By Silka Gonzalez, an EO South Florida member and CEO of Enterprise Risk Management, Inc.
Hackers and other adversaries still engage in the practice of finding the weakest link in the chain to break in to your organization. When your chain is made up of unpredictable humans, you have weak links all the time. How do you patch and strengthen the link and the whole chain? How does the chain stay strong in the face of new and evolving threats?
In the age of the continuous breach, security awareness and employee training is the single most important investment your organization can make. Unfortunately, it remains at the bottom of cybersecurity budgets across the world. Employees do not drive into work every day seeking to click on emails to create backdoors for malware. However, employees do bring a culture and perspective to cybersecurity that influences their behaviors.
Early attempts to strengthen the chain have focused on phishing solutions. These solutions have and remain important in a strategy to strengthen the chain. However, these solutions are not enough to address the complex culture that continues to create vulnerabilities in your environment. Phishing campaigns have become a Pavlovian approach to cybersecurity training. As new threats emerge, employees slip back into the same behaviors of clicking on bad links. In addition, a significant number of other threats are not even captured through phishing campaigns.
ERM has developed a full lifecycle approach to security awareness that engages employees to manage threats and be prepared for emerging issues. Our culture and acumen assessment leads the way to proactive and targeted training. We prepare employees for real-life threats. ERMProtect™ is our platform and approach to improve security of organizations, people and societies.
This article was originally published on the Enterprise Risk Management (ERM) blog. It has been reprinted here with the author’s permission.