How Security Awareness Training Can Boost Your Organization’s Defenses
Human beings can be either the weakest link in cybersecurity or the primary bulwark against cyberattacks. It all depends upon each user’s ability to recognize the techniques hackers use to infiltrate systems.
Hackers don’t generally try to force their way through perimeter defenses — those kinds of efforts would likely fail and alert the organization of the attack. More typically, hackers use phishing emails and other social engineering techniques to dupe users into clicking on malicious links, opening malicious attachments or giving up their credentials. Once they gain entry to an individual user’s system, hackers can move through the network, stealing data and causing damage.
These attacks are relentless. In a recent report, Cybersecurity Ventures estimated that businesses suffered a ransomware attack every 14 seconds in 2019. That frequency is expected to increase to every 11 seconds by 2021, with global damages reaching $20 billion.
Individuals are hit even more frequently than businesses, and it’s easy to understand why. The average user doesn’t have the security controls that a business does and may engage in riskier online behaviors. Businesses are more likely to keep PCs up to date and to implement tools that detect attacks and block access to malicious websites.
When employees work from home, they no longer have the benefit of those kinds of controls. Security awareness becomes even more important.
Luckily, it can be taught. A well-designed security awareness training program can be highly effective in reducing the chance that a user will fall victim to a cyberattack. A study by KnowBe4 found that up to 45 percent of employees were susceptible to phishing attacks prior to training, but that number decreased by 75 percent after the program was completed. In a separate study of a Fortune 50 organization, 35 percent of employees fell for a simulated phishing attack prior to training but only 6 percent were tricked after receiving training.
One of the most important characteristics of any security awareness training program is consistency. One study found that random training reduced the likelihood of a successful attack by just 10 percent to 15 percent, while more consistent training resulted in a 50 percent reduction. Furthermore, employees who receive regular security training are more likely to feel that their organization is secure, which in turn promotes better behaviors.
Training should cover the most common security threats along with password security, safe web browsing and other basics. Organizations may also need to include training sessions on specific types of attacks and legal and regulatory requirements related to their industry. Sessions designed for executives, finance personnel and other groups of users may also be helpful. Ideally the training should be interactive and give students an opportunity to apply the things they’ve learned to real-world scenarios.
Despite its proven value, security awareness training initiatives can meet with resistance. Finance might be concerned about the cost, and operations about the business disruption. That’s why the support of senior leadership is so important. When upper management champions the program it will receive the necessary investments in time and money.
With so many employees working remotely, now is a great time to take advantage of online security awareness training. SageNet can help through our partnership with KnowBe4, an industry-leading provider of security training content. Through KnowBe4’s integrated platform, your team can access learning modules, automated campaigns, simulated phishing attacks and more. Let us help you transform your workforce into the first line of defense against cyberattacks.
SageSECURE, Managed Security Services
Interested in what our experts had to say?
Learn more about our services - all driven by the changing technology landscape.