Image via Freepik
A solid security awareness training program will drive cybersecurity awareness and instill the importance of protecting an organization and proper cyber hygiene. If implemented correctly, these programs can be crucial in preventing human error and insider threats, as well as help employees understand the role they play in combatting cyberattacks.
In fact, Mimecast research indicates that more than 90% of security breaches involve some degree of human error. A number of studies have found that employees who receive consistent cybersecurity awareness training are five times more likely to spot and avoid clicking on malicious links.
Below, cybersecurity leaders discuss the benefits of implementing a security awareness program that drives change and builds a security-minded culture.
“Cybersecurity training that fits today’s mode of consumption is more engaging. At the present time, that mode is short video clips that draw you into a story that teaches you valuable security principles along the way. In addition, security training needs to be appropriate to the skill level of the individual to whom the training is being delivered. Most security awareness training assumes that everyone is operating at the same skill level. This wouldn’t be acceptable for most other disciplines; however, this seems to be the norm for security training.”
“Cybersecurity training is an important component of good cyber resiliency. While sophisticated phishing, coming from a trusted service, is very hard for humans to identify, training that serves to enhance users’ analytical skills is critical for phishing that makes it through security defenses. A good training program, combined with AI-powered behavioral learning technology, is the right combination needed to stop phishing from impacting your organization.”
“For businesses, investing in online cybersecurity training can help to ensure that their employees are up-to-date on the latest threats and trends. This can help to reduce the risk of a data breach or other cyberattacks. For individual IT professionals, online security training can help them to stay ahead of the curve and keep their skills sharp without the need to travel. Many online training centers also offer certification programs that can help IT professionals to stand out from the crowd.
One emerging trend I’ve seen is the use of gamification in security training. Games can be a fun and engaging way to learn about complex topics like cybersecurity. By incorporating game mechanics into security training, learners can develop the skills they need to succeed in the industry.”
“Security awareness training is a great starting point; however, organizations should build upon it, especially for situations that are unique to them. For example, organizations with IoT devices will need to pay special attention to keeping them on separate networks and keeping their firmware up-to-date with the latest security fixes. In addition to training, organizations of all sizes should have a process to test or audit employees to make sure the security training can be carried through in the actions employees take.”
“Taking a risk-based approach to cybersecurity is the best way to sustainably improve your posture against attacks. More than 82% of data breaches contain the human element, mostly email, and yet security awareness and phishing training programs are outdated, compliance-based, and typically constitute only three percent of awareness budgets. Because most attacks start with people, security and risk management strategy must as well. Install the training, processes, and technologies necessary for catching the sophisticated attacks that technical perimeters will always miss, no matter how much money is poured into them.
Automation, adaptive learning, and artificial intelligence/machine learning can help deliver personalized training at scale. Why is that important? Because people need to participate frequently with relevant training that stays at the edge of their skill level in order to improve and stay engaged. A long, dry video followed by a punishment-based phishing simulation has been proven not to work. Fixating on failure leads to failure. Rewarding people as they acquire skills in a dynamic learning environment confers measurable improvement. This approach broadly describes gamification, whose demonstrated success is grounded in established principles of behavioral science and business and will be key to protecting organizations of all sizes in the year ahead.”
Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.
The John F. Kennedy Center for the Performing Arts is home to some of the nation’s largest events, from the Kennedy Center Honors to the Mark Twain Prize and high-caliber theatrical and symphonic performances.
Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.
Copyright ©2023. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing
Leave a Reply