Connect with us

Hi, what are you looking for?


Why we urgently need a security culture

The best way to protect companies? A security culture. But what is this?

A typical office desk. Image: Mattes / Wikimedia / Public Domain (CC0 1.0)
A typical office desk. Image: Mattes / Wikimedia / Public Domain (CC0 1.0)

As U.S. Cybersecurity Awareness Month has come to an end, it remains important to note that cybersecurity should always be a focal point, not just in the month of October.

This is not least because most countries are in the midst of a cyberwar. Here businesses from all industries — whether major universities, police departments, law firms, medical institutions or others – are being targeted by cyberattacks.

For example, enterprises continue to turn to security tools for their security needs, but oftentimes ignore one crucial element – their employees. Just this past year, the largest security breach was due to an employee creating the password “solarwinds123”.

An example of proactive action, the company Relativity has created a Security Guardians Program, which includes phishing trainings and other elements, to educate, empower and engage its employees to nurture a healthy security culture.

Amanda Fennell, Chief Security Officer (CSO) and Chief Information Officer (CIO) at Relativity, explained to Digital Journal why it is important to build a culture of security within an organization that brings the responsibility of security down to an individual contributor level.

According to Fennell, people are the strongest link in the security chain and it’s important to train them and equip them with the security tools they need to be successful. To support this, consistent education, training and good tech is vital to ensure that employees – and company – don’t fall victim to a phishing attack. Although phishing attacks can be quite simple in nature, the sheer scale on which phishing campaigns are executed makes it the #1 threat for employees

Moreover, Fennell  explains, building in a phishing training and simulation course into onboarding trainings for new employees and consistently test both new and old employees with monthly phishing simulations is necessary in order to strengthen and refine phishing awareness and reporting muscles.

Citing an example, Fennell  explains that following implementation of these tactics, Relativity saw a 40 percent drop in terms of employees taking incorrect actions and consistently see a sub 3 percent “hook-rate” on employees in its monthly phishing simulations.

It is Fennell’s view that to by adopting such measures enterprises can take necessary steps to strengthen their internal defense systems.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Social Media

Take the money out of posting this garbage on social media and it’ll stop.

Tech & Science

Webtoon Entertainment, the most popular digital comics hosting platform, has filed for an initial public offering (IPO) on the US Nasdaq stock.


These releases include a musical biopic; another kung fu lesson; a strange romance; a couple of cult classics.

Tech & Science

Microsoft announced the new AI-powered personal computers, which will use the company's software under the Copilot Plus brand.