There’s no doubt that awareness of information security in corporations has dramatically improved in recent years. Stories of breaches, both internal and external, have filled the media. Where the CEO has been forced to face the music on the evening news, where most people now understand the value of data and the risk of it falling into the wrong hands.
Many things are driving the growth of a more security focused culture in most businesses. Investment in building this cultural change has never been higher, with analyst firm Gartner predicting spending on Information Security will reach $8.1bn (€7.2bn) in 2016, a 7.9% increase over the year previous.
So what are some of the key points to consider when developing your security awareness strategy? Each of these is equally important and must be considered as part of a holistic approach.
Many organisations have moved to make managers and employees aware of their responsibilities by creating policies to govern information security. These policies are crucial, but they can only be effective when owned and given a practical purpose. For example, ensuring people are trained on these policies and understand the impact of a failure to follow them. Most companies now have a formal induction process for new employees where computer use and security policies are reviewed.
These initiatives and policies must not be seen simply as tick box exercises that run the risk of not being taken seriously. To ensure this isn’t the case, information security must be owned and reinforced as a business issue that matters at the highest level. One way to support this is to align security strategy with key business goals and objectives, issues like building customer loyalty or managing risk.
The ultimate success of any cybersecurity culture can only really be determined by continual measurement and feedback from stakeholders. Surveys, interviews, tests and audits are crucial in revealing whether programs are effective but also to identify any gaps that need to be filled.
Implementing technologies that reduce your attack surface and help reinforce your security strategy is essential. But technology alone cannot prevent every threat, it’s always worthwhile to invest seriously not just in the technology itself, but ensuring that it’s correctly implemented in the right places.
WALLIX offers solutions that give privileged users in your organisation secure access to information systems and devices, and gives you complete visibility and auditing of their actions, helping you to meet compliance requirements and keep data secure.