Security Culture Gaining Momentum

By Staff
2 Min Read

KnowBe4, a provider of security awareness training and a simulated phishing platform, recently unveiled their 2024 Security Culture Report. The report examines how cybersecurity measures related to the human element affect organizations and the way people act and feel at work. KnowBe4 defines “security culture” as the ideas, customs and social behaviors that influence an organization’s security and reduces human risk. Security culture is best understood as the collective mindset, practices and norms that shape how an organization approaches and prioritizes security. 

KnowBe4’s latest report reveals that the overall security culture score globally stands at a low-moderate level, unchanged from the prior year. Organizations recognize that employees are a key defense against cyberattacks and that leadership needs to adopt a top-down approach to build a strong security culture.

The report shows:

  • That smaller organizations are performing better in their overall security culture compared to larger counterparts, primarily because larger organizations often struggle with efficient leadership communication due to their size, whereas in smaller organizations, individuals feel more responsible for security.  
  • Despite being prime targets, government, manufacturing, and education sectors are struggling to uphold adequate standards and may have contributed to a small dip in the overall security culture score in North America, compared to the previous year. This is largely attributed to resource constraints in those sectors.
  • AI is garnering significant attention, but not yet impacting the nature of cyberattacks. While bad actors may exploit AI to create sophisticated social engineering tactics, the foundational structure of cyberattacks remains unaltered. This is because attacks will follow the same core formula of social engineering, armed with more efficient tools such as deepfakes and dramatically improved translations. As a result, defenses against these cyberattacks would follow a consistent formula of watching out for traditional signs of social engineering.
  • Using AI’s potential to train individuals and enhance defensive measures is a strategic necessity against cybercrime. 

To download a copy of KnowBe4’s 2024 Security Culture Report, click here.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *