Establishing a good cybersecurity culture and the trends to look out for

Written by
Kamba Abudu
Published on
30/11/2022
Share this post
Other posts by:
Kamba Abudu
Head of Engineering
5
Min read
8/11/2023
Q3 2023: What's New?
Covering the key additions and improvements that we have made to our eCommerce platform over the previous quarter.
7
Min read
30/6/2023
Q2 2023: What's New?
The key additions and improvements that we made to the Venditan Commerce in Q2 2023.

I visited Land Rover Experience for Thrive & Fortinet’s Cybersecurity Briefing last Thursday, and I thought it would be useful to take you through some of my key takeaways from the event.

What is the cybersecurity culture of your business?

Cybersecurity culture is defined as a business’s knowledge of and attitude towards cybersecurity.

Naturally, this is something that will differ dramatically from business to business. Culture is often determined by the industry the business operates within. For example, with our eCommerce and retail work, the handling of customer personally identifiable information demands that a high value be placed on cybersecurity.

It was highlighted that the biggest challenge in cybersecurity is one of apathy; many businesses do not believe that an attack will happen to them, leading to a passive culture, one of indifference.

The Ponemon Institute surveyed hundreds of IT security professionals, revealing that employee negligence is the leading cause of data loss incidents (40%). So it’s critical that an aware and engaging cybersecurity culture is instilled in all businesses, particularly those that use IT to operate.

Establishing a strong cybersecurity culture through people, process and technology

People

One in three employees say they do not understand the importance of cybersecurity, so the change needs to start with the workforce.

How does a business ensure that its people are aware of:

  • Different online threats relevant to their field of work
  • The critical nature of cybersecurity relative to their success
  • The processes to report on and combat online threats

Process

Does the business have clear, well-documented processes for:

  • Identifying online threats
  • Documenting and elevating online threats
  • Combatting online threats
  • Reviewing and learning from online threats
  • Sharing knowledge across the business

Technology

Is the business investing in the right tools and technology to equip its people with everything they need to combat online threats?

cybersecurity culture and trends

Monitoring cybersecurity performance through trackable metrics

With the growth in the rate of feature development in ever-evolving software platforms, businesses need a corresponding increase in security enhancements.

Regular auditing of their cybersecurity setup should be a process. Cybersecurity metrics provide business-as-usual data for businesses to decide whether they need to enhance their security.

These include, but are not limited to:

  • Security incidents
  • Intrusion attempts
  • Unidentified devices
  • Uptime and downtime

Mean-time metrics

These metrics focus on the time it takes to measure certain aspects pertaining to an online threat.

Mean-time-to-Detect (MTTD)

The time it takes a cybersecurity team to detect a threat or data breach.

Mean Time to Resolve (MTTR)

The time it takes to respond to an online threat.

Mean Time to Contain (MTTC)

The time it takes to close an identified attack vector across all your endpoints.

Mean Time Between Failures (MTBF)

The amount of time between two failures of a system or product.

Mean Time to Acknowledge (MTTA)

The time a business takes to acknowledge an incident and begin working on resolving it.

Mean Time to Recovery (MTTR)

The time a business takes to recover after a product or system failure.       

Trends in cybersecurity as we go into 2023

There was also some insightful information given on the trends in cybersecurity, which I will give an overview of below.

Malware-as-a-service (MaaS)

This refers to the illegal lease of software and hardware for carrying out cyber attacks. Owners of MaaS servers provide paid access to a botnet that distributes malware.

Bug Bounty for Ransomware

Ransomware groups issue bug bounties, which are rewards to any person who identifies an error or vulnerability in a computer program or system. In turn, this helps ransomware groups to improve the quality of their product.

Artificial Intelligence (AI)

Despite it being a buzzword on everyone’s radar for what seems like an eternity now, we are still only scratching the surface of what AI technology can do. Certainly, AI will have a deep impact on the attack surface and sophistication of cybersecurity attacks, and automation of security management will need to leverage advanced AI to keep up.

Zero Trust Access

Access to systems should be as granular as possible, with people having the bare minimum they need to perform a task or activity, and the permissions should be revoked when no longer needed.

Final thoughts

To avoid an apathetic approach towards cybersecurity all staff need to be well informed on the threats faced, and the processes that are in place to combat them. Therefore, a strong cybersecurity culture is one that sees a business put its people at the heart of its policy and process.

Our recent posts

Keep up to date with the latest news and insight from the team at Venditan

6
Min read
1/5/2024
Gen A and the future of order management
How Generation Alpha may impact order management and fulfilment.
Andrew Flynn
Head of Digital Marketing
2
Min read
30/4/2024
Welcome to our new Head of Business Development, Steve!
A warm to welcome to Steve Pownall, our new Head of Business Development.
Venditan
Company
3
Min read
26/4/2024
Meet the team - Mike Simcoe
This month we're catching up with Mike Simcoe, Head of Technical Operations.
Andrew Flynn
Head of Digital Marketing
3
Min read
26/4/2024
Get to know The Dressing Room
A conversation with Deryane Tadd, Founder and Owner of The Dressing Room.
Venditan
Company
4
Min read
25/4/2024
You need to export your Universal Analytics data
Google is permanently deleting all Universal Analytics data from 1st July 2024.
Andrew Flynn
Head of Digital Marketing
2
Min read
4/4/2024
Meet the team - Mike Smith
Mike recently celebrated his tenth VenditAnniversary.
Andrew Flynn
Head of Digital Marketing