Hello! Welcome back to this next TomCast from GuardSight; we are a tactical cybersecurity-as-a-service organization dedicated to helping businesses protect their data, their assets, and their endpoints.
Today we are going to address an issue that has impacted multiple organizations worldwide and that continues to adversely impact businesses and their employees. The topic is cybersecurity awareness and education and/or the lack thereof.
Have you ever heard of a “people-centric security model”? What does that phrase mean, exactly? Well, let us take a step back and adjust focus from a more thirty thousand foot view. Cybersecurity, regardless of how people feel throughout different organizations, is not new. Data compromise, threat actors, network breaches are all common news focal points that are present each and every day. Why are these attacks so successful? Shouldn’t we have amazing cyber weaponry at our disposal to thwart these ne’er-do-wells?
HA! Think of an automobile and a toddler. The automobile can do amazing things and get the toddler anywhere they may need to go, but the toddler does not yet have the ability to operate that automobile to its full functionality. Ok…that was a random analogy, so what does that have to do with cybersecurity? There are amazing cyber tools and cyber weapons available out there on the market, and brilliant minds are developing newer and newer technologies to thwart threat actors every day. The tools/weapons are only as good as the environments they are implemented within, however.
If your user base lacks basic cybersecurity awareness, then the tools and weapons are not going to suffice in protecting your environment. Employees, users, clients, customers, whatever you label the people in your organization need to be trained or educated in a way that the knowledge provided actually sticks. What do I mean by that?
Ok, another analogy coming your way. What is preventing anyone here from grabbing a fork and sticking it into an electrical outlet? (By the way, if that is something you have never heard of before, please do NOT do that as it could majorly adversely impact your health). Most folks understand that you should not do that because it will cause immense pain and could even be fatal. Well, have people learned this through trial and error? Maybe some, but that particular topic lies within a shared pool of knowledge often referred to as “common sense”. Now, I am not here trying to convince people who has and who does not have common sense. Like I said, common sense is a shared pool of knowledge, and not everyone shares the same pools. So, having said that, let us get back to the topic at hand.
Organizations that operate on the Internet need to determine a way to make cybersecurity awareness stick in a shared pool of knowledge the same way the fork and the outlet topic has stuck. Human error is a massive part of data compromise, data breach, ransomware infection, etc. If we can all work at making cybersecurity awareness a topic that sticks, imagine the reduction in human-error-related events. Phishing email issue? Not NEARLY as likely (by the way, that will be a topic discussed in a later TomCast). Social engineering attempts will be far less likely to succeed if efforts are placed on educating the masses in a way that the knowledge is retained long-term.
So, this means development of the people-centric security model. Organizations that take the time, budget the resources, and place focus on their people first to ensure that their front lines, their employees, users, clients, customers or what have you, are armed with the knowledge to protect their environment more efficiently and succeed.
And that wraps up the topic of cybersecurity awareness and education from an organizational viewpoint! We here at GuardSight thank you for taking the time to listen to this TomCast. Please share this if you believe it would be of assistance to anyone in your contact list, and please provide us some feedback in the comments so we can continue to improve. Thanks!