- Companies need to craft a more "horizontal" cybersecurity culture that is woven into every part of the business, said Anthony Grieco, senior director of Cisco's Security and Trust Organization, in an interview with CIO Dive.
- "So many of the things that are happening inside of businesses today, from a cybersecurity perspective, I believe that the root cause are happening because there are not enough awareness to cybersecurity issues across the entirety of the business," Grieco said.
- Part of that is making sure every employee is educated and becomes more aware of the part they play in cybersecurity. "Cybersecurity is really everyone's responsibility," Grieco said. "It can't be delegated to an IT security organization, that is not sufficient."
As an organization, Cisco has moved to make every employee conscious of their actions and how online behavior and careless habits can impact the business. In particular, the company has a program called "Phish Pond," where they actively phish their employee to help make them more vigilant. The emails look "very real," according to Grieco." "I may or may not have fallen victim to them myself."
The company also has a "Cisco Security Ninja" training program all employees must go through to learn the basics of cybersecurity and cyber hygiene. Depending on the level of maturity and how involved with cybersecurity their job is, employees go through white, green, brown or black "belt" programs.
Time and again, experts emphasize the importance of ensuring employees remain aware of their impacts on cybersecurity. Training and boosting employee awareness is one of the best ways for organizations to improve their security posture in addition to boosting network defenses.