Category: Cyber Security

Beyond Talking the Talk: Building Cybersecurity into a Company’s DNA

Security is constant. It’s fast-paced with a high burnout rate, and many companies continue to struggle with implementing basic security controls. Given the overwhelming reality of resources and time that are already being dedicated to a company’s security strategy, how can organizations begin to build security into a company’s DNA in a realistic way?

While it may seem onerous or unrealistic to some, it is possible to create more than a cyber-aware culture. Changing the fabric of a company’s DNA is more than just a Pollyanna goal, it’s a necessary reality. But it will take time and leadership buy-in. The very basic building blocks require a shift in the way companies think about accountability. It starts with making everyone in the organization responsible for cybersecurity.

Let’s be clear that there is a difference between corporate culture and a company’s DNA. The DNA encompassing everything that relates to the very fibers of the organization. All those aspects of the company that we don’t think about it. When we talk about building cyber into the company DNA, we want it to be part of the normal day-to-day operations. Security needs to be part of what we are investing into the organization and people throughout the year. So that limited resources of time and money never diminish the way the company values security, it must be part of the corporate development life cycle.

When security is a part of the profit and loss statement, it inherently becomes a priority of the company’s goals. These are the ideas and behaviors we need to be going after in order to make security a priority for the organization.

So, what are some realistic steps you can take today? Here are a few ways to rebuild a company’s DNA and make a real difference in the way employees, the C-Suite, and the board value security[…] Read more »

 

 

Study Shows Which Phishing Attacks are Most Successful

A new phishing study of six million users shows insurance organizations and not-for-profits lead all other industries with greater than thirty percent of users falling for baseline phishing tests.

The study shows these types of organizations rank higher (in the low 30 percentiles) than the overall average of 27 percent across all industries and size organizations. Large business services organizations had the lowest Phish-prone benchmark at 19 percent.

The Phish-prone percentage is determined by the number of employees that click a simulated phishing email link or open an infected attachment during a testing campaign using the KnowBe4 platform.

The study, drawn from a data set of more than six million users across nearly 11,000 organizations, benchmarks real-world phishing results. Results show a radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer based training (CBT).

The study anonymously tracks users by company size and industry at three points: 1) a baseline phishing security test, 2) results after 90 days of combined CBT and simulated phishing, and 3) the result after one year of combined CBT and phishing […] Read more »