Security News > 2024 > August > Strategies for security leaders: Building a positive cybersecurity culture

Any regional cultural differences, the particular industry sector, the underlying company structure, the lack of awareness and knowledge of security norms, and conflicting business priorities, can all weigh on any planned change to team culture and security behaviors.

Traditionally, the security function has been perceived as the department of "No." Therefore, the primary goal of the security team must be to replace this rules-bound, inflexible, autocratic perception of the security function to one that is open, transparent, positive, creative and collaborative.

As part of the design blueprint for security culture change, the security leader should set clear aspirations for what the team is trying to achieve, underpinned by conversations about how the culture underscores the effectiveness of the team, and the importance of making the change.

While the security leader's ability to change the organizational culture may be limited - certainly in the short term - there is much to be gained by changing the team's own culture and demonstrating the benefits of such change.

In other words, think and act like a marketer: Do some audience analysis; communicate security concepts in a language your audience understands; make cybersecurity more relatable; engage users and promote security programs using marketing messages, campaigns and influencers, just like you would promote a product or a service.

Security technologies and controls are definitely important but above all, culture is that one missing or underrepresented piece which security leaders must start actively focusing on.

News URL

https://www.helpnetsecurity.com/2024/08/20/cybersecurity-culture-strategies/