Organizations need to build a culture of security in order to defend themselves against cyberattacks, according to John Scimone, Senior Vice President and Chief Security Officer at Dell Technologies.

In an interview on MIT Technology Review’s Business Lab podcast, Scimone explained that cybercriminals take advantage of confusion and fear in order to trick employees into falling for phishing attacks.

“[A]s we think about how criminals operate, criminals feed on uncertainty and fear, regardless of whether it’s cybercrime or physical world crime, uncertainty and fear creates a ripe environment [for] crime of all sorts,” Scimone said. “Unfortunately, both uncertainty and fear have been plentiful over the last 18 months.

“And we’ve seen that cyber criminals have capitalized on it, taking advantage of companies’ lack of preparedness, considering the speed of disruption and the proliferation of data that was taking place. It was an opportune environment for cybercrime to run rampant.

“In our own research, we saw that 44% of businesses surveyed have experienced more cyberattacks and data loss during this past year or so.” Scimone stated that all employees need to be trained to recognize phishing attacks. “It’s not just my own corporate security team or the security teams within our product and offering groups,” Scimone said. “It touches every employee and every employee fulfilling their responsibility to help protect our company and protect our customers.

We’ve been building over many years a culture of security where we arm our employees with the right knowledge and training so that they can make the right decisions, helping us thwart some of these criminal activities that we see, like all companies. One particular training program that’s been very successful has been our phishing training program.

In this, we are continuously testing and training our employees by sending them simulated phishing emails, getting them more familiar with what to look for and how to spot phishing emails. Even just in this last quarter, we saw more employees spot and report the phishing simulation test than ever before.”

MIT Technology Review has the story and the full 25-minute interview. Great for a break: