Establishing a good cybersecurity culture and the trends to look out for

Written by
Kamba Abudu
Published on
Share this post
Other posts by:
Kamba Abudu
Head of Engineering
Min read
Q3 2023: What's New with Venditan Commerce?
Covering the key additions and improvements that we have made to our eCommerce platform over the previous quarter.
Min read
Q2 2023: What's New with Venditan Commerce?
The key additions and improvements that we made to the Venditan Commerce in Q2 2023.

I visited Land Rover Experience for Thrive & Fortinet’s Cybersecurity Briefing last Thursday, and I thought it would be useful to take you through some of my key takeaways from the event.

What is the cybersecurity culture of your business?

Cybersecurity culture is defined as a business’s knowledge of and attitude towards cybersecurity.

Naturally, this is something that will differ dramatically from business to business. Culture is often determined by the industry the business operates within. For example, with our eCommerce and retail work, the handling of customer personally identifiable information demands that a high value be placed on cybersecurity.

It was highlighted that the biggest challenge in cybersecurity is one of apathy; many businesses do not believe that an attack will happen to them, leading to a passive culture, one of indifference.

The Ponemon Institute surveyed hundreds of IT security professionals, revealing that employee negligence is the leading cause of data loss incidents (40%). So it’s critical that an aware and engaging cybersecurity culture is instilled in all businesses, particularly those that use IT to operate.

Establishing a strong cybersecurity culture through people, process and technology


One in three employees say they do not understand the importance of cybersecurity, so the change needs to start with the workforce.

How does a business ensure that its people are aware of:

  • Different online threats relevant to their field of work
  • The critical nature of cybersecurity relative to their success
  • The processes to report on and combat online threats


Does the business have clear, well-documented processes for:

  • Identifying online threats
  • Documenting and elevating online threats
  • Combatting online threats
  • Reviewing and learning from online threats
  • Sharing knowledge across the business


Is the business investing in the right tools and technology to equip its people with everything they need to combat online threats?

cybersecurity culture and trends

Monitoring cybersecurity performance through trackable metrics

With the growth in the rate of feature development in ever-evolving software platforms, businesses need a corresponding increase in security enhancements.

Regular auditing of their cybersecurity setup should be a process. Cybersecurity metrics provide business-as-usual data for businesses to decide whether they need to enhance their security.

These include, but are not limited to:

  • Security incidents
  • Intrusion attempts
  • Unidentified devices
  • Uptime and downtime

Mean-time metrics

These metrics focus on the time it takes to measure certain aspects pertaining to an online threat.

Mean-time-to-Detect (MTTD)

The time it takes a cybersecurity team to detect a threat or data breach.

Mean Time to Resolve (MTTR)

The time it takes to respond to an online threat.

Mean Time to Contain (MTTC)

The time it takes to close an identified attack vector across all your endpoints.

Mean Time Between Failures (MTBF)

The amount of time between two failures of a system or product.

Mean Time to Acknowledge (MTTA)

The time a business takes to acknowledge an incident and begin working on resolving it.

Mean Time to Recovery (MTTR)

The time a business takes to recover after a product or system failure.       

Trends in cybersecurity as we go into 2023

There was also some insightful information given on the trends in cybersecurity, which I will give an overview of below.

Malware-as-a-service (MaaS)

This refers to the illegal lease of software and hardware for carrying out cyber attacks. Owners of MaaS servers provide paid access to a botnet that distributes malware.

Bug Bounty for Ransomware

Ransomware groups issue bug bounties, which are rewards to any person who identifies an error or vulnerability in a computer program or system. In turn, this helps ransomware groups to improve the quality of their product.

Artificial Intelligence (AI)

Despite it being a buzzword on everyone’s radar for what seems like an eternity now, we are still only scratching the surface of what AI technology can do. Certainly, AI will have a deep impact on the attack surface and sophistication of cybersecurity attacks, and automation of security management will need to leverage advanced AI to keep up.

Zero Trust Access

Access to systems should be as granular as possible, with people having the bare minimum they need to perform a task or activity, and the permissions should be revoked when no longer needed.

Final thoughts

To avoid an apathetic approach towards cybersecurity all staff need to be well informed on the threats faced, and the processes that are in place to combat them. Therefore, a strong cybersecurity culture is one that sees a business put its people at the heart of its policy and process.

Our recent posts

Keep up to date with the latest news and insight from the team at Venditan

Min read
eCommerce website security - Guarding your digital storefront
Exploring the critical realm of eCommerce security and the latest threats posed to online retailers.
Min read
AI in eCommerce - Productivity, or problematic?
Andy considers the emerging benefits of AI in eCommerce and the challenges around adoption.
Andrew Flynn
Head of Digital Marketing
Min read
Q3 2023: What's New with Venditan Commerce?
Covering the key additions and improvements that we have made to our eCommerce platform over the previous quarter.
Kamba Abudu
Head of Engineering
Min read
Get to know Allcocks
This month, we are speaking with Owen, the IT & Marketing Director at Allcocks Outdoors & Country.
Andrew Flynn
Head of Digital Marketing
Min read
Meet the team - Mark
This month, we caught up with Mark to find out a little bit more about one of our most senior members of staff.
Min read
Industrial eCommerce: Embracing digital transformation
Why the industrial sector is beginning to embrace eCommerce and digital transformation.
Andrew Flynn
Head of Digital Marketing