Cybersecurity, especially in times of crises and economic disruption of all sorts, should remain high on any leader’s list of topics to monitor and learn more about. Many don’t realize how their employees play a part in cybersecurity. Here are the 5 things your cybersecurity dashboard should tell you about your employees.
Monitoring solutions and dashboards are really useful to stay aware of threats. They can also provide insight into more than just threats. In order to navigate times of disruption, innovation, and change, the intelligence that leaders collect and review must shine a light on not only the threats to a business, but also the opportunities a business has to grow, develop, and improve.
Many companies employ a number of tools to evaluate effectiveness of cybersecurity program. A proper cybersecurity program should also teach company leaders about their employees – both security staff and general team-members.
Starting with the overall staff and vendors alike, here are the first 5 things that metrics on a central dashboard should speak to:
1) Are staff and vendors handling their security training well?
A segment of any good dashboard should include metrics about security training and performance. Non-security employees should be trained to be aware of, understand, and address security incidents as the “first line of defense” in many situations.
Consider including core metrics such as how many and what type of security training occurred, at what cadence (monthly, quarterly, etc.), and the performance ratings of each department or team. For some training that is “complete at your own pace,” it is important to monitor how many sessions a team-member takes to complete their training, and the current completion rate across all teams.
2) Are they retaining what they learned?
Retention of information is important – yet it is vitally important for security training.
If an employee or a vendor doesn’t remember to stay vigilant about who has a password or access code to a location with company data on it, then that becomes a security hole and threat.
Consider including metrics on re-test rates, how many times staff need to take a test in order to get a passing grade, and consider adding old questions back into training tests in order to check if old material stays fresh in team-member’s minds.
3) Can they quickly apply their knowledge to key security incidents and matters?
The goal is for employees and vendors to prove that they can handle their training, retain what they learned, and be able to apply their knowledge regularly.
Security training usually covers specific topics, such as phishing attempts via email, attempts to defraud or to destroy, or attempts to gain access to systems in ways outside of phishing.
Testing and re-testing should also contain challenges about specific subjects. By doing so, the dashboard can report how quickly trained staff can address issues brought up in these subjects or simulated incidents.
Consider watching for whether employees and vendors tend to answer these questions faster, or with a higher rate of success than previous evaluations. Doing so may prove that staff can quickly and effectively apply their knowledge.
4) Can they apply their knowledge to varied scenarios, outside of the specific examples in the training?
Oftentimes security training is specific to a particular subject matter or topic. Training, because of this specificity, can sometimes fall victim to topical bias, where participants in the training tend to learn things about the specific instance, but can’t generalize their learning to topics that weren’t covered.
Think about driving a car; while driving a car in a country that drives on the alternate side of the road can be initially difficult, we can get used to it quickly because the principles are the same.
Here, consider tracking performance from re-testing where similar-yet-different subjects are shown to staff, such as a social engineering attempt via the phone versus over email.
Differences in performance and completion rate and time-to-complete can reveal if staff aren’t applying their learning well.
5) How discerning are they when faced with a potential threat?
In conjunction with some well-designed tests, a dashboard can also track metrics about whether an employee can assess a threat and act accordingly.
Consider instituting test-cases such as simulated phishing emails are sent from an internal address that’s unlikely to be compromised, or a seemingly benign notification or pop-up comes on-screen that hides an attempt to trigger an installation. Test and record employee performance at finding the threat and their next-steps.
High rates of detection and high rates of following incident reporting procedures can be very good news on a security dashboard.
There are certainly more questions that can be explored, and we will explore other topics in future blog posts. It is really helpful for both security professionals and for leadership to build and maintain an insight-driven dashboard.
Critically important data collection can lead to important cybersecurity insights about what employees are up to, how are they performing, and more. Reviewing such information can be incredibly helpful for updates to security policies, procedures, and controls.
If you’d like to learn more about what your dashboard should tell you and your company, reach out to us here.
Share this Post