Forum Discussion

Nermin's avatar
Nermin
Icon for Bronze I rankBronze I
4 months ago

Phishing != Security Awareness

Dear IL Community,

I wanted to express some thoughts about the challenge that organizations may face if they want to establish a cybersecurity culture, especially when individuals within an organization do not prioritize or care about cybersecurity.

From my perspective, one of the main reasons it's tough to get a cybersecurity culture going is that people just don't see the potential consequences of cyber threats. They often don't realize how much of an impact a security breach can have or how important it is for them to protect sensitive information. This lack of interest can create a big vulnerability in an organization's security defenses.

Would love to get your view and discuss the following things:

  • How can we make cybersecurity feel relevant to every employee?
  • What innovative approaches have you seen in creating a security-minded culture?
  • Are current training methods truly effective, or do we need a radical rethink?
  • Is it about the missing Leadership commitment?
  • Do we struggle to demonstrate the tangible business impacts of cybersecurity?

It would be very appreciated if you can share your thoughts and experiences!

All the best - Nermin

other
  • PatelEE's avatar
    PatelEE
    Icon for Bronze I rankBronze I
    3 months ago

    Hi Nermin!

    I wanted to share an experience that I recently had in my master's degree program, our group was paired with a non-profit organization and advised to give consulting on how to improve their cybersecurity practices. We quickly realized that the employees and the leadership at this organization didn't not care about the best cyber practices, it's that they weren't aware of what the possibilities of 'bad actors' were.

    We ended up doing an exercise with the entire employee group to walk them through 'fictional scenarios', then had them think through what could happen and last, ended with showing them an example of this being exploited in real life. 

    This helped them grasp how tangible these attacks were to them and their organization. Happy to chat more about this if you would like! Apologies on letting this go unanswered for a while! :)