Security Awareness Training – An Integral Part of your Cyber Security Defense Strategy
As an information security leader you have difficult decisions to make about how you spend your valuable resources to deliver the best protection to your organization. If you’re like most you’ve probably focused first on implementing technology solutions. However, elite security leaders have the vision of turning their users into an army of cyber security defenders. This vision is also backed by leading industry analysts.
The firms below all agree on the importance of effective security awareness training as part of every organization’s information security strategy.
"In nearly 30 studies over 5 years, Aberdeen’s research has consistently shown that the leading performers were 70% more likely on average than lagging performers to invest in security awareness and education for their end-users. Too often, enterprise investments in technologies are diluted by lack of investment in their people, but the top performers invest proactively in end-user awareness and training as a means to make their end-users informed, accountable and productive."
“The key is not just ‘awareness;’ it is behavior change; as such, interactive security awareness training platforms help compliance managers effectively administer mandated employee education, prove the completion of training in the event of an audit, and actually change the way that employees behave. The result is lower risk for the organization. Companies that employ new interactive cyber security assessment and context aware security training software are reporting reductions in susceptibility to employee-targeted attacks, which translates to fewer breaches and lower remediation costs.”
“In 2012 we’re already seeing a sharp increase in data breaches caused by employees who lost or leaked confidential company data. Gartner considers a behavior-change oriented information security awareness and training program to be an essential tool for all companies, regardless of size. Without one, serious IT risks may be overlooked.”
“Users are often the weakest link in enterprise security strategy, and defenses have their limits in addressing the problem. Effective approaches to user awareness can make an important contribution to helping organizations get a leg up on the increasing threats to their business.”
"Training employees on how to recognize and avoid advanced persistent threats caused by phishing, social media scams, and other attack vectors should be an essential component to every CSO's cyber security strategy. Not only does effective training make the business more resistant to attacks, but it also arms users with skills that will benefit them when they are outside of the workplace."
“I think Wombat’s business model around email phishing prevention has a good future ahead of them. Content filtering tools are getting better, but so are the criminals and Frost & Sullivan research consistently indicates that the end user will always be the weakest link in a corporate security strategy. I look forward to an expanded selection of training modules in the future on a wide variety of topics and will be following Wombat more closely moving forward.”