Leading a Secure Organization
Cybersecurity training for executives and senior management is paramount for their education and understanding of security awareness steps that will mitigate the risk of impending cyberattacks. Training in risk assessment, accountability and disaster recovery are necessary to stay ahead of possible cybersecurity risk.
Cybersecurity awareness is now clearly the purview of C-suite, as the number of cyberattacks have skyrocketed across businesses globally. The concepts are often foreign to business leaders, who may not know the right questions to ask their IT and cybersecurity professionals. Cybersecurity leadership starts at the top. The current threat landscape demands that senior leaders take ownership of the organization’s security position and culture to avoid data breaches and the theft of private data.
This cybersecurity training for executives draws on real-world examples from the headlines and illustrates how security awareness, management level attention and decisions could have made the difference between a minor breach and a major one.
The course is provided as a single program, or as individual modules that respect the busy schedules of your leadership team.
Why C-level security training is crucial
Also known as a whaling attack, cybercriminals often target the C-Suite, board members and other top executives in an organization. As leaders of a company, they are most likely to have high-level privileges required to access the types of valuable corporate systems and information that cybercriminals seek. These high-profile employees are also the ones with the ability to authorize high-value wire transfers that promise big payouts for hackers.
C-level executives are 12 times more likely to fall victim to a cyberattack, according to recent statistics. Yet, most believe they are immune to attacks, so much so that 40% of companies cite their C-level employees as representing their most vulnerable employees and highest cyber risk to their organizations.
GLS’s cybersecurity training for executives covers these topics
- The various threats to corporate data security
- Typical cybersecurity stakeholders in an organization
- CEO accountability for cybersecurity
- What organizational leaders should do to keep their devices and data safe:
- How attackers use social media and what steps to take to secure social media presence
- How to recognize and avoid common social engineering attacks
- How to set strong passwords
- How mobile devices are targeted and how to secure mobile devices
- How to protect devices and data before, during and after traveling
- What organizational leaders should do to manage the organization’s cyber risk:
- Risk perception vs. reality
- Available frameworks and resources: NIST, CIS, ISACA/COBIT
- Typical compliance requirements for an organization
- The risk management model: identify, analyze and access, apply controls, monitor and review
- Understanding and integrating an incident response plan
- The controls framework
- How organizational leaders can implement a human firewall and a culture of security:
- Aligning the cybersecurity strategy to the organization’s values and culture
- Enabling growth through security
- Principles of highly-reliable organizations (HROs): integrity, depth of knowledge, procedural compliance, authorized access, questioning attitude, formality in communication
- Common security threats to HROs: tailgating, USB drop, phishing, pretexting, improper network administration, business email compromise
- Accountability and auditing
- Using meaning and competence to measure work satisfaction and job performance
- Maintaining a positive attitude