Cybersecurity Awareness Month: Championing a Culture of Security

Share this post:

IBM’s X-Force Command Center CTOC mobile unit.

October is Cybersecurity Awareness Month in many places around the world – so it is a great time to reinforce the importance of championing a culture of security, both inside IBM, and with our clients worldwide. Supporting smart habits in the workplace can go a long way in preventing cyber incidents that might lead to financial and reputational loss for corporations, governments and individuals alike.

The threat landscape is changing quickly, and organizations are ramping up efforts to thwart potential insider threats, bridge IT security gaps, manage shifting privacy regulations and prepare for recovery if they fall victim to an incident. No one is immune from a breach. Leaders at IBM and elsewhere are continually revisiting cybersecurity methods around the world to protect ourselves, our clients, and their end-users.

It Takes a Village

While most organizations deploy teams of security professionals to protect and secure their systems and data, it takes a village to help prevent cyber attacks. Security leaders can set the standard, but creating and maintaining a true culture of security means that cybersecurity is woven into every corner of the business.

As organizations invest in their technical controls – from continuous threat monitoring, to security vulnerability testing, to enhanced cybersecurity capabilities backed by AI and Machine Learning – educating and testing the workforce remains key to any security program’s success. After all, one quarter of all data breaches last year were caused by human error. One key area for education and testing is spotting phishing emails, which account for a very high percentage of security incidents. As part of our enablement program, IBM regularly tests employees with fake phishing links to help them identify real scams in the future.

Consider how your employees learn best and then invest in consumable, role-based education and situational awareness exercises. Rehearsing real-time responses to security incidents can be as simple as getting business and technical leaders in the same room to discuss plans and roles, or as comprehensive as using an immersive experience that simulates cyber incidents and responses. At IBM, for example, we have the Cyber Range X-Force Command Center that demonstrates the interdependencies between various business functions and security. The result is a strengthened muscle memory for better performance during an actual cybersecurity event.

An effective culture of security also involves regularly reminding employees about using strong passwords, offering online learning classes around corporate device and data management, and how to appropriately share sensitive or otherwise confidential information with third parties. Highlighting secure practices in employee communications related to newsworthy incidents or seasonal junctures (filing taxes, holidays, etc.) can also serve as good reminders and drive positive outcomes.

Thinking Bigger

Ensuring that everyone knows they have a role to play in cybersecurity will help make organizations more inherently resilient for the long-term. From the boardroom, to the back office, to operations, a well-rounded culture of security should provide employees in all roles, levels and locations with the proper knowledge and tools to contribute to cybersecurity. From there, organizations can move at the speed and scale they require, knowing that cybersecurity is built into every piece of the business.

Here at IBM Security, over 9,000 employees help design and deliver some of the most advanced and integrated enterprise security products and services in the industry. In October, and year-round, our teams recognize that cybersecurity is crucial to IBM’s mission as an organization, because trust and security are the bedrock that our clients count on.