Encouraging a security-first mindset
Security has to be seen from a business perspective as well as a technical one
A cyber incident can be catastrophic for any company, and all firms would be well-advised to adopt a watertight security approach to security practices.
Despite this, the UK government’s Cyber security breaches survey 2023 found that UK cyber hygiene has declined since 2021, with the use of password policies falling from 79% to 70% and network firewalls from 75% to 67% across the period.
Despite this, the UK government’s Cyber security breaches survey 2023 found that UK cyber hygiene has declined since 2021, with the use of password policies falling from 79% to 70% and network firewalls from 75% to 67% across the period.
In this episode, Rory is joined by Steve Furnell, IEEE senior member and professor of cybersecurity at the University of Nottingham to discuss how IT leaders can drive a cultural shift within their organizations to put security at the forefront of decision-making.
Highlights
“People are choosing less than strong passwords, we could say. But where do they get the support to understand what good looks like? Being given the device choose a strong password is only any use if you know what a strong password is and how to differentiate it from a weak one. ”
“I think the divergence, particularly between the large organizations and the smaller ones, is an issue of awareness and recognition of cybersecurity as a thing that matters or ought to matter to them.”
“If we're thinking about the security team, the CISO or whoever's going in and representing security, they need to be mindful of communicating it in a way that the board, the executive team, the C-suite will understand.”
Footnotes
- What is DevSecOps and why is it important?
- Five things to consider before choosing an MFA solution
- What is two-factor authentication?
- The sooner the FIDO Alliance can shut down passwords, the better
- The top 12 password-cracking techniques used by hackers
- Revealed: The top 200 most common passwords of 2022
- NCSC expands incident response scheme to support smaller at-risk organizations
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Google Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Subscribe to IT Pro 20/20
-
Developers urged to remain vigilant amid continued Miasma malware risksNews The Miasma malware package uses legitimate OIDC tokens, making it indistinguishable from routine code updates
-
Euro-Office ‘sovereignty’ claims questioned in scathing open letter by LibreOffice maintainersNews The developers behind LibreOffice have questioned Euro-Office’s sovereignty credentials and use of a Microsoft-based document format
-
Why cyber resilience is business criticalSponsored Podcast Leaders need to focus on resilience over prevention, in collaboration with a trusted partner
-
The race to become quantum-safeITPro Podcast Efforts to run AI in trusted regions can clash with access to frontier model updates, business scalability
-
March rundown: RSAC warnings and Arm's AGI CPUITPro Podcast AI agents are complicating the jobs of cyber professionals, with broken permissions and a lack of oversight posing major risks
-
SPECIAL EDITION: How AI is changing educationSponsored Podcast With the right support and communication, educational organizations can use AI to empower teachers and students alike
-
Tomorrow's fraud techniquesITPro Podcast Leaders need to proactive as attackers launch more consistent, sophisticated attacks
-
Redefining risk managementSponsored Podcast With a Risk Operations Center (ROC), leaders can proactively crack down on cyber risks instead of simply reacting to them
