Are companies paying enough attention to cybersecurity culture among employees?

The advent of new technologies such as cloud computing, big data, artificial intelligence, and the Internet of Things have made today’s IT world a lot different than what it was a decade ago. As the technology has been evolving substantially, so have the cyber criminals, with attacks getting increasingly sophisticated. 

The pandemic’s role in pushing companies of all sizes and sectors toward adopting an always-online mode and cloud and other cyber technologies is accompanied by a whirlwind of scams and fraudulent activity hitting companies in 2020 and 2021 with cybercriminals targeting employees’ access to the organization’s systems. 

In this time of digital disruption and increased cyber threats, many companies are focusing their cybersecurity efforts on the technology component—to the detriment of the human factor. When data is compromised, often it’s tied to negligence or failure in the cybersecurity system within the company or from a third-party working with the company.

First line of defense: Employees 

It is imperative that companies focus on building and sustaining a culture of cybersecurity and cultivate it in the workplace for effective cyber risk management. This would entail moving beyond the typical strategy used in which most businesses simply allocate a certain portion of their IT budgets or revenue to security without considering their actual needs. The approach must include helping employees realize that the risk is real and that their actions can have an impact on increasing or reducing that risk. Companies’ cybersecurity blanket must also include third-parties and others on their IT architecture.

Effective cybersecurity necessitates a persistent effort that covers employee behavior, third-party risks, and numerous other potential vulnerabilities in addition to application security, penetration testing, and incident management.

Enterprises spend millions of dollars on hardware and software but may neglect the simple act of properly training their employees on security practices. Teaching employees to recognize threats, curb poor cyber behavior, and follow basic security habits can provide the best return on…