The experts agree that developing and maintaining a healthy security culture within an organization is an ongoing effort. NTT-CISO Glass believes that implementing awareness campaigns is one way to combat toxic security cultures. She emphasizes the importance of a solid awareness initiative that educates employees on the purpose and importance of stricter security measures, fostering a sense of shared responsibility for company security.
According to SANS Chief Researcher Lee, continuous education and fostering a common understanding of how security impacts the entire organization are crucial. By empowering employees and involving them as active participants in security matters, companies can build a resilient culture that evolves alongside the threat landscape.
To prevent the emergence of a toxic security culture, Glass recommends implementing organizational security controls that are effective and transparent. She suggests adopting a well-thought-out Zero-Trust strategy, incorporating features like Single Sign-on for all applications and user-friendly authentication tokens to reduce friction in daily security interactions.
Overall, experts stress the importance of ongoing efforts to detoxify and develop a healthy security culture within organizations. By educating employees, empowering them to play an active role in security, and implementing effective security controls, companies can build a culture that adapts to evolving threats and fosters a strong sense of collective responsibility for security. The key takeaway is that developing a healthy security culture is not a one-time task but a continuous process that requires commitment and effort from all levels of the organization.