Why do we wear Hawaiian shirts on Friday? Why do we do burrito birthdays? Why is everyone encouraged to contribute to the office music playlist? Because it’s the culture!

Culture is important because it shapes our identity, our communications and our behaviour when interacting with our clients and our peers. When it comes to Cyber Security – more often than not, all discussions will be about technical controls and mitigations of threats and ways to reduce risk through discrete systems. A positive security culture, and an aware workforce is an untapped and overlooked resource in protecting company assets.

Security Awareness is an important piece of the puzzle, but not the whole puzzle itself. Being aware of best practice for a user is important, and applying technical controls to enforce those best practices is even more important – what is not discussed is how do we influence perception and behaviour to achieve a positive outcome?

Security Awareness platforms offer valuable insights to aggregate end user knowledge, identify gaps and (hopefully) fill those gaps with engaging and meaningful content. False phishing campaigns – while their intent is to safely identify vulnerabilities in process or technical controls – work in tandem to validate the knowledge transfer from the security awareness platform and results are being observed. What is missing is positive engagement or positive reinforcement from business leaders or strategic partners to complete the jigsaw puzzle – security behaviour change.

Cultivating a positive behaviour change is not an easy task, and no standalone platform will achieve this without support from all levels of the business top-down. Security awareness training offers a valuable and tactical service to bring the conversation of why Cyber Security is important across all units of the business. When done right, that knowledge will drive securer process revisions, identify gaps in architecture and allow the business to move quicker and take on more comfortable risk to innovate further.

Snags for security? Cookies for culture? We recommend all the above.