Most organizations think they have a good approach to cybersecurity. They check all the boxes and hope for the best. However, cybersecurity is dynamic, with new threats always on the horizon. However, the traditional cybersecurity measures most businesses use don’t work. They often put too much emphasis on the technical element versus the human element. That’s where things are going awry.
The real reason cybersecurity measures are failing is because of a people problem. It’s the core foundation of my book, The Smartest Person in the Room. Correcting this path requires the initial acknowledgment that you must develop your people into more than just technical minds. They need soft skills to adapt to a changing environment that will enable them to be strong communicators and collaborators.
In this post, I’ll review the latest data on cybersecurity risk and explore how to pave a new path to a more secure and agile system.
The Latest Cybersecurity Data
Threats continue to mount on the cybersecurity front. Cybercriminals have become more sophisticated and advanced. As a result, your people become either the strongest or weakest link in your cybersecurity measures. Here are some of the latest data points on the rate of crimes and how companies are dealing with it (or not).
- 95% of cyber breaches are the result of human error.
- 68% of business leaders said their cybersecurity risk is increasing.
- 42% of companies are suffering from cyber fatigue.
- The breach breakdown for 2021 was 40% phishing attacks, 11% malware, and 22% hacking.
- There were 1,862 reported data breaches in 2021, surpassing the previous record of 1,506 in 2017.
- The average time to identify a breach was 212 days in 2021.
- The average data breach cost in 2021 was $4.24 million, the highest ever.
From these statistics, it’s easy to see that cybersecurity is a challenge for any organization, regardless of its maturity. 2021 was a record year, and not in a good way. It’s also critical to look at the numbers on why these incidents occur —human error. On top of that, you have apathy circulating in cyber teams, which is just as dangerous as hackers.
So, how do you avoid becoming a statistic?
It’s Your People, Not Your Budget
Many companies continue to increase their cybersecurity budget. These investments can be critical to the long-term protection of data and networks. They, however, don’t usually correlate with the development of your people. If you raise your spending, you’ll be better at fighting cybercrime but may not have the best-prepared team to back you up.
The point is that unlimited spending doesn’t make you more secure. You can have the best technology and a full staff, but you’re still weak if your people don’t work well together or with the rest of the company. If your employees have rigid mindsets about cybersecurity measures and won’t deviate from them, that’s a significant issue.
You likely don’t think of your team as incompetent, and no one is saying they are. They may have substantial experience and technical aptitude. However, it doesn’t cover up the fact that the profession is in a precarious position right now. There are three main reasons your cybersecurity measures aren’t working.
First, you have the issue of recruitment and retention. The field is in desperate need of new talent. Unfortunately, your choices may be slim since it’s a candidate-driven job market. When you do look for more people, are you only concentrating on their technical experience and expertise? Are people skills even on the list?
Second, there is a large group of cybersecurity professionals that have to be the smartest person in the room. Technical folks often think they are the only ones who know the answer and fail to communicate and cooperate. They are punching holes in the ship and waiting for it to sink. They believe they alone will be able to rescue it.
Third, those entering the field may have credentials or degrees but aren’t ready to defend the company against cyber warfare. Again, it’s not that they don’t know the technical side of things. Most often, they aren’t prepared to work cohesively and amend their very narrow views. Further, most organizations aren’t doing anything to address this.
With all these challenges related to your people regarding cybersecurity measures, it’s time to pave that new path. As someone who has been in the industry in many different roles, this shift is hard. You, as a leader, have to commit, and so do your employees. However, I’ve tried to make it easy with a solution I developed called the Secure Methodology. It’s a seven-step approach that focuses on people skills development. When your team has the technical and people skills, your organization can be in a better position to ward off cyber-attacks.
Let’s look at each step and how it relates to developing your people.
The Secure Methodology: How to Solve the People Problem in Cybersecurity
Each step in the Secure Methodology ties together, building on each other. Some steps take longer than others, but you can right your ship when you commit to them.
Step One: Awareness
Awareness includes self and others. First, people must understand what behaviors they can control and the impact of those behaviors. This can be difficult to comprehend for many technical people who often seem blissfully unaware. Getting in touch with your persona and how you affect the world is critical.
Second, to gain better soft skills and be collective problem-solvers, you must be aware of others. That requires communicating with them, asking questions, and avoiding making assumptions.
Step Two: Mindset
A fixed mindset is a big problem for cyber professionals. The objective is to move from fixed to growth. Many of your people will think they are already there because they can learn new technology, but we’re talking about being growth-minded in terms of soft skills.
At its core, a growth mindset welcomes the ability to change. Without this belief, people won’t grow. However, they also have to realize that change can be slow, but progress is progress, no matter how small.
Step Three: Acknowledgment
Acknowledgment also has multiple layers. First, technical folks need to have self-acknowledgment and believe in their capabilities. Second, leaders need to acknowledge the work of their people and what they’ve accomplished. When you do this, people are more open to you and to change. Third, you should continue to acknowledge them for all the adjustments they make in the journey to achieve a higher level of people skills.
Step Four: Communication
Communication is a part of every step and is often the most challenging for technical people. Communication includes word choice, the way you say it (tone), and body language. Communication is also about being active listeners.
Your cyber team may be very articulate and well-versed in technical speak, but that doesn’t make them good communicators. Honing these skills has such positive effects. Everyone can relate better, understand what’s important, work toward solutions together, and be more compassionate in how they talk to one another.
Step Five: Monotasking
Concentrated work is vital in cybersecurity measures. Its opposite — multitasking — can be a risk factor. When people monotask, the quality of work increases. The quantity may decrease, but scattered attention increases human error risk.
It’s hard to monotask with all the stimuli — emails, chats, phone calls, etc. So, your team can set a specific time to work on tasks and remove distractions to monotask effectively.
Step Six: Empathy
A lack of empathy is usually a lack of connection. Cyber professionals often can’t see past their own challenges. They have a self-centered view that doesn’t consider the plight of others. This type of thinking can lead to quick, inaccurate conclusions. As a result, it impacts communication and collaboration.
Empathy is about understanding someone else’s perspective. It’s not the same as sympathy. As a leader, you should embody empathy. That can help others transition their thinking, which often leads to better results and mitigated risk.
Step Seven: Kaizen
The last step is kaizen, a Japanese term that is the philosophy of continuous improvement of operations involving all employees. It’s all about the progression that people make every day, and when they are on this path, they are more engaged and satisfied. When people can come to this way of thinking, they are growing and contributing. However, it requires practice and a stable resolve. It’s also crucial to hold to this even when things are uncertain, which is often the case in cybersecurity and life.
Improve Your Cybersecurity Measures With the Right Guidance
The seven steps are a kaizen of their own. Learning them and bringing them to your team is all about continuous improvement that includes all members. Some steps will be easier than others for some people. You’re there to go through them as well and stand by your employees who are willing to evolve!
You can learn more about each step and how to execute them, and find exercises in my book, The Smartest Person in the Room. Read it today to start the journey.