22 JUNE/JULY 2018 www.vanguardcanada.com
W
hen organizations con-
sider cyber security, they
usually focus most of
their attention on tech-
nology, partly because
that is what the market pushes them to-
wards. In my view, however, 50 per cent of
cyber security is cultural, 30 percent pro-
cess and just 20 per cent technology.
Cyber security is an arms race, and the
boards of all organizations need to take
it seriously. Frankly, if it isn't one of the
key items on a board's risk register, that
board is asleep at the wheel. But many of
the right responses on culture and process
are neither new, nor are they particular to
cyber security.
On culture, the insider threat has long
been a problem for organizational secu-
rity. British government posters during the
Second World War reminded citizens that
"Careless talk costs lives", with one 1940
Ministry of Information poster also hav-
ing someone telling a friend "Don't forget
that walls have ears!" in front of wallpaper
patterned with Adolf Hitler's face.
But 'careless talk' is now something that
millions of people indulge in, assuming
that they can share everything through so-
cial media. While some may be put off by
recent coverage of how their data is used,
many people are in the habit of sharing
their personal and professional lives online
by default.
To help tackle this, organizations need
education – not just about cyber threats
such as phishing, but more broadly about
how you treat any form of information
sharing or access. It might not matter if
an employee posts a picture of themselves
online, but it might matter very much if it
includes a screen showing sensitive infor-
mation or a sticky note with a password.
Educating people on this is not just about
cyber security but how you treat any form
of information sharing or access.
Security professionals should
consider culture too
The onus is also on security professionals
to consider how employees actually behave
rather than how they believe they should.
According to the UK's National Cyber
Security Centre (NCSC), British citizens
WAllS hAvE EARS
Why culture and process matter
in improVing cyber security
Cyber seCUrity
bY MIKE SToNE
