- September 13, 2018
We’re constantly learning at Circadence. Learning what’s new and effective in cyber training. Understanding what our customers need and want in a cyber training platform. Discovering the issues that still keep them up at night. Learning how to improve our products to meet demands of a dynamic industry. What continues to emerge in our research are three pieces of advice (below) that direct CISOs to a place where they’re confident in their level of cyber awareness, which allows for better collaboration with their team and business stakeholders, and creates stronger protection for their organization against evolving cyber threats.
CISOs know the first step in having better cyber awareness requires an understanding of how to measure security. There is a need for the ability to assess the current state of cybersecurity in the organization. Now, this may not include a need to “assess” their current staffing quantity (especially if it’s just plain lean). However, they can assess other things that keep them up at night. Things like unpatched systems, outdated applications, BYOD security and IoT threats, etc. Or they can look at current access controls to see who’s using what and when and how. They can assess past breaches (if applicable) to understand what happened and how it was resolved. Or assess how digital and physical security policies are being followed by taking informational polls or facilitating interviews with authorized personnel. All of these things will help CISOs understand the basic warning signs and best practices for keeping the company safe.
Your infosecurity vision, mission, and goals should align with the company’s overall business objectives. The goal is to support the business, not stand separate from it. Currently, CISOs spend most of their time responding to threats instead of taking a “big picture” view of their department. As a result, it becomes difficult to collaborate with business leaders to define and assess their level of cyber awareness. Not to mention report and communicate the overall effectiveness of the strategy. This lack of visibility to the C-Suite stifles the perception of organizational risk and security. To expand perceptions, CISOs can begin aligning with the C-suite by providing 1) practical knowledge of the current threat environment, 2) demonstrating how their cybersecurity strategy reflects business objectives and 3) working with stakeholders to build out a data risk dashboard that reports on progress.
Active or adaptive learning is when individuals learn by doing. Research shows it helps learners be more engaged, empowered, excited, and shows they possess deep, conceptual understandings of topics learned. Active learning may involve collaborating with teams and applying concepts to real-world exercises/scenarios, which studies show improve retention rates by 75%, compared to 5% through traditional learning methods. As a result, organizations are finding ways to use active learning to cultivate a successful workforce. In fact, the Association for Talent Development’s “Personalized and Adaptive Learning” whitepaper reported that 83% of its respondents used some degree of personalized learning among their staff. In particular, cyber pros have begun implementing this method in the form of gamified cybersecurity training.
CYBER AWARENESS CONTINUED
These three action-items are just the tip of the cyber awareness iceberg, but, when faced with a challenge, the hardest part is getting started.
We hope our research saves you time in identifying strategic next steps so you can focus on finding the right tools and technology to help you create a culture of cyber awareness that thrives in the face of evolving threats.