Why are awareness and cybersecurity so important? I talk about awareness all of the time. I evangelize about how cybersecurity is such an important factor in the success of a modern company. But why all the talk? Many readers may even think it is overkill. I was watching something on TV the other night. And there was a promotion for an environmental cause, there were celebrities talking about climate change. And one of the questions asked to one of the celebrities was why are you doing this. Then his answer was to bring awareness to this cause.
Now the first question may be doesn’t everyone know about climate change, global warming? Doesn’t everyone know this is a serious issue with a lot of attention already? If so why would this celebrity be doing a promotional piece on television? Because there was more to it than that, this celebrity knew that global warming and climate change may be big well-known issues but he also knew that the message needed to stay in front of his audience in order to be effective. He knew because publicity is his business that it needs to stay current and top of mind.
Security And Awareness
Awareness and cybersecurity are the exact same thing. Maybe on a micro scale, but the concept is still the same. As a leader of your company needs to maintain an awareness of cybersecurity issues yourself as well as communicate these issues to your employees, your customers, and your supply chain. It is in this way that it will stay top of mind and keep the people that can keep you protected properly motivated. This awareness will pay off hugely in the long run.
For example, in the latest Ponemon Institute study, it showed that the average cost per record of a data breach is $141.00 and that employee training could reduce this number by $12.50. So just the simple regular training of employees could be significant.
How To Increase Awareness
So what should we do to increase awareness? Should we do telethons and public events? No, not really. But we need to make it part of our everyday conversation. So the next time you are giving a speech to company employees about performance over the last year. Mention cybersecurity and if possible show what progress you have made. This progress is very measurable and should be a part of your security posture. I write about this here.
First, you need to be measuring and monitoring your cybersecurity posture at all times. Your security specialists either inside your organization or outside should be giving you regular summary reports on your progress as a company. And these reports should be directly correlated with your current cybersecurity posture. Are you getting more secure or less secure? Are you seeing more attacks or fewer attacks? What is the rate of successful vs unsuccessful attacks? Are the attacks changing?
How much are they costing you? When you have these types of information you can use them to make yourself more aware of where you are and then you can make your organization more aware.
Remember to always be talking about these issues with the right people in your management staff so they know this is important to you. When speaking to a group of employees consider pointing one or two out who have done something special to make the company more secure. Even give out prizes or awards for people who have found a security vulnerability. This constant awareness will keep it top of mind and keep you off the front page of the newspaper.