TLDR:
Key Points:
- South African companies show improvement in cyber security maturity.
- Ongoing training and awareness programs are crucial to maintain progress.
Anna Collard, SVP of content strategy and evangelist for KnowBe4 Africa, presented findings from the ITWeb/KnowBe4 cyber security culture survey. The survey revealed that a majority of respondents now run security awareness and culture programs, with 93% of participants emphasizing the importance of security culture. Measurement of security culture programs has also increased, with 81% of respondents assessing or measuring their cyber security culture. Various methods are used to assess culture, including phishing simulation percentages, standardized methodologies, qualitative and quantitative data analytics.
Collard highlighted the importance of defining security culture as the collective values, beliefs, attitudes, and behaviors within an organization regarding security practices. She emphasized the need for a mindset shift towards security culture, moving from rudimentary awareness to a culture where individuals understand the importance of cyber security and human vulnerabilities.
Organizations are encouraged to instill a zero trust mindset, focusing on verifying everything and promoting constant verification mindfulness practices. Transitioning to a mature security culture reduces risk, but many organizations overestimate their maturity level. To influence behavior change, Collard emphasized motivating individuals, providing them with the ability to do the right thing, and prompting and reminding them through methods such as phishing simulations.
Eugene Swartz, regional enterprise account manager for Africa at KnowBe4, discussed how the KnowBe4 platform supports cyber security culture. The platform offers tools to benchmark progress, assess security awareness proficiency, and improve security culture programs. Through embedded training and up-to-date information on hacker methods, the platform aims to help employees think and behave smarter in terms of cyber security.