Cybersecurity is rapidly becoming a whole-of-business issue, according to the opinion of Michael Gianarakis, the director of Trustwave Spider Labs (APAC):
“Historically, cybersecurity has been primarily handled in the IT space. However, these days HR has an important seat at the table in terms of the holistic business-wide approach to addressing cyber-security.”
Gianarakis said that if we look traditionally at where HR has played a role in cyber-security, it has been more around policy enforcement and compliance.
He stated it to be something of importance but at the very same time incapable of changing behaviors. And the basic thing that must be done while driving a cyber-security culture is to produce a behavior change!
This is about making sure that the messaging is crafted to an individual and that is in no way different from any other activities that HR does in terms of making the people align with the organizational goals.
Gianarakis stated that it is very important to build a well-developed security culture and that too in HR’s domain. So, if the culture is not well driven, it is not going to work out fine.
He was of the opinion that if security is something that is seen as an important and essential priority, as it should definitely be for the C-suite and the middle management, it will for sure filter down to the corporation and people will act in accordance. So, it is necessary to develop the tap-down culture when the issue of cyber-security is under question. And actually, figuring out how you get in touch with the individual and reinforce a behavior which is positive is of prime importance. Very often such types of exercises can also turn into a witch hunt that might not be very productive! which is not productive!