The Security Culture Playbook. Perry Carpenter
Чтение книги онлайн.
Читать онлайн книгу The Security Culture Playbook - Perry Carpenter страница 13
Ransomware, social engineering, and human error have proven to be an existential threat to businesses of all sizes.
Ransomware, social engineering, and human error have proven to be an existential threat to businesses of all sizes.
Intellectual property theft, multi-step extortion, customer and employee data theft, multimillion dollar ransom payoffs, brand and reputation damage via released emails, and other public shaming are all taking a toll; and boards of directors are looking for visibility into how vulnerable their organization is and what needs to be done to decrease risk and increase resilience.
Organizations must address ransomware as one of the primary overall risks to the business that must be mitigated, similar to natural disasters. The most common (and easiest path) for ransomware infection is through social engineering attacks on an organization's employees. So, social engineering, which is mitigated only by a mature security culture, deserves board-level attention.
Boards of directors need transparency and accuracy (Internet Security Alliance, 2020). To that end, we'll show you how to accurately measure your security culture. Further, we'll give you the information and tools you need to actively begin strengthening the weak areas and fostering sustainability in the areas where your people are already doing well.
Measuring security culture with the tools and methods we'll show you provides the board a very objective measurement for the company's proactive security measures for the company's largest vulnerability: attacks that succeed by exploiting your human layer.
Getting It Right
We know that traditional technology-centric approaches to cybersecurity haven't proven effective, and the traditional information-centric approach to security awareness hasn't adequately prepared employees for the onslaught of social engineering attacks targeting them. If 85 percent of breaches are being caused by social engineering or human error, and less than 3 percent of spending is focused on the human layer, then it is clearly time to put more focus on the human side.
Information-centric security awareness isn't sufficient. We need a broader approach. We need to focus on the ABCs of cybersecurity: awareness, behavior, and culture. In Chapter 3, we'll discuss key reasons why traditional security awareness programs have fallen short and show how you can transform your program, making it truly effective. You'll learn how principles from marketing, behavior science, and organizational culture management can all be used to drive secure behaviors and foster a workforce that values security.
Takeaways
Human-layer defenses and your organization's security culture should be key conversation topics within the executive team and board of directors.
If you aren't clearly telling your own story and articulating what your data and details imply, then your audience is left to interpret things for themselves.
Ransomware, social engineering, and human error have proven to be an existential threat to businesses of all sizes.
Less than 3 percent of security spending is focused on the human layer, but over 85 percent of breaches are traced back to humans. It's time to invest more time, money, and effort in the human layer.
Human knowledge, beliefs, values, behaviors, expectations, and social pressures are involved in everything that matters within your organization.
Конец ознакомительного фрагмента.
Текст предоставлен ООО «ЛитРес».
Прочитайте эту книгу целиком, купив полную легальную версию на ЛитРес.
Безопасно оплатить книгу можно банковской картой Visa, MasterCard, Maestro, со счета мобильного телефона, с платежного терминала, в салоне МТС или Связной, через PayPal, WebMoney, Яндекс.Деньги, QIWI Кошелек, бонусными картами или другим удобным Вам способом.