Why culture is the foundation of your cybersecurity strategy

By Chris Barry, President, Microsoft Canada

The evolving sophistication of the global threat landscape, along with our almost overnight adoption of the hybrid work model has caused a paradigm shift in the world of cybersecurity. Our own 2022 Work Trend Index shows that people are collaborating, chatting, emailing and sharing information in new ways and in greater volumes than ever before.

This digital transformation represents an opportunity for customers to achieve ongoing innovation that benefits their businesses and the industries in which they operate but this comes with challenges to consider.

With almost total dependence on everything digital, cybersecurity must be at the forefront of everyone’s operations. As governments, businesses, academic institutions and healthcare organizations deepen their investment in the cloud, the increase in end points has made users more vulnerable, positioning them as valuable targets to cyber criminals.

As CyberSecurity Awareness Month comes to a close, I look back at conversations with experts throughout October as they shared one unanimous message: the key to mitigating attacks is a comprehensive cybersecurity plan built on a Zero Trust security model. For that to be possible, security can’t just be a function of IT. Leveraging the right technology is important but a critical element of the plan that is often overlooked is fostering a culture of security with every employee from interns to the c-suite.

Some of our customers offer great examples for organizations that are ready to transform their security poster.

The Ottawa Hospital’s CISO, Jean-Claude Lemonde credits Microsoft Defender technology for quick containment of recent ransomware attacks on healthcare organizations across Canada. He also highlighted the key role the cyber awareness culture played in avoiding further damage. Employees are the first line of defence. It is important to keep them informed on the changing landscape by providing ongoing training on cybersecurity best practices as cyber threats evolve.

Every employee needs to understand the secure process for interacting with data and the policies enacted to help keep their identities and organization safe.  Leaders must create environments where their teams feel that they are part of the solution. At Microsoft, our culture starts with a growth mindset. Our employees are asked to value learning over knowing—seeking out new ideas, embracing challenges, learning from failure and improving over time through training opportunities made available to all employees, which includes cyber training.

Organizations like our partner, Terranova Security in Montreal, provide an engaging and practical people-centric approach to security awareness training for employees. Through this training they have been able to show employees the connection between security awareness and business outcomes for their customers.

Though cybersecurity culture can sound intimidating, we are making headway as leaders now understand that the alternative threatens their bottom line. As security becomes more integrated into businesses’ day-to-day operations, we’re seeing a positive culture shift to reflect the common CISO phrase, “security is everyone’s job”. Security leaders are increasingly leaning on management to create a culture of proper cyber hygiene which builds resilience and protects their cyber future.

At Microsoft we have a culture that encourages everyone to believe they have a part in defending the company against malicious behavior. To support this culture, we provide year-round engaging, interactive training and development opportunities that help leaders understand the purpose of their role and guides them on how to positively influence their teams. Cybersecurity is part of our culture every day of the year.

As we continue to face increased cybercrimes, every Canadian organization, from small businesses to the largest enterprises, must take practical steps to protect their data, apps, identities and networks. Every organization will need a plan that puts their people at the center and encompasses education, policy and technology.

To learn more about how you can tighten your organization’s security posture through best practices and a cybersecurity culture, download the Be Cyber Smart Kit.


Related Posts