If you want to change security behaviour, stop thinking like a security professional, start thinking like an entrepreneur.

start thinking like an entrepreneur blog image

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

October 14, 2020

In 1998, Evan Goldberg revolutionised an industry. This is what we can learn from his story.

 

It was 1998.

Evan Goldberg was the owner of a one failed start-up and another that was yet to make a single sale. Still, as he worked on his new venture – from an office above a hair salon – Goldberg was resolute. 

His new venture? A cloud-based platform that gave accountants a single version of the truth.

No more working in isolation. No more struggling to prove the value of their work. No more guesswork.

Not very exciting unless you’re an accountant! But, it solved a major problem. So Goldberg kept his head down and worked. Eventually, it grew to the NetSuite we know today. A cloud system for managing enterprise resource planning.

 

The importance of information

Information is processed data, presented in a way to make it meaningful and useful.

Goldberg understood this. Before he created “NetSuite”, accountants rarely knew for sure where their figures sat within wider business context. As a result, they did much of their work based on what felt right.

In 2020, security awareness professionals face a similar challenge managing human cyber risk. 

We know people are linked to security incidents. But measuring the impact of individual behaviours, or the associated risk, is hard.

As a result, many security behaviour change programmes are run the same way accountancy was 20 years ago.

Data belonging to different departments is fragmented. Details are recorded on clunky, self-made dashboards. Decisions are made because they feel like the right thing to do. 

Often, little information exists to show whether efforts are changing behaviour. Or better yet, reducing risk at all.

It’s not failing on any one person’s part. Security professionals have simply never had a reliable way of measuring human cyber risk.

Like accountants pre-NetSuite, we’re aware of the measurement problem. And we have cumbersome workarounds. But we could all do with something more accurate. 

 

Behaviour-IQ

At CybSafe we want to help. We want to reduce the number of security incidents caused by people. We want to make it easy to show compliance and reduce risk at the same time.

As part of that, we’ve launched Behaviour-IQ – a risk management and analytics tool that helps to measure and track security behaviours.

Behaviour-IQ measures and tracks over 70 security behaviours. It then shows how much each behaviour affects cyber risk.

Behaviour-IQ uses data from the CybSafe platform and from your existing IT or security tech stack. It also connects your systems with SebDB – the world’s most comprehensive security behaviour database.

Behaviour-IQ was built to contextualise performance using industry benchmarks. To prioritise behaviours to change. And to give detailed recommendations to reduce associated risk.

 

Information means focus

In 1998, Evan Goldberg’s NetSuite solved a specific problem. It decentralised operations data. It made it simple to see where professionals should focus their time and efforts. In doing so, it changed how businesses operate forever.

22 years on, we believe Behaviour-IQ is the security equivalent. An information portal that makes it easy to see where to focus time, effort and resources.

It’s a human cyber risk management tool designed for security awareness professionals and security leaders responsible for their organisation’s people-related security controls. It’s in its first stages of release and we’d like your help to refine it.

If you’re a CybSafe customer, you can sign up for an early access trial via the in-app notification: app.cybsafe.com.

If you’d like to see how Behaviour-IQ could benefit your organisation, get in touch with us: www.cybsafe.com/behaviour-iq.

Post-pandemic, CISOs are overlooking an important cyber defence

Post-pandemic, CISOs are overlooking an important cyber defence

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more