Creating a Cyber Security Culture

Cybersecurity touches all elements of business life so does not easily fall into a convenient silo. This is because in recent years we have seen a new level of interconnectedness of devices and systems and therefore to fully understand this, and how it impacts upon cybersecurity, we need to examine the problem from outside the traditional boundaries of departmental logic.

This is challenging for everyone as they are all keen to do what is required but often nobody fully understands what role they need to play. The question remains how then do we create a common purpose and outcome for all the players? The IT and technical players will want to apply technical solutions to the cybersecurity problem and in many ways they are right to do so. The managers may be examining a risk averse solution and strategy, whilst government wants assurances all is being done to protect the critical national infrastructure.

So then, what is the answer?

I have to remind myself of this simple fact. All businesses interact. The ecosystem of business IT systems are intertwined on many levels. Therefore to focus on a large business alone is like putting a steel door on the front of your house whilst leaving a window open at the back of the house. Any cybersecurity solution needs to encompass every business, large and small, to have any real chance of success. This is a challenging task and requires a step change in working practices where businesses who have different owners will have to work together.

I do not think this will come easily or naturally. I think we need to develop common goal and language that is global in its reach and understanding. Everyone everywhere should be singing from the same hymn sheet. We need to create a cybersecurity culture where cyber hygiene and good practice are second nature to everyone.

Simple cyber hygiene could avert many of the attacks and problems facing us today. Our understanding of how we operate in a cyber-environment in still very much in its infancy. In other areas of our life we have good hygiene practices. We wash our hands when leaving a washroom and cover our mouths when we sneeze. We need to develop similar cyber hygiene practices inside and outside of our workplaces.

My opinion

So my view is to start simply with good cyber hygiene practices. Get everyone in the business involved and start from the top and lead by example. We need simple messages on good cybersecurity practices that everyone at all levels of the organisation can understand and can adopt.

Once we have a good cybersecurity culture all departments in the businesses will understand each other’s needs in relation to cybersecurity so much more. Many of the hurdles we now face in relation to bringing parties together to solve cybersecurity problems will be easier to overcome. Creating a common goal with familiar language will go a long way to help foster a healthy cybersecurity culture and thus address many of the cybersecurity problems we face today.

About Dr John McCarthy

Dr John McCarthy PhD BSc (Hons) MBCS is a renowned authority on cyber security strategy, development and implementation and is an Airport Cyber Security Fellow for ServiceTec Global Services.

Dr McCarthy is frequently invited to sit on expert panels and appear as a speaker at well-known security events including International Airport Review’s own Airport Security and Airport IT events. Past appearances have included talks on ICT Security in the Modern Airport, Security in the Digital Age and SCADA threats in the Modern Airport. He has also been a member of International Airport Review’s Editorial Board since January 2014. 

Dr McCarthy is also a leading expert on social engineering awareness training and best practice.