In-depth

Cyber security: Security awareness can't be just a one off

Initiatives such as the US' National Cyber Security Awareness Month are all well and good, but day-to-day attitudes must change too

Inside the Enterprise: Over in the US, October is National Cyber Security Awareness Month. Run by the Department of Homeland Security, the initiative sets out to improve security online, both among individuals and businesses.

The US programme is both detailed and extensive, divided into five parts, including promoting online safety, secure application development, securing critical infrastructure, and cybersecurity for SMEs. In this last week of the programme, the DHS is looking at the issue of law enforcement and cyber security.

The aim of the programme is to raise awareness of security threats, and best practices for dealing with them.

Cyber security is adding one level of abstraction. In physical safety we feel it straight away... Safety measures behaviour and sets clear targets. They include the whole organisation, and use targets and activities to take them to that goal.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

And the DHS goes into some detail on how companies might do this, including cybersecurity poster competitions, mentioning cyber security at company events or in newsletters, and using social media. The idea is to focus attention on the risks that can arise online, and give companies, and individuals, some of the tools to reduce them.

But, as the DHS itself admits, creating awareness around security for one month is not enough. It has to be an on-going process.

In the UK, the government and various official and private bodies have also held awareness events, issued guidance, and provided courses and resources to help organisations become more secure.

Sometimes, IT managers can feel overwhelmed by the volume of help, advice and exhortation on offer. Ensuring information security is, after all, only one of the tasks that fall to a busy IT department.

There is an understandable temptation not to act, until there is a security breach or unless legislation or business-specific rules force a company to upgrade security. Then there is the question of cost: IT security budgets have continued to rise ahead of general IT spending. And yet, security on its own only rarely contributes to business growth.

Not all security measures cost money, however. Companies can and do improve security though user education, and often this is the most effective way of tackling a growing online threat.

Advertisement - Article continues below

But, according to Kai Roer, president of the Roer Group, and author of the Security Culture Framework, if an organisation is to rely on its people to improve security, this cannot be treated as a one off project.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020