Crafting a Culture of Applied Security
In the sensationalized world bordering the novelties of a cyberpunk dystopia, we rarely reach a point in our day where considerations for cybersecurity are standard fare. Often, our convictions to the convenient remain a constant as we sacrifice a lot of safety for a little bit of freedom. Companies and business leaders are scrambling to find the answer to this; a silver bullet, waiting to be deployed against the boogeymen lurking across the web.
We at Forest Park believe that silver bullet to be none other than culture.
What is the current state of cybersecurity in the business world?
Everything that cybersecurity professionals are working towards has presented a grim outlook. Based on the statistical trends for 2021 alone
· 95% of breaches were caused by human error.
· 88% of organizations experienced spear phishing attempts.
· At an average rate, only 5% of companies’ folders are adequately protected.
· Data breaches exposed more than 36 billion records.
· 86% of breaches were financially motivated, while 10% were motivated by espionage.
These trends are unsettling, but circle back and read that first bullet again: if you correct the culture, you drastically reduce the epidemic of black hat bandits in cyberspace.
As it stands, the information security business will shoot to a $170.4 billion valuation in 2022. That is less than a year away, and it partners with the fact that 40% of businesses have labeled cybersecurity as a “top priority” for their corporate strategy moving forward.
A war for information dominance is being waged behind the scenes; the potential for corporate espionage, geopolitical crossfire, and the loss of billions would strike fear into the heart of any business leader. Billions of that same money will likely be spent finding the newest security architectures, paying folks to monitor SIEMs in state-of-the-art security operations centers. That alone, however, is not enough.
Can culture act as a catalyst for profit?
Often, doomsayer is a separate hat that every cybersecurity afficionado always carries with them. Thriving on the chaotic nature that belies the Information Age, it is a stone’s toss to discover the next salesman promising next generation security infrastructure.
The worst-case scenario to find oneself in is to mitigate all these issues at an expensive, technical level and still be on the losing end of a major attack. The average cost of a data breach is $3.86 million, after all. So, let us review:
· $3.86 million per breach
· 95% of breaches were caused by human error
· The information security industry is increasing valuation by 10–15% on average every single year.
With those numbers painting a stark picture of the inefficiency of technical controls in combatting cybercrime, we see the real value of instilling culture at the frontier of your business: the employee. Not every business has the resources of a Google or an Apple; these technological terrors can afford to spend big on personnel, systems, and user training. For the average business in America, however, we must start with the fundamentals.
Our 4 Pillars of Cyber Culture
Here at Forest Park, we wanted to create a foundational juggernaut to withstand the greatest threat to any information system: the end user.
The first drop on the totem pole of positive security posture should always be policy. We made it our mission to create methodologies and organizational baselines on password requirements, the principle of least privilege, and where people’s line of fire should be, as we call it in the Army. After all, it makes little sense to have folks from HR interfacing with sensitive infrastructure as it pertains to IT. Adequate compartmentalization is a key asset of business operations.
Next, we set about on a mission to develop interesting, engaging, and memorable awareness training for our employees, the bedrock of our company. Often enough, the disjointed engagement of a Zoom-fed PowerPoint presentation is enough to dissuade anyone from a positive approach to security. It was truly my belief that the human connection was missing from these avenues of approach.
We have since made it our mission to address and discuss policy and best practices in a COVID-cratic Method — sitting down with our people virtually doing the work on the front lines to make the product and vision a reality. As business leaders, executives should be an example of what right looks like, never an exception to the rule.
Third, and maybe most important of all, we had to create a metric and use our technical resources to monitor just how effective our security posture was. We invested in our work force, securing the best possible hardware and infrastructure to enable the production environments to continue making a world-class product, and equipping that infrastructure with strong, state-of-the-art endpoint security protocols.
Nothing beats the feeling of arriving at the culmination of your hard work: an open and transparent channel of communication where the people in your purview are coming to you and reporting what the known rights and wrongs of the security apparatus are. Force multipliers are a real boon to the operations lifecycle and our mission: to succeed and succeed again.
So, the next time you are surmounting that ever-present fear of your security posture, take it from us — look to the little guy first. You will be surprised just how much that culture will count to closing the cybercrime gap.
For more information about Forest Park and LoanOS, please refer to our website at forestparkgroup.com or reach out to us via email at firstname.lastname@example.org.