There isn’t a security patch for people - but there is something better

There isn’t a security patch for people… but there is something better…

Forthcoming ‘People in Security’ Webinar | Thursday 9th November 2017

In the recently-published ‘Black Report’  85% of hackers said people were the primary source of blame for security breaches, even more than inadequate security and unpatched software. This probably won’t be very surprising to the security chiefs among you: we know that the vast majority of data breaches are caused by people.

Here are some reasons why?

  • They’re fooled by a social engineering scam because they were unprepared for it.
  • They don’t know what they’re supposed to do?
  • They were in too much of a hurry to care about security at that moment.
  • They maliciously attacked their own business without their colleagues noticing.

The trouble is that people are ‘unpatched’ in the sense that they are not being given the training, the resources and the support to the quality and degree they need.

So what could be better than a patch for our people?

The notion of a patch for people is itself flawed; it suggests a quick fix, a covering over of the vulnerability and it’s a short-term solution.

The opposite of this is the development of something deeper and longer-lasting, something complete that involves everyone and something that requires change and that will keep changing: that is security culture.

At Layer 8 we define culture as how we collectively demonstrate what matters to us on a daily basis through what we say and what we do. So, culture is about conversation and behaviour. The quality and frequency of people’s conversations and actions – from the board room to the coffee machine – determines the kind of security culture you have.

Culture is vital to the success of any people-centred security strategy. If awareness is necessary to stimulate the potential for behavioural change, then a conducive culture is essential for behavioural change to happen and to embed itself. Awareness, behaviours and culture are the ‘ABC’ of components necessary for change.

Engaging communications, immersive workshops and peer-to-peer learning and leadership via a ‘champions’ campaign are the means to make it happen. They work in concert and complement each other, stimulating conversation, collaboration and behavioural change across the business. 

This requires budget – though not as much as people think – and our forthcoming ‘People in Security’ webinar is all about winning the support and the money you need to make security culture change a reality in your organisation. Much better than a patch!

Details of the webinar

Securing Budget for a More Secure Company Culture: How this CISO achieved just that

HOSTS: Sarah Janes and Tony Dimech (Layer 8) with guest Andy Hodgson, former CISO at BT, Qinetiq and MundiPharma.

WHEN: Thurs 9th November 2017 at 11.00am-11.30am

Sign up here…

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

READ MORE

View our other posts and insights

Scroll to Top