2023年5月11日,星期四 North West Cyber Security Cluster hosted "How to Build a Cyber Security Culture" at Manchester Technology Centre, 汇集行业专家, cyber security professionals and enthusiasts to explore the importance of cultivating a strong cyber security culture within organisations.
The informative event provided actionable insights and strategies for creating a security-conscious environment that safeguards digital assets and protects against cyber threats, as attendees heard from experts from leading companies who have demonstrated success in creating and maintaining effective security cultures.
保罗·博德曼,战略增长 & North West Cyber Security Cluster合作领导, introduces the event
以下是保罗·博德曼的介绍,战略增长 & North West Cyber Security Cluster合作领导, 来宾们欣赏了艾米·汉森的演讲, 安全和IT运营主管 Naimuri这家科技公司的目标是让英国成为一个更安全的地方.
Amy Hanson, Naimuri的安全和IT运营主管
Amy shared with attendees how she had developed a passion for cyber security and a desire to keep her peers safe whilst observing the poor use of technology by some of those around her in her earlier career and personal life.
Amy explained some of the ways that Naimuri promote security across their organisation by putting it at the heart of everything they do, 鼓励知识共享和团队合作. Some of the key ways that Amy says the she promotes security include:
- 符合Cyber Essentials和ISO27001标准.
- Educate users about the risks inside and outside of the workplace.
- 使用我们的内部安全论坛.
- 随时了解情况.
Next up, Aparajithan博士(湿婆), Head of Digital Technology at 西北先进制造研究中心 shared with attendees why cyber security is important to the manufacturing industry.
Aparajithan博士(湿婆), Head of Digital Technology at 西北先进制造研究中心
Manufacturing is a traditional industry that is seeing a rapid digital rollout, and with a lack of cyber security skills incidents are rife - 42%of the UK’s manufacturing organisations have been a victim over the last 12 months.
Siva also touched on the conflict between Information Technology and Operational Technology, 因为他们有不同的价值体系和优先事项. Siva suggested the solution to this is to mix together people from both sides to create joint teams.
To conclude the event, Paul Boardman chaired a panel alongside Harman Singh (Founder, Cyphere)、Raj Kundalia(顾问及业主)、 Cybione) and Oliver Johnson (National Security and Intelligence Account Director, CACI国际公司).
左至右:保罗·博德曼、拉杰·昆达利亚、奥利弗·约翰逊、哈曼·辛格
提出的一些要点包括:
- Raj: “The first step to building a cyber security culture is to look at what is currently in place, 首先要和员工和主管们谈谈. 每个公司都是独一无二的, and you need to understand what culture is currently in place to be able to focus on embedding a new cyber security culture.”
- Oliver: “Good cyber security culture is flexible and adaptable. 你需要有好的政策, procedure and the support of the whole organisation from senior management down to the work experience. If any of these pillars are missing, then that should be your focus.”
- Harman: Sometimes directors don’t care about cyber security, sometimes consultants don’t care. 安全必须是一个推动者, and your cyber security culture is inherited from the organisational culture.”
- 拉杰:“当涉及到董事会层面的买进时, you need to establish what is their definition of cyber security? 每个人都会有不同的答案. I often show directors the dark side of the web, and use this exercise to educate and scare them. They need to understand the impacts of a poor cyber security culture and why they need cyber security. Cyber security training can be a tick box exercise and we need to move away from this mindset.”
- Oliver: “To try and avoid training becoming a tick box exercise we get our security controller to sit down with new starters and talk through the training using real life examples. This helps to provide context around why they need to do what we’re asking.”
- Harman: “People, processes and tech need to work together in tandem. One layer won’t save you, all three things need to work together. Don’t blame somebody if they have clicked it, make them learn from their mistakes.”
- 奥利弗:“建立一种不责备的文化非常重要. 如果有人的安全程序有漏洞, they need to know they can come to us and say there has been a breach. 这绝对没问题,他们也不会惹上麻烦. 组织必须将其视为一种学习经验.”
- Raj: “Think about explaining cyber security to an 8 year old and find the “why” - find their language and communicate in it.”
Thanks once more to everybody who joined us for this event, along with our panellists and speakers. 强大的安全文化不是奢侈品, but a necessity that could mean the difference between success and failure in the face of cyber attacks and we hope this event provided valuable insights into how to build a cyber security culture in your own organisation.
