Strengthening Security Posture Through People-First Engagement

Regular, small doses of security education help combat the “forgetting curve,” a theory developed by Hermann Ebbinghaus that suggests people forget 75% of newly learned information within a couple of days. These statistics underscore a critical truth: the way people interact with and buy into the company’s security program has a massive impact on the organization’s vulnerability to breaches. Security is more than just a department tasked with preventing breaches and outages; it’s a core business function, as integral to an organization’s success as finance, revenue generation, or product development. Copyright © 2024 Information Security Buzz is brand owned by Bora Design SL a company registered in Spain with company number B42720136 whose registered office is in Alicante, Spain. Ultimately, security is a shared endeavor, and by building a culture of trust and positive reinforcement, you not only protect your business but also empower your team to protect themselves—both inside and outside the workplace. One of the biggest hurdles security teams face is their reputation as the “Department of No.” Interactions with the security department can often be negative: mandatory training, investigations, or requests denied due to potential risks. Most people don’t have a security expert on speed dial in their personal lives, so the awareness education they receive at work may be the only training they get. In larger organizations, the role of advocating for security often falls to executives like the Chief Information Security Officer (CISO) or Chief Information Officer (CIO). Instead, it involves making a conscious effort to explain the “why” behind security policies, seeking feedback on roadblocks, and showcasing wins as part of the normal business cadence. Teach teammates about current attack trends, and they should watch out for good security hygiene that applies not only to work devices but also to personal activities like social media usage. Shifting the perception of security from one of avoidance to one of reinforcement, safety, and reliable guidance can have a profound impact on an organization’s overall security posture. Treat this as an opportunity: instead of relying on click-through training modules to meet minimum insurance or compliance requirements, use security training as an opportunity to empower everyone with knowledge that benefits them both professionally and personally. This helps keep them safe from threats in their daily lives while also reinforcing organizational security by making them less susceptible to social engineering attacks. The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz. It might seem like self-promotion, but documenting the security team’s achievements—such as threats prevented, processes improved, and successful projects—goes a long way in keeping the value of security at the top of leadership’s mind. However, without intentional efforts to communicate successes and provide opportunities for positive interactions, the security team’s efforts go largely unnoticed—until something goes wrong. When people view security as a collaborative function rather than a reactive or punitive one, they are more likely to engage meaningfully with security initiatives. The impact of a security breach is often seen in the form of plummeting stock prices, loss of customer confidence, and a damaged brand image. Verizon Business’ 2024 Data Breach Investigation Report revealed that 68% of breaches included a non-malicious human element, such as people falling for phishing schemes, mishandling sensitive information, or getting duped by a social engineering attempt. Rewarding positive behaviors, like quickly reporting phishing attempts, can also help improve your security posture. Recognizing teammates for their contributions to security can encourage them to engage with the security team more proactively rather than reacting out of fear and avoidance. To put it simply, security is a critical factor in how a business is perceived, both by its customers and its own team. In reality, the security team works tirelessly behind the scenes to keep the organization safe. These leaders can champion the value, progress and needs of the security program at the top, ensuring that other executives and stakeholders are in the loop. Additionally, consider incorporating security tips into regular team meetings or all-hands updates. This collective effort helps create a stronger, safer organization where security is everyone’s responsibility. The ripple effects of a well-managed security program (or a poorly managed one) extend far beyond the IT department. It’s essential to shift the narrative around security so that it’s not just viewed as a quarterly budget line item or a source of bad news. This process fosters a perception of security as a roadblock to productivity. The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network. The key is to choose the right metrics that align with your security goals.

This Cyber News was published on informationsecuritybuzz.com. Publication date: Fri, 04 Oct 2024 05:43:05 +0000


Cyber News related to Strengthening Security Posture Through People-First Engagement

The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
1 month ago Cyberdefensemagazine.com
What is Security Posture? - Security posture is a term often mentioned in cybersecurity, with businesses often told to improve or maintain a robust security posture. With the onset of 2024, now is a better time than ever to take stock of your company's security posture and plan ...
10 months ago Securityboulevard.com
Strengthening Security Posture Through People-First Engagement - Regular, small doses of security education help combat the “forgetting curve,” a theory developed by Hermann Ebbinghaus that suggests people forget 75% of newly learned information within a couple of days. These statistics underscore a critical ...
1 month ago Informationsecuritybuzz.com
Legit Posture Score empowers security teams to measure and manage their AppSec posture - Help Net Security - This new feature further enhances the Legit ASPM platform, providing security and development teams with the ability to measure, compare, and improve their application security posture over time, ensuring their software factories and applications in ...
1 month ago Helpnetsecurity.com
Thousands of Young People Told Us Why the Kids Online Safety Act Will Be Harmful to Minors - How young people feel about the Kids Online Safety Act matters. These comments show that thoughtful young people are deeply concerned about the proposed law's fallout, and that many who would be affected think it will harm them, not help them. In ...
7 months ago Eff.org
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
9 months ago Darkreading.com
Why Automation and Consolidation are Key to Restoring Confidence in Cybersecurity - Our research shows that security leaders would need to find a 40% budget increase to restore confidence in their security posture. It's unsurprising that a lack of security skills and budget - both for training as well as general cybersecurity - are ...
10 months ago Securityboulevard.com
Defining Good: A Strategic Approach to API Risk Reduction - A good API security strategy starts with a well thought out API security posture governance program that spans from design to deployment. That standard, if communicated and enforced effectively, will not only positively affect how a developer designs ...
9 months ago Securityboulevard.com
Embracing Security as Code - Everything is smooth until it isn't because we traditionally tend to handle the security stuff at the end of the development lifecycle, which adds cost and time to fix those discovered security issues and causes delays. Over the years, software ...
10 months ago Feeds.dzone.com
Be one of those people that gives back to the community - During the On Air recording, I noticed that Nicole had great camera presence and was able to articulate, what most people would consider, complex topics in a language that really anyone would understand. At some point I decided to make a career ...
10 months ago Feedpress.me
Normalizing Security Culture: Stay Ready - While it may seem like self-promotion or extraneous work, it’s extremely valuable to take the extra time to summarize threats stopped, processes improved, projects completed and team members modeling strong security behavior. Most people don't ...
1 month ago Darkreading.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
9 months ago Cybersecuritynews.com
How Healthcare Organizations can use ASPM to Fill CSPM Coverage Gaps and Save Money - In recent years, healthcare organizations have increasingly moved their healthcare information systems applications and infrastructure to the cloud to take advantage of its scalability, flexibility and cost-effectiveness. To mitigate these risks, ...
9 months ago Securityboulevard.com
CISOs See Software Supply Chain Security As Bigger Blind Spot Than GenAI: Cycode - PRESS RELEASE. SAN FRANCISCO, Dec. 06, 2023 - Cycode, the leader in Application Security Posture Management, today announced the inaugural State of ASPM 2024 report, the industry's first. The research found that AppSec chaos reigns, with 78% of CISOs ...
11 months ago Darkreading.com
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
11 months ago Microsoft.com
​​Strengthening identity protection in the face of highly sophisticated attacks​​ - We continuously work to improve the built-in security of our products and platforms. It's a multi-year commitment to advance the way we design, build, test, and operate our technology to ensure we deliver solutions that meet the highest possible ...
10 months ago Techcommunity.microsoft.com
Five business use cases for evaluating Azure Virtual WAN security solutions - To help organizations who are evaluating security solutions to protect their Virtual WAN deployments, this article considers five business use cases and explains how Check Point enhances and complements Azure security with its best-of-breed, ...
6 months ago Blog.checkpoint.com
Modern DevSecOps - DevSecOps - a fusion of development, security, and operations - emerged as a response to the challenges of traditional software development methodologies, particularly the siloed nature of development and security teams. DevSecOps aims to break down ...
10 months ago Feeds.dzone.com
Cofense enhances PhishMe to identify engagement and resilience gaps across all employee levels - Cofense unveiled new enhancements to its PhishMe Employee Security Awareness Training Platform. Employee Engagement Index, is set to transform how organizations manage email security risks. The introduction of the Employee Engagement Index transforms ...
4 months ago Helpnetsecurity.com
Understanding the 2024 Cloud Security Landscape - As we swiftly move towards the second quarter of 2024, predictions by cloud security reports highlight the challenges of cloud adoption in the cloud security landscape. This growing reliance on cloud infrastructure raises the critical issue of ...
7 months ago Feeds.dzone.com
KubeCon 2023: Not Your Father's Tenable - Look, full disclosure, I've been working with Tenable for 20 since I think Ron Gula and Renaud started Tenable. Alan Shimel: That'd be around 2001, maybe, I'm going to guess because that's when I had started my security company. We get a lot of ...
10 months ago Securityboulevard.com
Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report - We're thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. A notable achievement is being recognized as one of the few non-gateway-first ...
11 months ago Imperva.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
8 months ago Esecurityplanet.com
IaaS Security: Top 8 Issues & Prevention Best Practices - Understanding the risks, advantages, and best practices connected with IaaS security is becoming increasingly important as enterprises shift their infrastructure to the cloud. By exploring the top eight issues and preventative measures, as well as ...
10 months ago Esecurityplanet.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)