While the word “cybersecurity” may evoke thoughts of highly
sophisticated attacks that require fancy computing equipment and skilled
hackers, the reality is that most attacks — especially in a corporate
environment — involve simpler strategies that depend upon one thing:
exploiting human behavior.
Most companies are hard at work building technology to better protect
themselves and their users or customers. But technology can only get us
so far. People are the most important factor in any company’s
cybersecurity strategy, and investing in security engagement goes a long
way in helping companies reduce the probability of a breach.
Facebook runs security engagement programs year-round, but the most
important tool in our arsenal is Hacktober, an annual, monthlong
tradition each October designed to build and maintain a
security-conscious culture. It’s our version of National Cyber Security
Awareness Month, a campaign to get people involved in cyber security and
play their part in making the internet safer and more secure for
everyone.
Hacktober has a number of different elements, from phishing tests and
marketing campaigns to contests, workshops, and expert talks.
Participation is not mandatory, but we find that about one-third of
employees participate in at least one activity over the course of the
month. Everything is designed to remind our employees how to protect
themselves, our company, and the millions of people who use Facebook
every day.
Security awareness can be engaging rather than scary — or worse, boring. If
we create an interactive and fun environment around security, people
will learn important security lessons and retain them throughout the
year.
At Facebook, we take a “hacker” approach to security awareness
because that ethos is a core part of our culture, which means it
resonates with our employees. One of the best examples of this is our
Capture the Flag (CTF) competitions.
No comments:
Post a Comment