Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity News

The 'People' Part of Enterprise Cybersecurity Strategies

By Wesley Simpson
The 'People' Part of Enterprise Cybersecurity Strategies
Wesley Simpson
Wesley Simpson has more than 25 years of business experience including positions in IT, product management, policy and procedure development, budgeting, vendor negotiations and client development and relationships for Turner Broadcasting System, Delta Airlines, Bank of America and IBM and Fidelity Investments.
The 'People' Part of Enterprise Cybersecurity Strategies
Wesley Simpson
September 1, 2016

For many years, enterprise leaders have approached their network and systems defense strategies with a technology-centric focus: They approve of the acquisition of firewalls, anti-malware products and intrusion detection systems, and hire an IT team to oversee it all. Then, they conclude that they’re finished with the subject until they review progress/status in a year or so.

What they’re beginning to discover, however, is that these efforts – while serving a primary role within the strategy – aren’t enough. Cyber criminals are coming up with increasingly sophisticated and effective attack methods. As a result, organizations are “feeling the pain,” and the most recent annual Data Breach Investigations Report (DBIR) from Verizon has documented more than 100,000 incidents and 2,260 confirmed data breaches over the last year.

To respond to the heightened state of vulnerability, leaders must recognize that a fully realized cybersecurity strategy has to focus on a key internal asset – people and culture – as much as, if not more than, technology. CEOs and top executives (including the CIO, the CISO, etc.) should serve as evangelists for the ongoing education and training of the workforce, to institute a top-to-bottom awareness of best practices and prevention in the interest of network and data protection.

We can break down the human part of the equation into two distinct groups – internal users and cybersecurity team members.

 

The Users

With the rise of cloud computing, social media and Bring Your Own Device (BYOD, not to mention Bring Your Own App or BYOA), employees and other internal users are determining which devices and tech tools will support them at work. Unfortunately, due to a lack of awareness (as opposed to any ill-intent), they too often lapse into risky behaviors which hackers target. They share passwords indiscriminately. They leave laptops open in plain view at a coffee shop. They call up an industry-related forum, then click on links sent by potentially suspicious parties.

To reduce or even eliminate such incidents, senior executives need to stress the urgency for user training at all levels of their organizations, within all departments. Sessions should educate participants about appropriate email usage, the latest in social engineering attacks/phishing scams and additional best practices. Interactive methods work best here. You can’t sit staffers in front of an hour-long video and expect them to walk away with an actionable plan that they’ll take back to their desks. Give them something to see, touch and respond to, so they “learn by doing.” Then measure and report upon their progress.

Then, incorporate this training into the daily aspects of corporate life. Establish regular follow-up sessions, instead of a once-a-year, “check the boxes” tutorial, and urge everyone to “join the discussion” about cybersecurity, just as they routinely talk about business developments. When threat identification emerges as part of your culture, users are constantly examining whether their teams are moving the bar forward for complete awareness – and implementing corrective intervention if they’re not. When new employees join the department, veterans step up as mentors to pass along what they’ve found, and the students become the teachers.

In addition, we encourage business leaders to work with their communities to spread this message, especially at their local schools and colleges. High school students will take computer courses, for example, without any inclusion of cybersecurity within the curriculum. We shouldn’t wait until they enter “the real world” to learn about these topics.

 

Cybersecurity Teams

Similarly, cybersecurity team members must undergo constant training, not “one and done” annual sessions, as adversaries change their approaches swiftly. In the (ISC)² 2015 Global Information Security Workforce Study (GISWS) report, we found that 67 percent of information security professionals believed that certifications should be required for staff to build employee competence, and 52 percent said such training elevated their quality of work. Indeed, 58 percent cited security certifications and 45 percent listed continuing education as the top two major contributors to career success.

Let’s emphasize the word “continuing,” here. After all, IT teams are always applying new patches to address new threats. In this sense, we can consider training as a “people patching” initiative, one which merits reoccurring attention throughout the year through formal education, certification and/or training programs.

These efforts are critical because experts aren’t created in just one session. Team members need frequent exposure to the latest technology developments and adversarial tactics to sharpen their knowledge base. The bad guys’ “playbook” is always changing, which means the playbook for cybersecurity must change too. To accommodate individual preferences of team members, there should be a wide variety of teaching formats made available – whether on-site with a live instructor or online.

When you proactively promote an enterprise-wide awareness strategy for everyone – users and tech teams alike – you embed these concepts into every facet of your employees’ day-to-day functions. Data and systems protection no longer seems esoteric. It’s part of a core skillset – just like leadership development, communications and other “soft skills,” and “hard skills” like financial auditing, engineering and software coding.

In other words, it won’t be a “cybersecurity” thing anymore. It will be a business thing. And that’s why it will matter more to your people, for the long haul.

KEYWORDS: cyber security awareness cybersecurity strategies data protection security communications security education

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Wesley Simpson has more than 25 years of business experience including positions in IT, product management, policy and procedure development, budgeting, vendor negotiations and client development and relationships for Turner Broadcasting System, Delta Airlines, Bank of America and IBM and Fidelity Investments.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • older

    How Your Cybersecurity Staffing Can Survive the Baby Boomer Exodus

    See More
  • leader-to-leader

    Emerging technology, evolving threats — Part III: 5G and the new surfaces and strategies

    See More
  • data-center-freepik1170x658.jpg

    Storage: An essential part of a corporate cybersecurity strategy

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing