How to Fix a Dysfunctional Security Culture
There’s an old business saying that goes: “Culture eats strategy for breakfast,” that’s often attributed to Peter Drucker. While it is debatable whether he said it or not, the sentiment is clear—without a strong culture, organizations will be unable to execute on their strategies.
By Stu Sjouwerman, CEO KnowBe4
Culture underpins everything an organization does—and how it gets things done. While culture is a term often referred to the organization as a whole, there are also cultures (or subcultures) within organizations related to business practices—like security. At my company, we define a security culture as the ideas, customs, and social behaviors of a group that influence its security.
The Hallmarks of a Security Culture
Culture shifts over time. A positive security culture will grow from basic compliance to a sustainable and well-integrated one that drives secure behaviors and prevents breaches.
But cultures can also become toxic or dysfunctional, working at cross purposes with the desired values and goals of the organization.
[....]