.jpg?1656604822)
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain an engaged security culture.
Security awareness challenges
The seventh annual SANS Security Awareness Report asked over 1,000 security professionals about the state of security awareness at their organizations. The 2022 report establishes updated global benchmarks for how organizations manage their human risk.
The report identified weaknesses in common security awareness practices. The data shows that security awareness responsibilities are very commonly assigned to staff with highly technical backgrounds who may lack the skills needed to effectively engage their workforce in simple-to-understand terms.
The three top reported challenges for building a mature awareness program were all related to a lack of time: specifically a lack of time for project management; limits on training time to engage employees; and a lack of staffing.
How to create a successful security awareness program
When determining factors for security awareness program success, the report found three signals of top awareness enablers:
- Strong leadership support: One of the top ways to increase leadership support is speaking in terms of managing risk, not compliance, and explaining WHY security does something, not WHAT they are doing. Additionally, create a sense of urgency by utilizing data and communicate value by demonstrating alignment with leadership’s priorities.
- Increased team size: Documenting and contrasting how many people on the security team are focused on technology versus how many on the team are focused on human risk, creating a document to explain personnel needs fully, and developing partnerships with key departments that can help develop ways to communicate the program's value were recommended.
- Higher frequency training: It is recommended that organizations interact with or train their workforce at least once a month. Keeping training simple and easy to follow was the key to increasing your opportunities to engage and train your workforce.
For more report findings, click here.
