CISO's in the discussion panel at Kick-off Alert Online 2018
CISO's in the discussion panel at Kick-off Alert Online 2018
Last Monday, October 1st, the Kick-off of Alert Online took place for its partners. 'The joint enhancement of cyber awareness' is the theme that Alert Online is all about.
Part of the program was to discuss the outcomes of the Cyber Security Awareness Survey 2018. An important outcome of the research is that the chance of becoming a victim of cybercrime is estimated to be low. This while a large majority of Dutch people have had to deal with some form of cybercrime. Once confronted with cybercrime, action is taken sporadically.
With a panel consisting of CISO’s working at a number of members of the CIO Platform Nederland (see photo above), a question and two results from this annual survey were discussed under the guidance of Erik Jan Koedijk, Chairman RvA Alert Online.
From left to right in the picture: Joab de Lang (CISO Municipality of Rotterdam), Luisella ten Pierik (CISO Stedin), Rik Driessen (CISO House of Representatives), Juriaan Rijnbeek (CISO Leiden University Medical Center), Jolanta Kulicki (CISO Royal HaskoningDHV) and Reint Jan Renes (Lecturer Professor Applied Sciences at Hogeschool Utrecht and behavioral scientist).
1. 'Who is responsible for internet safety at work? The employer or employee?’
The panel almost unanimously agreed that this is a shared responsibility. Some comments that were made were that it should be clear who is responsible for which aspect of Internet security. But it is also true that it is becoming increasingly difficult for employees to secure good safety independently because of the increasing complexity and technical knowledge required. Employers have the task of offering employees an action perspective; explain how phishing works, how to create and manage secure passwords, etc.
2) '53% of working Dutch people do nothing after confronting cybercrime at work'
The work of the CISO does not stop at raising awareness. They must also direct the practical follow-up steps on a personal level. Play on current situations, for example: currently phishing via Office 365 is much in the news. Pay attention as an employer via the intranet with a report about the possible dangers. It is also good to involve the home situation. Dangers are more appealing to the imagination when the home front is hit. A good example from the practice of one of the CISO’s is that the organization arranges for a Cyber Security specialist to visit the employees at home to check the cyber security of the home situation and make adjustments.
3) '37% of working Dutch people do not feel it is necessary to improve their online security'
So there is a lot of work to be done for the business community. From the panel it was advised to continue to focus on the awareness of the employees that it is, for example, important to report phishing. That one should not look away, but that you not only help yourself to become safer, but also your fellow man. The solution only works when everyone applies it! Other ideas that work are, for example, to link desired behavior to a reward structure. Within a knowledge organization employees like to exchange knowledge about cybercrime; 'Make it a match' and make it fun. But also think about creating friction, with which you demonstrate and increase the urgency for awareness. Put the link with something unpleasant, for example video images of your teenage daughter on the internet. That weighs heavier than cybercrime at work.
Finally, a survey from the audience yielded the following question: "To what extent can a supplier/provider also contribute to safety?" In response, the advice came to join the Secure e-mail Coalition as an organization, to make e-mail safe.
During the European Cybersecurity Month, the CIO Platform Nederland organizes various activities for its members to also contribute to increasing cybersecurity awareness. For more information, contact Janet Cadel.