By Laura Bishop, Director of Human Risk Science at OutThink
What does ‘awareness’ in the cybersecurity sense mean? Increasing cybersecurity awareness involves making an organisation and its employees more informed about current risks, and what must be done to protect the organisation from these risks.
The cybersecurity landscape is very dynamic in nature and regular changes to risk occur in a variety of ways. These include developments in technology, shifts in employee perceptions, modifications in offender tactics, and even natural employee attrition. Adapting to risk makes the maintenance of cybersecurity awareness extremely challenging.
How to Improve Cybersecurity Awareness
Awareness is centred around knowledge, and this knowledge needs to be current. Being aware of old risks, or old solutions to risks is not helpful.
There are three critical aspects to maintaining employee awareness:
- Current and consistent awareness and training programmes
- A knowledge-sharing culture
- Motivation for collaboration
Organisations must establish a culture whereby knowledge is learned, shared, and used in an open and supportive environment.
What is knowledge? Organisations need to know the different ways in which knowledge can flow in, out, and around their business.
A Simplistic View of Knowledge
- Knowledge can be implicit, which endures in the mind, or explicit, which is outwardly communicated (eg. In the policy
- Knowledge can either be declarative, focused on knowledge that can be articulated, or procedural/tacit, learned through the experience of doing or observing.
How Does Knowledge Relate to a Cybersecurity Awareness Culture?
For an awareness culture to succeed, knowledge needs to be actively shared. It is not enough to deliver an annual awareness training course and assume your organisation is ‘aware’ continuously.
For knowledge sharing to be successful it requires two trading actions, the donation of information to others and the harvesting of required information others may possess.
Knowledge sharing is therefore not about the creation of subject matter experts but about providing all employees with an equal voice helping evolve universal wisdom.
The sharing of knowledge held in the mind of your employees should be encouraged through collaborative meetings and online portals. Staff should have a way to fill gaps in the knowledge of others. This reduces knowledge hoarding.
The knowledge held in security policy and awareness programmes needs to be easily digestible for it to be effectively shared. It also needs to be continually optimised and updated.
Declarative knowledge can be articulated through awareness training. A knowledge-sharing culture should also encourage sharing new learnings with others who may have not had the chance to receive training.
This needs to be learned through experience and observation. If employees cannot practice knowledge learned in training or observe it in others – if working from home for example – more complex tasks will not easily form into a habit.
Share. Listen. Show. Observe.
Keep staff motivated to continually share knowledge with each other. Where knowledge is explicitly held, it needs to be regularly reviewed. If it can be articulated, it should be encouraged. Where it can only be learned through observation or experience, opportunities must be provided for employees to build more complex knowledge.
There are many potential barriers to knowledge sharing, including competition amongst employees (eg. promotions or bonuses). Employees can also be unaware of the valuable knowledge they possess and the deficiencies in the knowledge they need to fill.
Organisations should provide the tools and opportunities required to motivate knowledge sharing and make it easy for it to flow naturally through their business. This is key to achieving a high level of cybersecurity awareness.
FUEL has partnered with leading cybersecurity company OutThink to include its award-winning human risk management platform as one of the software solutions it offers clients.
OutThink received the highest possible score from ratings body Gartner Peer Insights, as well as a Seal of Excellence award from the European Innovation Council.
To find out how the OutThink Cybersecurity Human Risk Management platform can raise awareness, drive more secure behaviours, and increase motivation across your organisation please get in touch with us at email@example.com.