Cyber security must be ‘embedded into organisations’ culture’

Earlier this year, KPMG’s head of cyber security in the lower Gulf, Shadab Nawaz, criticised the region’s approach to cyber security, claiming that organisations’ processes need to be overhauled to account for the growing threat of cyber crime. Although many businesses are adopting smart technology and relying more than ever on the Internet, this hasn’t been matched by innovations to stay secure.

Nawaz says that to combat this, “cyber security needs to be embedded into the very culture of businesses, with strong commitment from the board”.

A culture problem?

In the context of cyber security, ‘culture’ generally refers to staff awareness – i.e. do employees follow information security best practices, and is there a concerted effort to make sure these standards are maintained?

A strong cyber security culture is essential, because employees are often responsible – either directly or indirectly – for data breaches. For example, they might accidentally disclose sensitive information, fall for a phishing scam, create a vulnerability by using a weak password or fail to spot suspicious activity.

Helping employees avoid these mistakes is relatively straightforward. You can enrol staff on information security training courses, send email reminders about information security, put up posters offering cyber security tips and offer rewards for employees who follow best practices.

But before going ahead with these, it’s important to remember that staff awareness only works if employees are being taught the right thing. Training is about showing staff how to execute the organisation’s policies and procedures. If it’s flawed, they will be following incorrect advice.

You can make sure information security is handled effectively across your whole organisation by following the requirements of ISO 27001. The Standard describes best practice for an ISMS (information security management system), which you can use to manage people, processes and technology.

Find out more about ISO 27001

Our ISO 27001 data sheet provides a comprehensive introduction to the Standard. Download this free guide to learn:

  • How ISO 27001 will help improve your organisation’s information security practices;
  • How the Standard works;
  • What you need to consider when implementing the Standard’s requirements;
  • The benefits of certifying to the Standard; and
  • How to overcome the challenges of ISO 27001 implementation.

Download our free ISO 27001 data sheet >>