Cultivating a cyber mindset

Cyber attacks are nothing new, with the first cyber attack reportedly taking place in 1988 — a year before the world wide web debuted. And so, for as long as organisations have used the internet, whether it be for emails or websites, they’ve always been susceptible to a cyber attack.

However, cyber attacks have only started to come to the forefront of people’s minds because of the flurry of attacks we saw in the second half of 2022, particularly given the high-profile nature of some.

With cybersecurity so dominant in the headlines, Minister for Cyber Security Clare O’Neil was prompted to take action and set a target for Australia to be the most cyber-secure nation by 2030 — a very ambitious goal given our current standing, but one I applaud her for. As a nation, we must seek to do better and set ambitious targets for ourselves.

In order to achieve Minister O’Neil’s target and defend against the wave of attacks we as a nation are facing, we must become a nation of cyber-resilient organisations. And this requires businesses to have a culture centred around cybersecurity.

Developing a cyber culture

Decisions that affect or change the overall makeup of an organisation are typically made at the top of the organisation and filtered down; for example, a new hybrid-work policy. However, a change in culture (such as a shift to be more cyber-focused) is only effective when supported from the ground up through collaboration, open dialogue and continual learning. This approach fosters a truly people-first environment, acknowledging behaviour and process as the key to shaping a cyber culture, not just the technology.

As such, there are four factors needed to cultivate a cyber culture within an organisation:

1. It’s everyone’s responsibility. Building a culture, particularly a cyber culture, is everyone’s responsibility and cannot be left to just one or two individuals. If one person doesn’t buy into the culture, it has the potential to bring it all down.
2. Functions need to be implemented. To build any culture, it’s important to implement certain steps that foster the desired outcome — it’s not enough to state it will be the culture moving forward, there needs to be a designated effort to empower it.
3. Resources are needed. Shifting cultures means a total shift of mindset and this requires investment. Whether it be in the form of an internal comms campaign or a training program that drives knowledge and awareness, your people need to have the resources to be a part of the culture.
4. Positive influence. At the end of the day, culture is developed by a group of humans, who each have their own values. It’s important the culture is aligned with the collective’s values, which in this case centres around protecting people’s privacy and sensitive information.

Shifting from humans as the problem, to design as the solution

In the realms of cybersecurity, humans are often looked at as the issue given many cyber attacks stem from an individual clicking a spam link or opening a malicious attachment. And while this is true, it’s often because they haven’t been trained or educated on how to spot a suspicious engagement.

This entire mindset of ‘humans as the problem’ needs to shift to see ‘design as the solution’, where a holistic end-to-end view of value streams is assessed and the right treatment patterns apply to technology, people and processes. This can be achieved through regular education programs and the application of best practices horizontally, not just vertically.

Cybercriminals wreaked havoc in the closing months of 2022, so there must be a shift from organisations to defend themselves. While technology will always have a role to play when it comes to cybersecurity, it must not be the only defence. Organisations’ people are one of their greatest assets and have a valuable contribution to make in their cyber defences, but this can only occur if there is a concerted effort to develop a cyber culture, from the bottom up.

Image credit: iStock.com/iambuff