In the realm of cybersecurity, information sharing is deemed as a pivotal element in fostering a robust security culture within organizations. A recent report from KnowBe4, entitled “Cybersecurity Information Sharing as an Element of Sustainable Security Cultures,” sheds light on the significance of actively encouraging and facilitating information sharing to mitigate human risk in the digital landscape.
Authored by Dr. Martin Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, a Lecturer in Cybersecurity at King’s College London, the report delves into the dynamics of how individuals consume and distribute cybersecurity information. It also delves into the role of workplace training in nurturing a culture of information sharing among colleagues.
While the importance of cybersecurity awareness training is a well-known discourse, the report posits that mere awareness is insufficient. It cites the saying, “just because I’m aware does not mean I care,” highlighting the need for active engagement with cybersecurity knowledge, sharing it with others, and embedding best practices into daily routines to effectively reduce human risk.
According to the report, proactive behaviors such as discussing threats, reporting suspicious activities, and aiding peers in understanding cybersecurity risks are pivotal in fortifying a robust security culture. These behaviors not only enhance organizational security but also extend to employees’ personal lives.
Dr. Kraemer emphasized that successful security awareness programs recognize the value of engaged employees who are more inclined to share vital insights with their peers, thus fortifying the workplace security culture.
The report’s findings indicate that a significant portion of individuals across the US, UK, Germany, and France have engaged with security content, with many having received cybersecurity information from various sources. Data breaches, phishing, and hacking incidents emerged as the top topics shared, reflecting the prevalent cyber threats.
Furthermore, the report reveals that individuals predominantly share cybersecurity information to safeguard themselves and others. Recipients of cybersecurity news from colleagues and friends generally perceive the intent behind the sharing as a genuine effort to enhance online safety.
A notable disparity in the adoption of cybersecurity awareness training globally was highlighted in the report. While 57% of respondents reported receiving such training, the rates varied significantly across nations, with the UK recording a high rate of 73% and France a lower rate of 38%. The discrepancies extended to the type of content employees retained, with variations in recall rates for different threats.
Moreover, the report pointed out that workplace training alone may not suffice to motivate employees to share cybersecurity information effectively. There were preferences observed in sharing certain types of information over others, indicating potential gaps in training provision.
To address these challenges, KnowBe4 suggests removing barriers to cybersecurity information sharing and designing engaging and easily shareable training content applicable both at work and in personal settings. The report also advocates for tailoring cybersecurity messaging to accommodate cultural and individual differences in consuming and sharing content.
In essence, the report underscores the crucial role of information sharing in bolstering defenses against cyber threats. Organizations are urged to embrace this reality and formulate security programs that not only educate but also inspire a proactive approach to cybersecurity, thereby fostering a culture of shared responsibility and vigilance.