Security awareness training key to changing security culture

3 Steps to Better Cybersecurity Training

September 24, 2020

As users receive more security awareness training, their ability to effectively deal with security threats increases, reveals a new study by MediaPRO, co-sponsored with Osterman Research. The report also found that boring security awareness training doesn’t make employees want to be secure.

“Our research found that users who found training to be ‘very interesting’ were more than 13 times more likely to make fundamental changes in the way they think about security compared to those who found the training to be ‘boring’,” said Michael Osterman, researcher and president of Osterman Research, who conducted the study.

The research supports the claim that employees get far more benefit out of interesting and engaging training, joining facts such as “the sky is blue,” and “water is wet.”

As users receive more security awareness training, their ability to effectively deal with security threats increases, the report found. The “before-and-after” picture displays that users who are properly trained are much more likely to spot phishing attempts, business email compromise, and other cybersecurity threats than are their untrained colleagues.

The study, Security Awareness Training as a Key Element in Changing the Security Culture, surveyed both everyday employees and IT managers and decision makers to gauge opinions on the current state of security training and awareness. The work was co-sponsored by training and awareness firm MediaPRO, who wouldn’t know how to produce boring training if you gave them directions.

Other key takeaways from the report include:

IT, security, and business leaders – while generally wanting to establish a strong cybersecurity culture within their organization – are somehow not conveying that idea effectively to a large proportion of their employees.
Security awareness training is perceived to be as important as technology in dealing with security threats and organizations will be devoting more employee time to training over the next year.
Approximately 45 percent of employees surveyed expect to spend 15 minutes or more per month in training by mid-2021; up from 26 percent in 2020.
Senior IT and business management are much more enthusiastic about security awareness training than are non-management employees.
Security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important; everyday employees, however, are much less convinced about the importance of doing so, indicating that the goal of developing a robust security culture has not yet been achieved in most organizations.

“Security awareness training doesn’t do anyone any good if they sleep through it. You can deliver the best security advice in the world, but if no one is listening, you might as well be talking to a brick wall” MediaPRO Chief Strategist Lisa Plaggemier said.

“Good security awareness training should get and keep your attention. That’s what it means to be engaging.” Plaggemier continued. “The reality is that nobody is immune from attacks. It only takes one click, which can happen in the blink of an eye, before you even realize what you’ve done. Think of how quickly we all move through our email on busy days. Add to that the stress of COVID. Simply put, human beings are fallible. It’s critical that organizations provide engaging employee training that drives home just how much information is available about all of us.”

To find out more, including detailed findings on what is the best format to deliver training, visit the report here: https://www.mediapro.com/report-security-awareness-training-key-element-security-culture/

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 October

This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.

View More Create Account

Security awareness training key to changing security culture

Related Articles

Related Events

Report Abusive Comment