Establishing a good cybersecurity culture and the trends to look out for
I visited Land Rover Experience for Thrive & Fortinet’s Cybersecurity Briefing last Thursday, and I thought it would be useful to take you through some of my key takeaways from the event.
What is the cybersecurity culture of your business?
Cybersecurity culture is defined as a business’s knowledge of and attitude towards cybersecurity.
Naturally, this is something that will differ dramatically from business to business. Culture is often determined by the industry the business operates within. For example, with our eCommerce and retail work, the handling of customer personally identifiable information demands that a high value be placed on cybersecurity.
It was highlighted that the biggest challenge in cybersecurity is one of apathy; many businesses do not believe that an attack will happen to them, leading to a passive culture, one of indifference.
The Ponemon Institute surveyed hundreds of IT security professionals, revealing that employee negligence is the leading cause of data loss incidents (40%). So it’s critical that an aware and engaging cybersecurity culture is instilled in all businesses, particularly those that use IT to operate.
Establishing a strong cybersecurity culture through people, process and technology
One in three employees say they do not understand the importance of cybersecurity, so the change needs to start with the workforce.
How does a business ensure that its people are aware of:
- Different online threats relevant to their field of work
- The critical nature of cybersecurity relative to their success
- The processes to report on and combat online threats
Does the business have clear, well-documented processes for:
- Identifying online threats
- Documenting and elevating online threats
- Combatting online threats
- Reviewing and learning from online threats
- Sharing knowledge across the business
Is the business investing in the right tools and technology to equip its people with everything they need to combat online threats?
Monitoring cybersecurity performance through trackable metrics
With the growth in the rate of feature development in ever-evolving software platforms, businesses need a corresponding increase in security enhancements.
Regular auditing of their cybersecurity setup should be a process. Cybersecurity metrics provide business-as-usual data for businesses to decide whether they need to enhance their security. These include, but are not limited to:
- Security incidents
- Intrusion attempts
- Unidentified devices
- Uptime and downtime
These metrics focus on the time it takes to measure certain aspects pertaining to an online threat.
The time it takes a cybersecurity team to detect a threat or data breach.
Mean Time to Resolve (MTTR)
The time it takes to respond to an online threat.
Mean Time to Contain (MTTC)
The time it takes to close an identified attack vector across all your endpoints.
Mean Time Between Failures (MTBF)
The amount of time between two failures of a system or product.
Mean Time to Acknowledge (MTTA)
The time a business takes to acknowledge an incident and begin working on resolving it.
Mean Time to Recovery (MTTR)
The time a business takes to recover after a product or system failure.
Trends in cybersecurity as we go into 2023
There was also some insightful information given on the trends in cybersecurity, which I will give an overview of below.
This refers to the illegal lease of software and hardware for carrying out cyber attacks. Owners of MaaS servers provide paid access to a botnet that distributes malware.
Bug Bounty for Ransomware
Ransomware groups issue bug bounties, which are rewards to any person who identifies an error or vulnerability in a computer program or system. In turn, this helps ransomware groups to improve the quality of their product.
Artificial Intelligence (AI)
Despite it being a buzzword on everyone’s radar for what seems like an eternity now, we are still only scratching the surface of what AI technology can do. Certainly, AI will have a deep impact on the attack surface and sophistication of cybersecurity attacks, and automation of security management will need to leverage advanced AI to keep up.
Zero Trust Access
Access to systems should be as granular as possible, with people having the bare minimum they need to perform a task or activity, and the permissions should be revoked when no longer needed.
To avoid an apathetic approach towards cybersecurity all staff need to be well informed on the threats faced, and the processes that are in place to combat them. Therefore, a strong cybersecurity culture is one that sees a business put its people at the heart of its policy and process.
All Most Recent Posts
The latest in the world of fashion retail and eCommerce
Migrating from Shopify? 8 crucial considerations
We want to write you a cheque for £5,000
An introduction to retail personalisation
Visit a Category
Transfer to Venditan Commerce today and we’ll invest £10,000 into the project with you.CONTACT US TO FIND OUT MORE
A single integrated solution
“We were constantly selling something online that hours earlier we had sold on the shop floor and frequently frustrating customers who wanted to redeem gift vouchers online that they had bought in-store, or vice-versa.
We knew we needed to end the previous approach of using different systems to run different parts of our business. The Venditan Commerce solution gives us great visibility across our entire stock, in real-time, no matter where we want to sell it.”
Shankara Smith, Founder