The Chief Evangelist for KnowBe4 Inc., provider security training and simulation services, makes a useful point about the inadequacy of cybersecurity software in a company where employees do not have the culture to identify and avoid social engineering attacks.
He suggests several steps, starting with:
“1. Assess Your Cybersecurity Culture
Understand whether your employees value cybersecurity. Is there a common culture across departments or do individuals behave independently? Look at reflexes, patterns and behaviors, historical data sets, results from phishing simulation exercises, etc., to assess the security maturity of employees. Including third-party suppliers and partners in this equation can help make your assessment more robust.”
This reminds me of successful efforts to monitor and change safety culture, including in the airline industry.
Read the report here.