Evolving your security awareness & training to enhance your security posture

The Covid-19 pandemic has brought about substantial changes to the way we think about security awareness, due to the widespread adoption of hybrid working. Security awareness extends beyond the office borders and IT teams are tasked with instilling a “security everywhere” culture on top of their existing challenges.

According to The Forrester Wave™: Security Awareness And Training Solutions, Q1 2022 Report this culture shift to hybrid working and security everywhere has created a well-needed disruption to a stagnant market. Many security awareness vendors have risen to the challenge, recognising that security awareness is no longer a tick-in-the-box exercise or something to remember in the confines of the office, but a skill to utilise in every aspect of modern life. To adapt to the shifting trends, vendors have created solutions that function to engage users, measure the real metrics that matter including your employees’ human risk score and use security awareness and training to build a strong culture of security within your organisation.

It is the advice of Forrester Wave that organisations searching for a new security and awareness training solution provider should look to providers that:

1. Focus on the ABCs: Awareness, Behaviour & Culture

To implement a strong security awareness culture and make significant efforts to reduce human risk within your organisation it is essential that you look for providers that offer human risk quantification and calculate risk based on actual user behaviour, not quiz and simulation scores. Then use security and awareness training to shape security culture. To do this, select vendors with unique and scientifically proven culture mapping tools.

2. Provide meaningful human risk & security culture metrics

Traditional security awareness and training program metrics such as training completion rates, quiz performance, and engagement metrics are fundamentally flawed. At best, these input metrics only tell you how to improve training, ignoring how you can improve behaviour, instil culture, or bolster your cybersecurity posture. Choose vendors that can help measure your employees’ human risk score. Once you know the risk profile of an individual or department, you can adjust your training and gain valuable insights about where to improve your security program.

3. Offer innovative & disruptive solutions

Mercifully, the days where vendors placed their focus on providing extensive, yet often dull libraries of content for employees to sift through are waning. For your employees to retain the knowledge and the exercise to have a positive return on investment, it is important that training is engaging and innovative. Using real-life examples and mock phishing attacks is a great way to make security awareness and training more engaging.

The number of cyber attacks resulting from social engineering is at an all-time high and a recent update from the Information Commissioners Office suggests that all organisations should be providing security and awareness training to all employees as standard. For more information on how you can protect your employees with security awareness training please Click Here to speak to one of our specialists. Alternatively, existing customers can contact their designated Account Manager.