October was an exciting month for us at Right-Hand Cybersecurity! Every October, in our industry, is recognized as Cybersecurity Awareness Month.
Cybersecurity Awareness Month started in 2004 by the National Cyber Security Alliance and the US Department of Homeland Security. Over the past decade and a half, we’ve witnessed this initiative being adopted by the public and private sector all over the world!
Creating a cyber culture is not a simple task, and we took this opportunity to help CISOs, IT and InfoSec leaders and practitioners educate and guide their organization's workforce on building cyber readiness.
As I look back and analyze all activities launched by Right-Hand and others during the last month, my hope is that we were able to evangelize the message that cybersecurity is a key enabler for innovation and business growth and that the human element is a highly-important asset for an organization's defense and growth strategy.
This was Right-Hand Cybersecurity’s first opportunity to actively evangelize and support Cybersecurity Awareness Month, and we decided to go all out by hosting events for our APAC and US audiences, launch the Cyber Fitness Challenge, release our Medieval CISO Video, and publish our Ebook!
In this blog, I’ll recap some of these exciting events and announcements, in addition to some of our key takeaways.
Together with our event partner, ICE71, we hosted the first annual edition of The Front Lines online event on October 21. I had the pleasure of being joined by best-in-class cyber experts during 3 sessions to discuss the importance of the human element in cybersecurity and lessons learned on founding a cyber start-up in Singapore. This event is now available on-demand and I recommend you check it out in case you were not able to join us live.
Here are my favorite quotes shared by our speakers:
Technology risks need to be translated into business problems, so you can onboard business leaders as cybersecurity stakeholders. Everything built in an organization needs to have a layer of encapsulated cybersecurity and privacy protection. Security cannot inhibit and limit innovation
Subhajit Deb, CISO at Dr. Reddy's Laboratories
As Security Leaders, we are really responsible for planting the seeds of innovation and future growth. The role of a gatekeeper is to explain to other C-level executives what it means to change the culture - otherwise, the journey towards cyber culture will be quite difficult
Shao Fei Huang, President of Singapore Computer Society Cybersecurity Chapter
I believe in the idea of a culture of empowerment, not a culture of fear, in order to open everyone’s eyes to the fact that security is the responsibility of everyone. Just telling someone not to do something is not going to change behaviors. Let’s elevate the conversation and empower people. Let’s talk about the reasons why and let’s make cyber training programs more personal
Ellie Warner, Global Head, Training and Awareness, Trust, Data and Resilience at Standard Chartered Bank
During the 2020 edition of The Front Lines, we also hosted a special session for those interested in entrepreneurship, called "Founding a Start-up in Singapore". The speakers Joseph Gan, Co-Founder & CEO at V-Key, Paul Hadjy, Co-Founder & CEO at Horangi, Linda Nguyen Schindler, Programme Head at ICE71 and Leesa Soulodre, General Partner at r3i Ventures, shared inspiring tips and their learnings during the journey of starting a new company, including topics on product development, hiring and fundraising.
One week after our Front Lines Event for our APAC audience, we hosted the webinar "The Role of Cyber Culture in a Cyber Strategy" for those located in the US. Jack Roehrig, CISO at Turnitin and Matthew Rosenquist, CISO at Eclipz joined me at this event. You can access the recorded webinar here to hear all of their great insights from the session.
Your technical security controls can always be undermined by a person, and that's why behavior control is hugely important. Train your employees to predict, prevent, detect and respond to cyber threats. You cannot have a successful security program without the help and support of the users
Matthew Rosenquist, CISO at Eclipz
When it comes to security awareness programs, adding fun and engaging pieces to your campaigns can motivate people to pay attention to what the security team is doing, and you can later use human resources that want to volunteer for your security projects, as well as use this movement of security culture to get everyone in your company to contribute and prioritize security requests. Eventually, you will get people excited about cybersecurity
Jack Roehrig, CISO at Turnitin
During both events, we ran a poll asking "Has your company implemented a cyber awareness program during Cyber Awareness Month?". 47% of our audience in APAC said "no", against 53% in the US.
These results mean there is still a gap of organizations not implementing cyber awareness programs, especially during October. This split was a bit surprising as we expected more organizations to implement a program during this month given the added attention that is placed on the industry.
In October, our team released a simple but powerful tool to drive cyber awareness to individuals and teams. Right-Hand's Cyber Fitness Challenge is a free, self-service tool that gamifies and measures the knowledge level of each participant in topics such as phishing, password management, social engineering and much more. You only need to register to start getting daily, quick and engaging quizzes through email for 30 days that will help you and your team become cyber fit.
Last but not least, during this year's Cyber Awareness Month, we launched the video "The Medieval CISO", which illustrates in a fun and light way the importance of building a strong cyber culture. I invite you all to watch it and share it with your colleagues and friends:
Right-Hand has put together lessons learned throughout 2020 to help your business adapt in the best way to the post-COVID-19 landscape. Our eBook "The COVID-19 Cybersecurity Playbook" includes the following topics: Phishing Attacks Continue to Lead the Way, The Hybrid Reality of Work Location, Why Compliance is More Important than Ever, Where to Allocate Your 2021 Budget and Behavior Change and Monitoring. Enjoy!
I am very appreciative of the efforts put forth by our team, speakers, and partners that helped execute a successful Cybersecurity Awareness Month! We look forward to continuing to build off of these efforts in the weeks and months to come because even though Cybersecurity Awareness Month concludes on October 31st, the importance of building cyber awareness and employee culture continues!