Page 86 - CDM Cyber Warnings February 2014
P. 86
It is time for employees to understand the importance of program that addresses the most prevalent or risky
security policies and learn how to put them into practice. employee behaviors first. The best results are achieved by
setting realistic goals to modify two or three risky security
While some argue that employees are incapable of taking behaviors at a time. As progress is made, more risks can be
an active role in cyber security, there is strong evidence that addressed with the addition of new training modules.
supports the effectiveness of education. Research shows
that organizations with well-understood security policies “Effective security
suffer fewer breaches and companies with an ongoing
security awareness program suffer 50% less breaches. training is about
Security officers that retire their old PowerPoint training
presentation in favor of new interactive cyber security quality, not quantity.
assessment and awareness training software are seeing
Training is better
positive results—including up to a 70% reduction in
susceptibility to employee-targeted attacks, which
received when it is
translates to fewer breaches and lower remediation costs.
New software-based training programs easily integrate into woven into daily work
dealers� existing security product and service portfolios to
meet this growing demand for more effective training routine”
solutions. Integrators, consultants and resellers alike are
taking advantage of this trend to drive incremental 2. Make it Digestible - Effective security training is about
revenues, increase customer penetration, and complement quality, not quantity. Training is better received when it is
security infrastructure sales. woven into daily work routine—using learning science
principles to build incremental success using �teachable
moments.� In just 10 minutes, interactive software training
sessions can measurably reduce employee susceptibility to
attacks. With administrative tools that allow security
managers to schedule and deploy training modules or
mock cyber attacks, security training can be presented in
the context that a person will most likely be attacked. When
an employee falls for an attack, a quick on the spot training
session can help him/her better understand the risks and
5 Key Security Training Program Success Factors learn how to avoid similar attacks in the future.
Here are some key user education program tactics that our 3. Keep them Coming Back for More - As the mobile app
customers use to successfully make people aware of explosion demonstrates—people love games and engaging
security risks and motivate them to change their behaviors. formats. The best security training solutions use this fact
to their advantage. With interactive elements, simulated
1. Prioritize and Focus - Successful security training is a environments, games featuring memorable characters and
process, not a one-time event. Security training solutions engaging scenarios, employees actually look forward to
that include analytics help organizations assess human risk training. This approach allows employees to self-pace
factors across multiple attack vectors including email, learning, practice concepts in multiple contexts and master
mobile devices, social networking and passwords. This skills through repetition. When employees respond (such
allows security officers to create a customized training as identifying a phishing scheme, creating a password or
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 86