Most business should know by now that having an Incident Response and Management (IRM) plan is essential. However, simply having a plan is not enough. Regularly testing and updating your IRM plan is crucial to ensure your organisation can effectively respond to and recover from cyber incidents. This begs the question: How often do you test your Incident Response and Management plan?

The Importance of Regular TestingTesting your IRM plan should be a proactive measure, not a reactive one. Regular testing helps identify gaps, inefficiencies, and areas for improvement in your response procedures. It ensures that your team is familiar with their roles and responsibilities during an incident, reducing the likelihood of errors and delays.
Consider the various types of tests you can conduct:

• Tabletop Exercises: Simulate a cyber incident in a low-stress environment to evaluate your team’s response.
• Live Drills: Conduct more realistic simulations to test your plan under pressure.
• Red Team/Blue Team Exercises: Engage in controlled attacks and defences to identify vulnerabilities and improve your response.

Balancing Budgetary Constraints and Customer DemandsWhile the benefits of regular testing are clear, many organisations face budgetary constraints that can limit the frequency and scope of their testing. However, it is crucial to strike a balance between financial limitations and the need for robust cybersecurity measures. Allocating a portion of the budget to regular IRM plan testing can save significant costs in the long run by mitigating the impact of potential incidents.
Additionally, customer demands for data protection and privacy are higher than ever. Regularly testing and updating your IRM plan demonstrates your commitment to safeguarding their information, building trust and confidence in your brand. Consider involving key stakeholders in the planning and execution of these tests to ensure alignment with customer expectations and regulatory requirements.

Varied Scenarios and Continuous ImprovementIt’s not enough to test your plan once a year and call it a day. Cyber threats are constantly evolving, and your IRM plan should be tested against a range of scenarios to ensure comprehensive coverage. This includes ransomware attacks, data breaches, insider threats, and more. Each scenario can reveal different weaknesses and provide valuable insights for strengthening your defences.
Regular testing also fosters a culture of continuous improvement. After each exercise, conduct a thorough debrief to analyse what went well and what didn’t. Use these insights to refine your plan, update your protocols, and train your team on any new procedures. This iterative process ensures your IRM plan remains robust and effective over time.
​
A Call to ActionSo, how often should you test your IRM plan? While there’s no one-size-fits-all answer, a good starting point is to conduct tabletop exercises quarterly and live drills at least annually. However, your organisation’s specific needs, risk profile, and budgetary constraints may necessitate more frequent testing.
Remember, the goal is to build confidence in your ability to respond to incidents swiftly and effectively. Regular testing, combined with varied scenarios, budget considerations, and a commitment to continuous improvement, will ensure your IRM plan is more than just a document—it will be a living, breathing component of your cybersecurity strategy.
Is it time to review your testing schedule? How prepared are you for the next cyber incident? Let’s start the conversation and ensure your organisation is ready for whatever comes its way.

​Cybersecurity is a critical concern for organisations of all sizes. Traditional IT cybersecurity audits have long been the standard approach to assessing and improving an organisation's security posture. However, with the increasing complexity of cyber threats and the growing importance of human factors in cybersecurity, a human-centric cybersecurity audit is emerging as a more comprehensive and effective alternative. What are the benefits of a human-centric cybersecurity audit compared to a traditional IT cybersecurity audit?
 
Traditional IT Cybersecurity AuditA traditional IT cybersecurity audit primarily focuses on the technical aspects of an organisation's cybersecurity infrastructure. It typically involves:

• Network Security: Assessing the security of the network infrastructure, including firewalls, intrusion detection systems, and network segmentation.
• System Security: Evaluating the security of servers, workstations, and other endpoints, including patch management, antivirus protection, and system hardening.
• Data Security: Ensuring that sensitive data is properly encrypted, backed up, and protected from unauthorized access.
• Compliance: Verifying that the organisation complies with relevant regulations and industry standards, such as GDPR, HIPAA, or ISO 27001.

While these technical assessments are essential, they often overlook a critical component of cybersecurity: the human element.

Human-Centric Cybersecurity AuditA human-centric cybersecurity audit goes beyond the technical aspects to include the human factors that play a significant role in an organisation's overall security posture. This approach offers several key benefits:
 
1.     Comprehensive Risk AssessmentA human-centric audit evaluates not only the technical controls but also the human behaviours and cultural factors that impact cybersecurity. This comprehensive risk assessment helps identify vulnerabilities that a traditional audit might miss, such as:

• Phishing Susceptibility: Assessing employees' awareness and ability to recognize phishing attempts.
• Insider Threats: Identifying potential risks posed by disgruntled or careless employees.
• Security Culture: Evaluating the overall security culture within the organisation and its impact on security practices.

 
2.     Employee Training and AwarenessOne of the most significant benefits of a human-centric audit is its focus on employee training and awareness. By understanding how employees interact with technology and what their common behaviours are, organisations can:

• Develop Targeted Training Programs: Create customized training programs that address specific weaknesses and improve overall security awareness.
• Promote Best Practices: Encourage the adoption of best practices for secure behaviour, such as using strong passwords, recognizing social engineering tactics, and reporting suspicious activities.
• Foster a Security-First Mindset: Cultivate a culture where cybersecurity is everyone's responsibility, not just the IT departments.

 
3.     Behavioural InsightsA human-centric audit provides valuable insights into the behaviours and motivations of employees. This information can be used to:

• Enhance Security Policies: Develop policies and procedures that align with how employees work, making them more effective and easier to follow.
• Improve Incident Response: Understand how employees are likely to respond in a security incident, allowing for better preparation and more effective response strategies.
• Reduce Human Error: Identify common mistakes and develop strategies to minimize human error, which is a leading cause of security breaches.

 
4.     Enhanced Engagement and Buy-InInvolving employees in the audit process and addressing their needs and concerns can lead to greater engagement and buy-in for cybersecurity initiatives. When employees feel that their input is valued and that they are part of the solution, they are more likely to:

• Adhere to Security Policies: Follow security protocols and procedures more diligently.
• Report Security Incidents: Be proactive in reporting potential security issues, leading to quicker identification and resolution of threats.
• Champion Cybersecurity: Act as advocates for cybersecurity within the organisation, promoting a culture of security awareness and vigilance.

 
While traditional IT cybersecurity audits remain essential for assessing the technical aspects of an organisation's security posture, they often fall short in addressing the human factors that are critical to comprehensive cybersecurity. A human-centric cybersecurity audit fills this gap by evaluating the behaviours, motivations, and cultural factors that impact security. This approach not only provides a more complete risk assessment but also enhances employee training and awareness, delivers valuable behavioural insights, and fosters greater engagement and buy-in for cybersecurity initiatives.
 
At Cyberplanz, we specialize in human-centric cybersecurity audits that go beyond the technical aspects to provide a holistic view of your organisation's security posture. Our approach ensures that your employees are an integral part of your defence strategy, helping you build a resilient and secure organisation. Contact us today to learn more about our human-centric cybersecurity audit services and how we can help you achieve peace of mind in an ever-evolving threat landscape.

​In today's economic climate, organisations face the challenge of protecting themselves against increasingly sophisticated cyber threats. For organisations that emphasize a human-centric cyber culture, evaluating existing solutions and selecting the right innovative cybersecurity solutions is crucial, especially under increased budget constraints and the emergence of AI-enhanced threat actors.
Here are some of the key considerations:1. Alignment with Organisational Needs and Objectives

• Business Goals: Ensure the cybersecurity solutions align with the organisation’s strategic objectives and contribute to its mission.
• Risk Appetite: Understand and align the organisation’s risk tolerance with solutions that offer appropriate risk mitigation.

2. Understanding the Threat Landscape

• Current Threats: Evaluate the specific cyber threats relevant to your industry.
• Emerging Threats: Stay updated on emerging threats, particularly AI-enhanced threat actors, and ensure that your solutions can adapt to new and evolving attack vectors.

3. Compliance with Local and International Regulations

• Local Legislation: In New Zealand you’ll need to ensure the solutions comply with the Privacy Act 2020, the New Zealand Information Security Manual (NZISM) regulations and other regulations industry specific regulations including the FMA, etc.
• Global Standards: Consider compliance with international standards like GDPR, HIPAA, SOC2, NIST and ISO/IEC 27001.

4. Integration with Existing Infrastructure

• Compatibility: Ensure that new and existing solutions are fully compatible with your existing and planned  IT infrastructure and can integrate seamlessly.
• Scalability: Choose solutions that can scale with the organisation’s growth and evolving needs.

5. User Experience and Training

• User-Friendliness: Select solutions that are easy to use and understand by all employees, reducing resistance and errors.
• Training and Support: Evaluate the training and ongoing support provided by the vendor to ensure staff are adequately prepared.

6. Performance and Reliability

• Effectiveness: Assess the effectiveness of both existing and new solutions in detecting and mitigating threats.
• Reliability: Ensure the solutions have a proven track record of reliability and minimal downtime.

7. Cost and ROI

• Budget Considerations: Given the increased budget constraints, consider the total cost of ownership, including acquisition, implementation, maintenance, and upgrades.
• Value Proposition: Evaluate the return on investment in terms of enhanced security and risk reduction.

8. Vendor Reputation and Support

• Reputation: Choose vendors with a strong reputation for quality and reliability in the cybersecurity industry.
• Customer Support: Ensure the vendor offers robust customer support and has a clear process for resolving issues.

9. Future-Proofing

• Innovation: Select solutions that incorporate the latest technological advancements, including defenses against AI-enhanced threats.
• Flexibility: Ensure the solutions can adapt to future technological changes and business developments.

10. Incident Response and Recovery

• Incident Handling: Evaluate how the solutions aid in detecting, responding to, and recovering from cybersecurity incidents.
• Forensics and Analysis: Ensure the solutions provide robust tools for forensic analysis post-incident.

11. Employee Awareness and Training

• Awareness Programs: Implement solutions that integrate well with security awareness and training programs.
• Phishing Simulations: Utilize tools that regularly test and improve employee resilience to phishing attacks and other social engineering tactics.

12. Human-Centric Approach

• Employee Engagement: Choose solutions that engage employees as active participants in the cybersecurity strategy.
• Behavioural Analytics: Implement tools that leverage behavioural analytics to detect anomalies and potential insider threats.
• Cultural Integration: Ensure solutions foster a culture of security awareness and integrate seamlessly with your organisation's human-centric cyber initiatives.

 
By focusing on these considerations, CISOs can thoroughly evaluate their existing cybersecurity solutions and choose options that enhance their organisation’s security posture while fostering a human-centric cyber culture. These solutions should not only protect the organisation but also empower employees to be proactive participants in the cybersecurity strategy, providing peace of mind to all stakeholders despite budget constraints and the growing threat from AI-enhanced adversaries.

​The frontline defence against cyber threats is not only technology; it’s your people as well. Staff members, from entry-level employees to senior executives, are often targeted by cybercriminals through sophisticated social engineering tactics and phishing attacks. Therefore, effective cyber awareness training is crucial for safeguarding your organisation’s sensitive data and maintaining its reputation. Here’s why cutting-edge, AI-enhanced, user-friendly cyber awareness training is essential and how to select the right product that fits your organisation’s culture.
 
The Imperative for Cyber Awareness Training

1. Human Error: The Biggest Vulnerability

• Statistics: Studies have shown that human error accounts for a significant portion of data breaches. Without proper training, employees may inadvertently fall for phishing scams or mishandle sensitive information.
• Prevention: Effective training reduces the likelihood of these errors, making employees more vigilant and capable of recognizing and avoiding threats.

2. Compliance and Regulatory Requirements

• Legal Obligations: Many industries have strict regulations regarding data protection and cybersecurity. Regular training helps ensure compliance with laws like:
  • Local Legislation: In New Zealand you’ll need to comply with the Privacy Act 2020, the New Zealand Information Security Manual (NZISM) regulations and other regulations industry specific regulations including the FMA, etc.
  • Global Standards: Compliance with international standards like GDPR, HIPAA, SOC2, NIST and ISO/IEC 27001.
• Audits and Assessments: Proper training can prepare your organisation for audits and reduce the risk of non-compliance penalties.

3. Evolving Threat Landscape

• Sophisticated Attacks: Cyber threats are becoming more sophisticated, utilizing advanced techniques to bypass traditional defences. Continuous training keeps your staff updated on the latest threats and how to counteract them.
• Adaptive Defence: Training programs that evolve with the threat landscape ensure your defence strategies remain effective and resilient.

 
Characteristics of Effective AI-Enhanced Cyber Awareness Training

1. AI-Driven Personalisation

• Tailored Content: AI technology can analyse individual user behaviour and tailor training content to meet specific needs, ensuring relevance and engagement.
• Adaptive Learning Paths: AI can create adaptive learning paths that adjust based on employee progress and understanding, making the training experience more effective.

2. User-Friendly Interface

• Accessibility: Training should be easy to access and navigate, ensuring that all employees, regardless of technical proficiency, can participate and benefit.
• Engagement: Interactive elements, such as quizzes, simulations, and gamification, enhanced by AI, make the training more engaging and effective.

3. Cost-Effectiveness

• Efficiency: AI can streamline the training process, reducing the time and resources needed to deliver effective training.
• Scalability: AI-driven training solutions can easily scale to meet the needs of large organisations, ensuring consistent delivery of high-quality training across all levels.

4. Realistic Simulations

• Practical Application: AI can create realistic scenarios and simulations that mimic real-world cyber threats, allowing employees to apply their knowledge in practical situations.
• Incident Response: Training should include guidelines on how to respond to a cyber incident, ensuring employees know the proper channels and procedures.

 
Selecting the Correct Training Product for Your Organisation
​
1. Assess Your Needs

• Risk Assessment: Conduct a thorough risk assessment to identify the specific vulnerabilities and threats your organisation faces.
• Employee Skill Levels: Evaluate the current skill levels of your employees to select training that is appropriately challenging.

2. Evaluate Training Solutions

• Content Quality: Look for comprehensive, high-quality content that covers a wide range of topics relevant to your organisation.
• Customisation Options: Ensure the training program can be customized to reflect your organisational policies, procedures, and culture.

3. User Experience

• Ease of Use: Choose a solution with a user-friendly interface that encourages participation and minimises frustration.
• Interactive Elements: Opt for programs that incorporate interactive elements, enhanced by AI, to enhance engagement and learning.

4. Vendor Support

• Customer Service: Select a vendor that offers robust customer support and can assist with the implementation and ongoing management of the training program.
• Proven Track Record: Consider vendors with a proven track record of success and positive reviews from other organisations.

5. Performance Metrics

• Analytics: Choose a solution that provides detailed analytics and reporting to track employee progress and identify areas for improvement.
• Assessment Tools: Ensure the program includes assessment tools to measure the effectiveness of the training and adjust as needed.

 
Investing in cutting-edge, AI-enhanced, user-friendly cyber awareness training is not just about compliance; it’s about creating a security-conscious culture where every employee plays a role in protecting the organisation. By selecting the right training product that fits your organisation’s culture, you empower your staff to become a robust line of defence against cyber threats. This approach not only mitigates risks but also builds resilience, ensuring your organisation can navigate the complex cyber landscape with confidence and peace of mind.

In the rapidly evolving landscape of cybersecurity, organisations are increasingly recognizing the need for a robust, cyber-focused culture. This involves not just implementing technical defences but fostering an organisational mindset where every employee understands their role in maintaining security. While IT security specialists are vital to this effort, they may not always be the best candidates to lead such a cultural transformation. Here’s why:
 
The Role of DISC Profiles in Cybersecurity Leadership 
The DISC model, which categorizes personality traits into four types--Dominance (D), Influence (I), Steadiness (S), and Conscientiousness (C)--provides valuable insights into individuals' behavioural tendencies. While each type brings unique strengths to an organisation, certain profiles are better suited to leading culture change initiatives than others.
 
The Typical DISC Profile of IT Security Specialists 
IT security specialists often exhibit high levels of Conscientiousness and Dominance. These traits are essential for their roles, which demand attention to detail, adherence to protocols, and decisive action in the face of threats. However, leading a culture change requires a different set of skills and attributes.
 

1. Conscientiousness (C): IT security specialists excel in methodical, analytical, and structured environments. They are detail-oriented and focused on precision, which is crucial for identifying and mitigating risks. However, this focus on detail can sometimes make it challenging to engage and inspire a broader audience who may not share the same level of technical expertise or interest.

 

1. Dominance (D): Dominant personalities are decisive and results-oriented, often thriving in high-stakes environments. While these traits are beneficial for making critical security decisions, they can sometimes come across as authoritarian, which may hinder their ability to foster collaboration and buy-in across different organisational levels.

 
The Need for Influence and Steadiness in Culture Change 
Successfully championing a cyber-focused culture requires leaders who can engage, inspire, and motivate employees across all levels of the organisation. This is where the traits associated with Influence (I) and Steadiness (S) become invaluable.
 

1. Influence (I): Leaders with high Influence are charismatic, persuasive, and excellent communicators. They excel at building relationships and motivating others, making them well-suited for driving cultural change. They can translate complex cybersecurity concepts into relatable terms, fostering a sense of ownership and urgency among all employees.

 

1. Steadiness (S): Those with high Steadiness are supportive, patient, and good listeners. They create a stable and inclusive environment, encouraging team collaboration and long-term commitment to new practices. Their empathetic approach helps address employees' concerns and resistance to change, facilitating smoother transitions.

 
The Ideal Champion for Cyber-Focused Culture Change 
An effective leader for a cyber-focused culture change should ideally possess a balanced mix of Influence and Steadiness, complemented by an understanding of cybersecurity. This combination ensures they can communicate the importance of cybersecurity in an engaging manner while providing the support needed to embed new behaviours into the organisational culture.
 
Bridging the Gap: Collaboration Between IT Security and Culture Leaders 
To bridge the gap between technical expertise and the ability to drive cultural change, organisations should consider a collaborative approach. IT security specialists can provide the necessary knowledge and framework, while leaders with high Influence and Steadiness can spearhead the cultural transformation efforts.
 
While IT security specialists are indispensable in protecting an organisation’s digital assets, they may not always have the right DISC profile to lead a cyber-focused culture change. By recognizing and leveraging the strengths of individuals with diverse DISC profiles, organisations can more effectively foster a comprehensive and resilient cybersecurity culture.
 
At Cyberplanz we understand the complexities of cybersecurity and the importance of cultural transformation. Contact us to learn how our human-centric approach can help you achieve a robust cyber-focused culture.