when faced with a threat. In cybersecurity, knowledge without behavior change is incomplete. Today\'s threat landscape is more complex than ever with cybercriminals constantly refining their tactics to exploit human vulnerabilities. However, there is good news: People can become your most effective line of defense. When employees feel empowered and engaged in their role as defenders, they shift from being potential security risks to proactive protectors. How do you get them to that place? You need a systematic, people-first approach to building a security culture. This is where the Proofpoint DICE framework comes into play. DICE stands for detect, intervene, change behavior and evaluate. In this blog post, we\'ll explore each of these components. We\'ll also talk about the psychology behind this framework-and how it empowers organizations to create resilient security cultures. It doesn\'t matter if you\'re a seasoned security leader or just starting to build a positive security culture, this guide offers actionable insights into achieving long-term behavior change. Let\'s dive in. What is DICE? Our experience working with organizations across industries has taught us that effective behavior change begins when you can detect the people who are most at-risk from threats or those who are most likely to engage in unsafe behaviors and intervene in a timely way. Part of this is tailoring educational experiences to align to each person\'s vulnerabilities. You also need to continuously evaluate and improve your program\'s impact. That\'s why DICE makes such a difference. It goes beyond traditional security training, which relies on a one-size-fits-all approach. Instead, it provides employees with continuous, contextually relevant guidance that helps them to develop lasting habits. There are four steps in the Proofpoint DICE framework. Steps in the Proofpoint DICE framework. Step 1: Detecting human risk-the heart of effective behavior change The first step is detecting human risk, which is based on threat context and behavioral choices. What\'s most important here is to identify and understand organizational, departmental and individual risk. Why detection matters The journey toward effective security behavior change starts with a deep understanding of human risk. Who in your organization is most vulnerable to cyber threats? Which employees continually take risky actions? And why do they do this? Traditional security awareness programs often lack this level of precision. Instead, they treat everyone as if they face the same risks and need the same training. During this phase, organizations must quantify and analyze several key risk factors. This helps them to build a comprehensive view of each employee\'s risk posture. This is crucial because when programs don\'t use targeted insights, they can become unfocused and less impactful. Content that\'s one-size-fits-all may not resonate with high-risk users that face unique challenges. Here\'s how to build an effective strategy for detecting risk: Analyze behavior. When you analyze real-world behaviors, you can see that some people are more susceptible to security threats than others. Just consider how activities can reveal whether someone is high-risk. If they click on a suspiciou |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | both it real regular security the threat when ability about absorb absorbing access according account accuracy accurate achievements achieving across action action actionable actions active actively activities activity actual adaptive adaptively address addresses adjust after against alerts align aligns all allow allowing alone also alternatively amount analysis analyze any applied apply approach are areas asked assess assessment assessments assigned attacks attitude attitudes automatically avoid avoiding aware awareness based because become becoming been before begins behave behavior behavioral behaviors behind being beliefs benchmarking best better beyond blog both broader build building builds but called can carelessly challenges chances change change changing choices click coaches code combines comes committed comparisons competitive complete complex components comprehensive concepts conclusion: confidence confidential connect conscious consider consistent consistently constantly content context contextual contextually continually continue continuous continuously correctly could course courses crammed create creates creating credential critical crucial cultural culture culture cultures curriculum cyber cybercriminals cybersecurity data decisions deep defenders defending defense defenses deliberate demonstrate departmental designed detect detecting detection develop developing dice did difference different directly distributed dive doer does doesn doing don door doses driven during each educate education education educational effect effective effectively effectively effectiveness efforts elements email emails embed emerging employee employees empowered empowers enables encounter engage engaged engaging engineering enhance enhances enjoyable enroll enrolled ensure ensures entry essential evaluate evaluating evaluation even ever everyday everyone everything example executive exercises experience experiences exploit explore explorer exposure external face faced faces factors false feel first fits focus following form fostered foundation foundational four framework frequent from future gain gamified gaps genuine get gives goes good great groups growing guidance guide guidelines habits habitual handling hands happen happening has have heart heavily held help help helping helps here high higher highlight how how: however human identified identify identifying ignoring imagine impact impactful important improve improves incident incidents incomplete increase increases increasing indicates individual individuals industries industry inform information informed ingrained insight insights instead instinctive interacted interactive intervene intervening intervention intervention interventions invested involves isn its job journey just keep key know knowledge lack landscape lasting layer layered leader leaderboards learn learned learning learning less let level life like likely limited line link long lower make makes making manageable management matter matters matters may meaningful means meant meanwhile measure measured measures measuring memorable memory message metrics micro might mindset minimum modules moment more most motivated motivation moving must nano natural nature need needed needs negative never news: next not nudge observing occur offered offers often once one ongoing only open opportunity organization organizational organizations other others over overall overnight part participate partners passively paths patterns peers people perceive perfectly performs periodically person personalized perspective phase phishing picture place play playing point positive positives post posters posture potential practical practice practices precision preventing principle principles prioritize priority proactive process profile profiles program programs proofpoint protecting protectors proven provide provides providing psychology put qualify quantify questions quizzes rate rates rather react ready real realisti |
| Tags | Tool Vulnerability Threat Studies |
| Stories | |
| Move | 
|
Les reprises de l'article (1):
| Source | ProofPoint |
|---|---|
| Identifiant | 8626174 |
| Date de publication | 2024-12-16 15:07:03 (vue: 2024-12-16 19:07:45) |
| Titre | Create a Strong Security Culture: How to Turn Good Security Habits into Second Nature for Your Employees |
| Texte | Last year, 74% of breaches involved human factors, like users behaving in risky ways or maliciously. No doubt, it\'s a challenge to address any type of insider threat-whether it stems from human error and oversight or from more sinister intentions. However, when you foster a strong security culture you can significantly reduce these incidents. But creating a strong security culture isn\'t easy. For starters, the concept of security culture itself can often feel vague. And this is partly because there aren\'t any standardized metrics to measure it. Some organizations assess culture through phishing simulation click rates or reporting rates; others rely on training completion rates or the speed at which assignments are finished. In this blog post, we\'ll explore what security culture truly means, why it\'s critical to your organization, and the key steps that you can take toward building a strong, sustainable culture at your own organization. What is security culture? Proofpoint defines security culture as the beliefs, values and attitudes that shape how employees behave when it comes to protecting their organizations from cyberattacks. This concept was first outlined by MIT researchers Keman Huang and Keri Pearlson in 2019. Notably, an organization\'s security culture will be weak if its employees don\'t see the value in security best practices, or if they view cybersecurity negatively like if they think of it as an obstacle to their productivity. What\'s a good way to measure security culture? Our goal is to make the concept of security culture more concrete. So, we\'ve broken it down into three critical aspects: Responsibility. In other words, employees feel like they should take a proactive role in preventing security incidents. Importance. Employees believe that cyber threats are a material risk to the success of the organization. What\'s more, these threats could impact them personally. Empowerment. Employees feel empowered to act because they have a working knowledge of cybersecurity and policy. If they make a wrong security decision, they trust that their organization will resolve any issue quickly. The Proofpoint model of cybersecurity culture sits at the nexus of three key factors. If an organization wants to gauge where their security culture stands, it can conduct a security culture survey. This can help with estimating the likelihood that employees will make security-aware decisions and take the appropriate actions. At the end of the day, the goal is to drive positive behavior change. Employees should feel encouraged to help keep their organization safe by adopting security best practices. Why is security culture important? As highlighted in the Proofpoint 2024 State of the Phish report, 96% of working adults who took risky actions were aware that what they were doing was risky. This result challenges the traditional belief that people engage in risky behavior due to a lack of security knowledge. It also explains why training alone is not enough-and why building a strong security culture is so essential. Security culture is about how people perceive, engage with and follow security practices and policies. It shapes their decisions, like how they handle sensitive data or respond to potential phishing emails. Ultimately, it\'s their decisions that impact an organization\'s overall security posture. A strong security culture helps mitigate human risks by giving people the right tools as well as the right knowledge so that they know what\'s risky and can avoid those behaviors. It also motivates them to follow best security practices because they understand the value of security, the risks involved, and the consequences of non-compliance. A robust security culture also fosters employee accountability. In our 2024 State of the Phish report, 60% of people either weren\'t sure or didn\'t believe that they were responsible for h |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | 2019 2024 about accountability achieve across act actions actively adaptive added additional address addressed admit adopting adults afraid afterthought all alone also always any apply approach appropriate are aren aspects: assess assignments assist attitudes audience automate avoid aware awareness base based because behave behaving behavior behaviors belief beliefs believe best beyond blog book both box breaches bring broken build building business but buy campaign can case challenge challenges challenges change channels check clear click collaborate combine comes comfortable committed common communicate communication communications compelling complete completion compliance comprehensive concept concerns conclusion concrete conduct conscious consequences consider continuous conversely corporate costs could create creating critical cross crucial culture culture: culture: cyber cyberattacks cybersecurity data day decision decisions deeply defines departments desired detailed detect dice didn directly doing don done doubt down download drive driven driving due during eager easy effectively effects effort efforts either elements else emails employee employees empower empowered empowerment enables encouraged end engage engaged engagement enough ensure ensures entire environment error essential estimating evaluate even everyone executives expectations explains explore factors faster feedback feel finished first focus follow foster fostering fosters foundation framework from functional gain gather gauge get give giving goal goals goes good grow guide habits handle have having help helping helps here highlighted how however huang human idea ideas identify impact impacts implement importance important imposed incidents includes inclusion incorporate individual industry influencers initiatives insider insights intentions internal intervene investing involved isn issue issues its itself just justify keep keeping keman keri key know knowledge lack last laying leaders leadership lean learn learning legal level levels like likelihood likely make maliciously management marketing material means measure mediums message methodology metrics microcultures mind mistakes; mit mitigate model momentum more motivate motivates much must nature need needed negative negatively neglecting network next nexus non not notably objectives obstacle obstacles: often only openness opinions opportunities organization organizational organizations other others out outlined over overall overcome oversight own ownership page part partly partner partnership paths pearlson people perceive personalized personally phase phish phishing plan play policies policy positive post posture potential practices premium preventing principles proactive proactively process product productivity profile program programs proofpoint protect protecting proven provides punished pursued qualitative quantitative questions quickly raise range rates rates; rather raw reach real recognize reduce reducing regularly relationships relevant rely report reporting reports request researchers resolve resonates resource resources respond responsibility responsible result right risk risks risky robust role roles safe safety same scale second security see sense sensitive services sets shape shaped shapes share shares should significantly simply simulation sinister sits small snapshot solution some someone specific speed stakeholders standardized stands start starters state stems steps story storytelling strategic strong success such support sure survey sustainable sustained tailor take takes target team teams than them then there these they think those threat threats three through time tips told tone took tools top toward traditional training treat truly trust trying turn two type ultimately understand unique unsafe upskilling use user users uses using vague valuable value values view village vitally voice want wants way ways weak well weren what when where whether which who why will words work working world worry wrong year you your zenguide zenguideä |
| Tags | Tool Threat |
| Stories | |
| Move |
|
L'article ne semble pas avoir été repris sur un précédent.