Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/1508203
www.vanguardcanada.com AUGUST/SEPTEMBER 2023 27 CY B E R S E C U R I TY T H E H U M A N S I D E O F Q You talk a lot about a "secure-aware culture." What does that mean? It's where we start talking about individu- al attitudes, perceptions and about cyber threats and cybersecurity practices, and how those three elements influence their behav- iors when it comes to cybersecurity. In an unaware culture, someone might say some- thing like "what's the harm of sharing my password with a colleague I trust?" Or they may think something like "cyber security isn't my problem because IT put technology in place." These speak to a bigger issue: a knowl- edge gap in understanding cybersecurity threats, how they work and how they can be stopped. And this gap is societal. How many parents talk to their kids about cybersecu- rity? How many students learn about cyber- security in school? How well does govern- ment really educate citizens? We know the answers, and the result is a workforce that lacks a security mindset. So, the responsibil- ity falls on organizations to start building security into the culture — and it's critical because security products by themselves can't guarantee security. Why? Because those products are implemented and used by hu- man beings, and no cybersecurity incident has ever occurred without a human attacker or threat actor involved. Q What would you say is one of the biggest challenges to building a security- aware culture? Well, the biggest challenge is setting the tone at the top with established policies and communicating the importance of them be- ing followed down through the organiza- tion, as if they're conditions of employment. We find organizations that build secu- rity awareness into their culture without addressing the top are more susceptible to challenges down the road because the stick approach ("we have this program in place, it's mandatory, go do the training") won't work. It's unmotivating and behaviour change is all about motivation. There's a first level of motivation which is about complet- ing the training. But the second level of mo- tivation is applying the learnings at the right moments. That's the most important part of cybersecurity. But neither will happen for a company that deploys training programs Companies have to remember that viruses don't compromise data. People do. P E R S P E C T I V E Sponsored Content TERRANOVA SECURITY BUILDS THE CYBERSECURITY INDUSTRY'S HIGHEST- QUALITY TRAINING CONTENT, AND THEY ORGANIZE THE ANNUAL GONE PHISHING TOURNAMENT TO HELP COM- PANIES BENCHMARK AND IMPROVE THEIR SECURITY. T H E O ZA F I RA KO S, CISO PROFESSIONAL SERVICES, FORTRA'S TERRANOVA SECURITY JOINED VANGUARD RADIO'S J. R I C H A R D J O N E S TO DISCUSS WHAT HE SEES AS THE OPTIMAL APPROACH TO ENSURING DATA SECURITY — AND IT HAS NOTHING TO DO WITH TECHNOLOGY. Theo Zafirakos CISO Professional Services, Fortra's Terranova Security