Keeping safe in cyber space
Typical onboarding day for a professional in the corporate world,
- • Read tons of paper.
- • Sign tons of papers.
- • Attend Code of conduct, Business ethics, technology, and information security (infosec) training by trying hard to be mentally present.
When training comes up, especially after the lunch break, most of us sleepwalk through it as a check box exercise. A typical next-day scenario - You start your work and get a gift voucher from Amazon. You presume it is part of your welcome kit and click to claim it, but Alas! You are directed to a page that says you have failed the phishing test and need to undertake another 30 mins of phishing training- this time, you are more focused. Sounds familiar? It happens to most of us. The biggest underlying problem in any organization when it comes to infosec is the presumption that security responsibility starts and ends with the infosec team, which is like going to the gym and asking the gym instructor to work out on your behalf, expecting to be fit.
In reality, when a security incident hits an organization, the repercussion cascades to grass root level. Companies have run out of business with a single security incident, and some struggle for a long time to recover from it. So, it is imperative to bring that crucial paradigm shift in the perception of security being only the infosec's responsibility and business. Once that is established with everyone in the organization, the needle starts to move in the right direction because every person and all living things are natural when it comes to managing risk, which is the main ingredient that is baked into infosec. A simple example from nature – we think Lions are not good at maths, but they are excellent when it comes to risk assessment- when faced with 3 Hyenas it knows it can defeat them and mitigate the risk, but if it faces 4 hyenas, it knows it's best to retrieve and avoid the risk.
To conclude, we all, by default, take responsibility to protect our houses from any physical security risks and threats, and if we extend the same kind of responsibilities to infosec matters within our organizations, we can easily prevent and control major security incidents and data breaches, helping the organization to grow in a risk-aware environment.
Security is my business, and it should very well be yours too.