Cyberattacks continue to pose significant and increasing threats to Australian businesses with six key areas of weakness in a cybersecurity culture.
Recent research from PwC shows that more than 60 per cent of Australian business leaders believe cyberattacks on cloud services providers, disruptionware attacks on critical systems, and ransomware attacks are likely to occur in the next 12 months.1 While this data demonstrates that Australian business leaders are aware of the growing threat to their operations, it also highlights the need for increased measures to protect businesses from threats. This includes using education and training more effectively to develop a cybersmart culture.
It’s crucial that Australian organisations invest time and resources into developing a strong cybersecurity posture to best defend their assets against threats. People are a fundamental layer of defence, so organisations must ensure ongoing education and promote good cybersecurity hygiene to foster a cybersmart culture. Failing to do this exposes companies to vulnerabilities.
Martin Holzworth, Head of Cyber Security, Fujitsu Australia and New Zealand
Six areas of weakness in a cybersecurity culture
Fujitsu has identified the following six key areas that create weak points in a cybersecurity culture:
- Security isn’t owned by business leaders, with CISOs and the IT team considered solely responsible for defending the organisation.
- Security is buried in IT strategy and poorly communicated, leading to a lack of accountability across the board.
- Cybersecurity plans aren’t shared widely with business leaders, leading to siloed approaches that fail to adequately protect the business.
- Training is inconsistent and piecemeal, so employees don’t understand their cybersecurity responsibilities.
- There is a lack of effective communication regarding the threat landscape and the organisation’s planned response to evolving threats.
- A blame culture creates weakness in cybersecurity defences.
Building a cybersmart culture
Organisations can mitigate these challenges to create a successful cybersmart culture. Here’s how:
1. Reframe the cybersecurity strategy
The first step is to reframe and refocus the cybersecurity strategy so that it is owned by every employee and not shouldered by CISOs alone
Humans have the potential to be an organisation’s strongest asset in a security strategy. Adopting a people-first approach towards cybersecurity is the most effective way to build a cybersmart culture, particularly with a remote based workforce. This involves executive teams supporting CISOs with implementing and clearly communicating the organisation’s cybersecurity processes with broader teams. It also involves all managers providing support to their teams to ensure best practice security processes
2. Facilitate open communication about your security strategy
Facilitating more open communication between business leaders and the security team about cybersecurity best practice, and filtering this down through the company, is critical to an effective cybersecurity strategy. When business leaders encourage more transparent and ongoing communication about the organisation’s cybersecurity strategy, employees can better understand and implement good cybersecurity hygiene, leading to a cybersmart culture. The first step is ownership by the Board and CEO, then the Executive Leadership and then the down the line to every employee. The leadership need to own and understand the cyber strategy and how it underpins the organisational mission.
3. Ongoing training to educate your employees
Key to success is investing in an ongoing education program that is engaging for employees instead of purely training modules as part of compliance training. Shift from a compliance/training approach to ongoing education. A “one-size-fits all” approach to annual training is ineffective. By adopting regular conversations in the business around cyber security, supplemented by training modules, you will see greater acceptance of cyber practices within our business.
Ensuring employees feel supported and encouraged to implement the strategy, and feel confident to report a cyberbreach, is essential to building a cybersmart culture. If an employee feels uncomfortable about reporting an error of judgement that has caused a cyberbreach, this can significantly impact the organisation’s security posture.
Through continuous dialogue with employees regarding security best practice, IT and executive teams can weave the organisation’s cybersecurity strategy into the daily lives of all employees, making it the responsibility of everyone in the organisation.
While previous efforts to develop a cybersmart culture in the workplace may have failed, there are simple steps organisations can take to change this outcome. Often, seeking an expert cybersecurity partner can help organisations and their employees overcome hurdles to developing a cybersmart culture.
Martin Holzworth, Head of Cyber Security, Fujitsu Australia and New Zealand
Fujitsu has more than 40 years of experience working with public and private sector organisations to develop and implement a cybersmart culture based on best-of-breed security technologies. Fujitsu’s professional security services have helped many clients with educating and empowering employees to ensure the online security of organisational data and assets.
To learn more about how you can build a cybersmart culture, download our report here.
