Security awareness pays off

When technology is no longer sufficient for protecting companies, awareness and soft security issues increasingly come into focus.

In today’s connected world, companies and organisations are exposed to new security challenges associated with their company IT systems. Combitech (an independent company within Saab) provides services to meet these challenges and to help companies strengthen their security work. The threats and methods are becoming more and more sophisticated. Cyber security has therefore become an important issue for the company management. Security awareness and “soft security issues” in particular have also come more into focus as there is a growing realisation that technology alone will not resolve all problems.

People, processes and technology

One example of a company strongly focusing on security awareness and Cyber security is Ericsson. A high level of security is important for customers in order to have confidence in the products, and the Group management is therefore highly involved in the security work. 

“Security is about people, processes and technology. That is why I think you have to look at security as a whole; something that affects the entire company. It’s not enough to rely on technology, you also need to find ways to strengthen security awareness among the employees. For example, we are offering a mandatory security training course, monthly security tips and an annual global security day,“ explains Pär Gunnarsson, Head of Group Security at Ericsson, in a seminar on security awareness arranged by Combitech a while ago.

Another company where security is high on the agenda is Saab. Bearing in mind that Saab is a global defence and security company, they operate in an environment where threats originate from both companies and nations. Head of Group Security, Johan Nykvist, thinks that an important success factor is that security is managed by different roles in the company, e.g. business operations, IT and purchasing.

“Security should not be a matter for former police officers in the security department to take care of. Instead, a strategy, long-term plan and commitment from the management are required. In order to increase the interest and awareness at middle-management level, it is a good idea to work with specific business cases where you identify risk and find solutions as to how they can be dealt with.”  

Straight to the heart

In order for an organisation to be really efficient in its ability to confront the different types of attacks, it is necessary that all employees have a basic level of security knowledge.

“There are studies showing that 80% of all attacks can be managed by employees having good knowledge and using common sense in terms of security. It therefore pays off to increase awareness,” says Pernilla Rönn, Business Area Manager for Cyber Security at Combitech. There are many ways to go about increasing awareness. The most common are training and workshops, something that Combitech offers to a variety of customers. The advantage is that these efforts are cost-effective and can be carried out fairly easily. “Another successful way is to practise and train in different scenarios. A crisis management exercise gets straight to the heart, and once you have experienced a scenario, it is easier to change your behaviour. In that way, you can get a lasting effect in your safety work,” concludes Pernilla Rönn. 

 

Read more about Cyber security here.

 

About Combitech

Combitech is a Nordic technology consultancy firm with more than 1,450 employees in Sweden, Norway and Finland. It is an independent company within Saab – Defence and Security. For more information, please visit www.combitech.se