Preparing Your Organization for the Unknown: Creating and Empowering Cyber Resilient Employees and Organizations

Many of us have attended presentations where the speaker acknowledges that organizational insiders are the key drivers of effective cybersecurity programs, yet s/he provides rather vague comments to help us address such matters. Phrases like ‘just make sure your people are smart' and ‘don't hire bad people' are uttered far too often and lack clear-cut direction about how to appropriately understand and tackle the human factors for which we are ultimately responsible. In addition, those of us who are motivated to do something of lasting value with our employee bases are simply too occupied with the technical threats and too limited by our team size and budgets to offer our employees more than computer-based training modules and simulated phishing attacks. However, to achieve something truly different with our efforts, we must go beyond preparing our employees to handle known threats and empower them and our entire organization to be resilient in the face of the inevitable unknown. This session focuses on how leaders can begin to change their organizations from being focused on an avoidance mentality – a mentality that typically works against employees – to one that focuses on resilience and empowers employees. In doing so, we will discuss important research in this domain that has a direct bearing on human factors within your organization. Our goal is to help modern organizational leaders approach cybersecurity differently, enlist the employee base as the protective force they can be, and actually begin to experience cyber management in a new and more effective fashion.