The majority of Employees have never received effective Cyber Security Awareness Training
In part 1 of a 3 part series, our highly regarded cyber security expert, Dr Alfred Rolington, explains why people should be at the heart of your cyber security investment strategy.
What has become very apparent in the last few years is that all employees, from senior management to part- timers, are the largest cyber security vulnerability that any organisation faces.
Businesses investing heavily in cyber security often base their investments on technology, but don’t sufficiently attend to the human side of the problem - which is a very important issue and requires cyber security training and engagement for all employees.
The reasons why employees are so important for the operations security is because often cyber criminals will perform attacks on an organisation using phishing emails and similar tactics, making employees the first line of defence that needs to be strengthened.
Of course, computers and apps aren’t clicking on phishing emails, humans are, so that’s where cyber security investments need to be focused.
Employees are also the ones with everyday access to many of the organisation’s computers, networks and systems, which means they play an important part in building resilience in the threat landscape.
This means that organisations need to spend more time and thought creating a more sophisticated cyber security culture and behaviour change within their organisation - training is a very important part of this process.
“A recent report by Cyber Security Intelligence showed that over 60% of most organisations employees have not received effective cyber security training"
Despite the fact that some organisations have a partial focus on developing cyber security awareness, few individuals actually understand their role in the organisation’s security culture.
A recent report by Cyber Security Intelligence showed that over 60% of most organisations employees have not received effective cyber security training, so it’s no surprise for instance that 96% of them still save passwords on their devices so they can ‘remember them’.
But when standard security training often means a bland instructional video or a boring PowerPoint presentation, we can’t really blame employees for a lack of awareness.
Effective cyber security training is difficult to do well. Security awareness training for end users is often too broad and sporadic to cultivate real needed skills for safe operation on networks.
Often the responsibility for cyber security dwells in IT, or information security, whereas responsibility for training resides in human resources.
Typically, IT specialists lack responsibility for and proficiency in training. HR professionals are uniquely positioned to understand the role of trained employees in cyber risk mitigation and to mediate solutions for an organisation’s cyber security challenges.
However, they often do not have expertise in cyber security and they may lack technical expertise in cyber defence.
Each aspect of the organisation knows part of the solution but none knows the whole solution and the result is disjointed and dysfunctional education and training.
"Cyber security awareness training needs to be more than a mere annual necessity"
Cyber security awareness training needs to be more than a mere annual necessity. It needs to be an interactive and engaging experience that will solidify their role in the security posture of the organisation.
Why not discover what this approach could look like by reaching out to us at firstname.lastname@example.org Visit our website www.go-cyber.com , follow us on twitter @GoCyber_app or join in our Linkedin community @GoCyber_app