The Case for Security Awareness Training
Cybersecurity and cyber security awareness are critical to business survival in an era dominated by growing virtual crime. It might be true that most people know about costly identity theft and reputation-destroying network hacks. Organizations spend millions every year trying to defend themselves against cybercrime, but still, attacks seem to be more and more successful.
What is the problem? Bruce Schneier said “that security was a combination of people, process and technology.” Without an embedded culture of cybersecurity awareness and enforcement, all of those fancy and expensive systems aren’t going to do much good.
At the end of the day, your employees remain your organization’s weakest (or strongest) link in the cybersecurity field. It’s called “the human factor.” Criminals know the easiest way to access secure networks or steal data is to target people who already have access and steal their login credentials and other critical info.
ENISA defines cybersecurity culture as “the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies.” The current organizational cybersecurity posture justifies the need for cybersecurity culture.
The majority of data breaches within organizations are the result of bad actors, and while cybersecurity policies are commonplace among organizations, employees may view them as guidelines rather than rules. Similarly, technologies cannot protect organizations if incorrectly integrated and utilized. According to ENISA, the purpose of developing a cybersecurity culture is to achieve a change in mindset, foster security awareness and risk perception, rather than attempting to coerce secure behaviour.
This is where security awareness training comes into play. It is meant to equip employees with the knowledge and skills they need to protect themselves from criminal elements.
Employees can be your strongest asset (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Anastasios Arampatzis. Read the original post at: https://www.tripwire.com/state-of-security/security-awareness/sans-security-awareness-training-rising/