Anyone who reads business books is familiar
with military analogies for many aspects of running an organization – from
strategic planning to operational efficiency. Leadership gurus encourage CEOs
to read Sun Tzu’s The Art
of War to learn strategy, as management
consultants cite the work of famous generals for tactical inspiration. And
speaking of generals, how many retired soldiers have penned books about
motivating your sales force to victory?
Some see wisdom in these parallels between
armies and businesses. Others find comparisons between the life-and-death
struggle of battle and the dollars-and-cents skirmishes for revenue off-base at
But a compelling case for war analogies can be
made when considering the current state of cybersecurity. Lives may not be at
risk, but livelihoods are. Consider this statistic from the IBM-sponsored “2018 Ponemon Cost of a Data Breach Study”: The global average cost of a data breach today is $3.86 million, with the average cost for each lost or
stolen record containing sensitive and confidential information floating around
$148. These numbers are enough to put many companies in the red, if not out of
Yes, the fight against digital opponents is creating
millions of cybersecurity jobs; however, companies of all shapes and sizes
across the full spectrum of industries are struggling to fill these positions with qualified technicians as fast as cyber crooks are inventing new malware.
Business security today truly can
be cast as a cyber siege in the digital realm.
That’s why we advocate so often in this blog
that businesses of all kinds seek help from IT Managed Services Providers (MSPs) skilled in the arts of
cyber combat. But we also recognize that defending your company’s figurative
battlements takes more than a cyber militia. Your corporate citizens – from C
suite to front-line workers must join the brigade -- and the best way to arm
them for the fight is cybersecurity
awareness and education.
What's the best fortification? Here are five keys to cybersecurity training success:
Everyone at All Levels – No level of an
organization should be exempt from cybersecurity training, especially the
firm’s leadership. In fact, having top management participate in programs
demonstrates the importance of the issue.
Interactive Programs – Handing out manuals or
distributing slideshows alone won’t make much impact or send the right
message about the urgency of the issue. Engage staff by working with them
one-on-one whenever possible and conducting a lot of Q&A.
Commitment, Enforce Accountability –
Equip staff with tools and clear instructions, and then solicit formal
commitment to using those measures. To thwart complacency, there should be
some form of concrete accountability if individual or organizational
adherence to policy grows lax.
Ambiguity – Identify specific
actions that pose risks, such as using random flash drives, provide
precise instructions for avoiding those dangers. Communicate this
information to the company on a regular basis. Cyber crooks work fast to
develop new attacks; you should work fast to keep pace.
- Make Training Continual and Vary
Techniques – Like any set of good
habits, best practices in individual cybersecurity need repetition and
reinforcement to take root. Stage training sessions more than once a year, and
conduct other activities in the interim, such as newsletters, alerts, security