A new study shows boring cybersecurity awareness training doesn’t persuade employees to be secure.
As users get more security awareness training, their ability to effectively deal with security threats increases. Users who get proper training are much more likely to spot phishing attempts, business email compromises and other cybersecurity threats. That is in comparison to their untrained colleagues.
The research supports the claim that employees get far more benefit out of interesting and engaging training.
Lisa Plaggemier is MediaPro’s chief strategy officer. She said employers need to gauge their employees on the effectiveness of their cybersecurity awareness training.
“Some companies do this, but I think others might be afraid of the answers they get in return,” she said. “It might mean that you need a dedicated resource running your training and awareness program, who has a communications or marketing background, instead of a security engineer doing it as part of their job. You can also tie specific metrics to test the effectiveness. For example, does incident reporting increase once you’ve trained people on how to spot and report a potential incident?”
Other key takeaways from the report include:
Employers should buy training that really connects with people and doesn’t talk down to them, Plaggemier said.
“There are so many good options on the market these days,” she said. “There’s no excuse to run boring training. In some organizations, their own culture can get in the way. They resist using humor, for example, because it doesn’t fit with their brand or the security team feels you shouldn’t use humor for such a serious topic. Complex problems need creative solutions.”
Michael Osterman is researcher and president of Osterman Research.
There are two fundamental drivers for the growth of MSSPs. Technology helps organizations address their security concern. And MSSPs can help with this. Also, the cybersecurity skills shortage is motivating many CISOs to outsource at least some of their security to third parties.
“That said, we see the growth of security awareness training and the growth of technology-focused solutions, including the outsourcing of at least some security functions to MSSPs, to be synergistic,” Osterman said. “Outsourcing relieves some of the burden on already-overworked security staffers so that they can focus on the more onerous threats and attacks that take substantial time to investigate and remediate. And training enables users to detect and avoid many of the threats that will inevitably make their way through even the most robust security defenses.”
The study does point to overall progress being made in terms of cybersecurity awareness training, he said.
“For general phishing emails, there was a nearly six-fold increase in the percentage of users who are capable or very capable at detecting them after training compared to their ability pre-training,” he said. “We also found major gains in user capabilities at recognizing targeted emails and scams in social media after they received training. Plus, it’s important to realize that we were surveying organizations that have various levels of efficacy in their training, and so the most effective training would result in even better numbers than these.”
SolarWinds RMM Merges with Endpoint Detection and Response Capabilities
Cisco Partners Get Transformed, Role-Based, Unified Partner Program
SAP Warning Spooks Investors as Company Accelerates Shift to Cloud
COVID 19 Clicks Summary
COVID 19 Clicks Infographic
Tech Data-DLT Solutions U.S. Army Contract Win Good for Partners
MSP 501 Vanguard Award: CyFlare and the Channel’s Security Operations Center Gap
Top Gun 51 Profile: Axcient’s Angus Robertson Wants You to Know About PLG
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.