In today’s digital landscape, cybersecurity awareness is often reduced to alarming statistics about ransomware attacks/compromised passwords or even on annual compliance training sessions, which are typically rushed through in minutes. Building a robust cybersecurity culture requires a multifaceted approach that goes beyond technical tools to include comprehensive training, storytelling, and cultural buy-in. In this video, Steve Winterfeld, Advisory CISO at Akamai, delves into the pivotal role of cybersecurity training to drive cultural change within organizations.

He explains how driving a strong cybersecurity culture requires both bottom-up and top-down efforts. The synergy between initiatives led by the cybersecurity team and the strategic vision from senior leadership can create a secure and resilient organization.

Beyond technical tools: Embracing behavioral and cultural change

• While technical tools are essential, they are not sufficient to protect against all cybersecurity threats. Employees must understand the broader implications of their actions and take ownership of their role in safeguarding the organization.
• Winterfeld emphasizes the importance of fostering a sense of ownership by engaging employees with personal anecdotes, and by employing creative training methods to create a resilient cybersecurity culture.

Power of storytelling in Cybersecurity training

• One effective way to change cybersecurity behaviors is through storytelling. Winterfeld explains that sharing real-life examples of technical hacks can make lessons more relatable and memorable.
• He also shares stories to illustrate cybersecurity lessons, such as the tale of a fish tank’s wireless connection being hacked, highlighting vulnerabilities in unexpected places.
• This approach helps employees see the relevance of cybersecurity in their daily lives.

Educating employees on the importance of Cybersecurity 

• Education is key to preventing common cybersecurity mistakes. Encouraging a culture where employees stop, think, validate information, and take a breath before acting can prevent many security breaches.
• Winterfeld highlights the need for employees to be aware of the risks and understand why they should be concerned and how their actions can impact the organization’s security.
• He also talks about the importance of addressing these common mistakes and holding employees accountable for their actions.

Creative training methods for lasting impact

• Innovative and creative training methods can significantly enhance cybersecurity awareness and cultural change.
• Winterfeld explains how resources such as articles, exercises, policy, and interactive sessions can help drive home the importance of cybersecurity, making it an integral part of the organizational culture.

Importance of protecting families and future threats

• Winterfeld also underscores the importance of protecting families from financial fraud and warns of new threats emerging with generative AI (GenAI) in production.

Guest: Steve Winterfeld (LinkedIn)
Company: Akamai (Twitter)
Show: CISO Insights

This summary was written by Monika Chauhan.