In case you haven’t heard it enough, businesses need to be proactive when it comes to security! A single security breach can result in significant financial loss, damage to reputation, and even legal consequences. The term “security culture” has become a rallying cry to encourage companies to implement training and education for employees to help protect them from being breached. A robust security culture within a company can go a long way in preventing such incidents from happening by educating employees, implementing policies and procedures, and consistently enforcing them.
Elevate is a proud partner of Knowbe4 – the world’s largest integrated platform for security awareness training combined with simulated phishing attacks. Taking an approach not just of offering training, but addressing the root issue by changing behavior, they’ve established the Seven Core Dimensions of security culture. The dataset used to identify these patterns combines the measured behaviors of employees, as measured using the knowbe4 Kevin Mitnick Security Awareness Training (KMSAT) phishing assessment platform, and the measured security culture of the organizations of the same employees, as collected through their scientific Security Culture Survey.
By examining the behavior and security culture of 97,661 employees across 1,115 organizations, KnowBe4 has observed that the link exists between the level of security culture in an organization and the measure of secure behavior of its employees.
Ultimately their findings conclude that “organizations that invest in building and maintaining a security culture will drive significantly higher secure behaviors among their employees. In fact, there is a 52x difference
between the behaviors of credential sharing in the worst class (Poor) and the best class (Good). This
means the more focus given to security culture, the greater the likelihood that employees will follow
secure practices and adopt more secure behaviors.”
The classes are categorized according to the security culture score of organizations included in the
dataset on which the research is based:
Knowbe4 has concluded that improving one’s security culture directly translates into more secure employee behaviors and to the overall reduction of organizational risk. Despite the daunting ideas of investing in such programs, research shows a strong return on such an investment and guaranteed added value.
The following steps are encouraged for your organization to build upon:
• Risk Assessments—set-up periodic assessments, or better yet, continuous monitoring of your
organizations risks. Make sure that your risk assessment includes the human factors as measured
by security culture, knowledge and behavior of the organization and its employees.
• Use the 7 Dimensions—actively work on building a strong security culture using the seven
dimensions as a guideline for improvement.
• Train and measure through engagement and automation—partner with KnowBe4 to design and
automate the right awareness training program to fit your diverse audience, including engaging
content, attack simulations and unique communication tools.
• Communicate often—communicate often by partnering with other departments and connecting
their messages to overall security initiatives.
• Use the Champion Model—consider mobilizing a champion program across your organization
in order to have advocates in every department, region and country who can further translate
and embed the security message within your organization.
• Engage with your peers—the security landscape is always changing and it is difficult to keep
track of it all. Leverage your security community to learn from others, and to share your own
knowledge and experience
Visit their website at https://www.knowbe4.com/ to learn more about Knowbe4 and their extensive security training tools!