Page 81 - index
P. 81
Is It Time to Outsource Your Security Education?
It has happened again. Although Jean has led half-day training sessions and sent repeated
emails about how her colleagues can better protect themselves and their company from cyber
attacks, another employee just clicked on a link in an email and launched a phishing attack.
What's wrong with Jean's approach to security training? After all, as her company's chief
information security officer (CISO), she's already doing her part to educate employees about
their vulnerability to attacks such as phishing and malware. But is she providing the right content
with the right message to the right employees in the right format? Probably not, and that's where
many internal security training initiatives fall short.
She has the right idea: Companies must have security training programs that teach their
employees to protect themselves from all types of threats, both cyber and physical. Jean's
problem, however, is that the imperative for training at her company is greater than her
resources, and because of that, she's treating security education as a one-size-fits-all process.
The solution: Outsource the training program to a third-party security education partner to take
advantage of industry expertise, on-target and cutting-edge training tools, and methodologies
that measure and deliver results.
Many companies like to keep security education in-house, to maintain control over training. After
all, businesses struggle to understand how outsourcing companies could possibly be a better fit
than an internal team that knows the company and its employees inside and out. Yet oftentimes
programs developed in-house don't engage employees in a manner that's causing a change in
their dangerous behavior. A different approach is needed.
Outsourcing Benefits are Huge
The global risk of cyber attacks is a real and growing threat, and could carry a whopping price
tag in the future, according to a report from McKinsey and Co. The cost—the material effect of
slowing the pace of technology and innovation due to a lack of cyber resiliency—could be as
high as $3 trillion by 2020.
These figures prove that companies need security education—and quickly. For most
businesses, outsourcing security education makes a lot of sense. Here's why:
Expertise is Key
In an outsourced security training program, content is developed by security experts who are
trained educators. On the other hand, internal teams may make mistakes, such as
inadvertently using examples of real-life attacks on the company, potentially embarrassing the
impacted employees. Your IT team may be up to date on the latest issues, but not always able
81 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
