Establishing a good cybersecurity culture and the trends to look out for

Written by
Kamba Abudu
Published on
30/11/2022
Share this post
Other posts by:
Kamba Abudu
Head of Engineering
4
Min read
30/9/2024
5 advantages of our platform’s product data model
Explaining how our platform structures your product data.
5
Min read
29/8/2024
How to automate purchase orders in our platform
Introducing the purchase order automation capabilities that our platform offers.

I visited Land Rover Experience for Thrive & Fortinet’s Cybersecurity Briefing last Thursday, and I thought it would be useful to take you through some of my key takeaways from the event.

What is the cybersecurity culture of your business?

Cybersecurity culture is defined as a business’s knowledge of and attitude towards cybersecurity.

Naturally, this is something that will differ dramatically from business to business. Culture is often determined by the industry the business operates within. For example, with our eCommerce and retail work, the handling of customer personally identifiable information demands that a high value be placed on cybersecurity.

It was highlighted that the biggest challenge in cybersecurity is one of apathy; many businesses do not believe that an attack will happen to them, leading to a passive culture, one of indifference.

The Ponemon Institute surveyed hundreds of IT security professionals, revealing that employee negligence is the leading cause of data loss incidents (40%). So it’s critical that an aware and engaging cybersecurity culture is instilled in all businesses, particularly those that use IT to operate.

Establishing a strong cybersecurity culture through people, process and technology

People

One in three employees say they do not understand the importance of cybersecurity, so the change needs to start with the workforce.

How does a business ensure that its people are aware of:

  • Different online threats relevant to their field of work
  • The critical nature of cybersecurity relative to their success
  • The processes to report on and combat online threats

Process

Does the business have clear, well-documented processes for:

  • Identifying online threats
  • Documenting and elevating online threats
  • Combatting online threats
  • Reviewing and learning from online threats
  • Sharing knowledge across the business

Technology

Is the business investing in the right tools and technology to equip its people with everything they need to combat online threats?

cybersecurity culture and trends

Monitoring cybersecurity performance through trackable metrics

With the growth in the rate of feature development in ever-evolving software platforms, businesses need a corresponding increase in security enhancements.

Regular auditing of their cybersecurity setup should be a process. Cybersecurity metrics provide business-as-usual data for businesses to decide whether they need to enhance their security.

These include, but are not limited to:

  • Security incidents
  • Intrusion attempts
  • Unidentified devices
  • Uptime and downtime

Mean-time metrics

These metrics focus on the time it takes to measure certain aspects pertaining to an online threat.

Mean-time-to-Detect (MTTD)

The time it takes a cybersecurity team to detect a threat or data breach.

Mean Time to Resolve (MTTR)

The time it takes to respond to an online threat.

Mean Time to Contain (MTTC)

The time it takes to close an identified attack vector across all your endpoints.

Mean Time Between Failures (MTBF)

The amount of time between two failures of a system or product.

Mean Time to Acknowledge (MTTA)

The time a business takes to acknowledge an incident and begin working on resolving it.

Mean Time to Recovery (MTTR)

The time a business takes to recover after a product or system failure.       

Trends in cybersecurity as we go into 2023

There was also some insightful information given on the trends in cybersecurity, which I will give an overview of below.

Malware-as-a-service (MaaS)

This refers to the illegal lease of software and hardware for carrying out cyber attacks. Owners of MaaS servers provide paid access to a botnet that distributes malware.

Bug Bounty for Ransomware

Ransomware groups issue bug bounties, which are rewards to any person who identifies an error or vulnerability in a computer program or system. In turn, this helps ransomware groups to improve the quality of their product.

Artificial Intelligence (AI)

Despite it being a buzzword on everyone’s radar for what seems like an eternity now, we are still only scratching the surface of what AI technology can do. Certainly, AI will have a deep impact on the attack surface and sophistication of cybersecurity attacks, and automation of security management will need to leverage advanced AI to keep up.

Zero Trust Access

Access to systems should be as granular as possible, with people having the bare minimum they need to perform a task or activity, and the permissions should be revoked when no longer needed.

Final thoughts

To avoid an apathetic approach towards cybersecurity all staff need to be well informed on the threats faced, and the processes that are in place to combat them. Therefore, a strong cybersecurity culture is one that sees a business put its people at the heart of its policy and process.

Our recent posts

Keep up to date with the latest news and insight from the team at Venditan

6
Min read
1/10/2024
Managing advanced shipping rules at scale
Exploring how advanced shipping rules can help reduce headaches.
Michael Simcoe
Head of Technical Operations
4
Min read
30/9/2024
5 advantages of our platform’s product data model
Explaining how our platform structures your product data.
Kamba Abudu
Head of Engineering
5
Min read
29/9/2024
Effective eCommerce content strategies for today's customer
Techniques to improve your product, blog and general website content strategy.
Andrew Flynn
Head of Digital Marketing
3
Min read
28/9/2024
Get to know The Equine Warehouse
Discover the journey of The Equine Warehouse with insights from director Paul Ryan.
Venditan
Company
4
Min read
27/9/2024
Meet the team - John Coyne
John reflects on on the evolution of eCommerce, emerging trends, leadership, and Venditan's future.
Venditan
Company
4
Min read
29/8/2024
Get to know Asbury and Pell
Hear from Josh Gribby who shares insights into Asbury and Pell's journey and vision.
Venditan
Company