Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Security awareness training

Issue 2/3 2023 Training & Education, Security Services & Risk Management

By Tyrone Meyer, Proofpoint Training Awareness, Obscure Technologies.


Tyrone Meyer.

Most organisations don’t have a lot of time to make an impact with their security awareness programmes, but are faced with compliance obligations that must be met. It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users. This latter must be based on the knowledge gaps they have and the topics that they need to learn about now.

Currently there are two issues facing us today:

• How to keep users engaged?

• How to account for an education programme that factors in your globalised audience?

Ultimately, the goal of any security awareness programme is to drive behavioural change and drive actual security outcomes. It’s true to say that your company is only as strong as your weakest user, but what does this mean? Basically, you want to see fewer people clicking on malicious links, not only in simulated phishing tests, but in real-world attacks. However, if users mess up, you want them to learn from their mistakes. Without follow-up education users will continue to make the same mistakes in the future.

You want to work for a situation where more employees report suspicious emails, proactively helping you to keep your organisation safe. Data from the SOTP Report shows that a little over a third of organisations currently educate employees about best practices for reporting. If users don’t know what to do when they get a malicious email, how will they know how to act appropriately? What you don’t want is users reporting on random spams or low-risk emails. You want end-users to know what a potential threat looks like and report on high-risk emails, and know how to tell the difference.

To help customers build a strong culture and shape existing behaviours, values and beliefs towards it, you need to organise a solution into three key steps – an ACE Framework – Assess, Change Behaviour and Evaluation.

Assess: The first step is to assess current culture, knowledge and skills to help establish the baseline and understand where the gaps are and what users believe. This helps inform a programme focus and aids with evaluations. Customers can do this using a variety of tools like knowledge and culture assessments.

Change Behaviour: The second step is to help customers execute on their behavioural change programme. This consists of three key components: automation, adaptive learning and the reinforcement of that learning.

• Automation is very important: security teams can get inundated with user reporting of suspicious messages and threats. It is necessary to provide a way to automate remediation of threats. This approach saves time and resources.

• We also know that one size does not fit all, and this couldn’t be truer for training. An adaptive framework makes it easy to deliver continuous learning throughout the year, adjusting the style of learning and the size so that it fits easily into people’s daily schedule. This helps them move along a path that increases skills level over time across key security domains, and based on role. Think targeted education that’s geared right to where users need to be learning at any given time.

• Reinforcement is also key to combatting the forgetting curve. Using existing tools like threat guided training and email warning tags (providing contextual nudges) are some examples, as well as teachable moments, videos, and more.

• Evaluate: you want to be able to evaluate your programme regularly and make changes as needed, to get results.

Above all, remember, this is a cycle, not a linear process. It is constantly restarting and improving.

Now that we’ve covered the stages of the ACE framework, it’s necessary to take a holistic approach to security awareness education. You need to use a threat-driven content informed by threat intelligence to drive educational modules and help users be prepared to face threats in the wild. A tailored education is not only based on users’ roles and knowledge gaps but is also informed by user vulnerabilities, which must be captured using threat intelligence.

Threat detection capabilities also automatically analyse user-reported messages for fast, time-saving detection. You need visibility to help you communicate the impact of your programme to your leadership team, and to help inform future changes you are considering for your security awareness.

These components come together to help save you time, resources, and enhance the administrator experience – which helps you expand and scale your growing business.




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Partnership addresses fire hazard mitigation
Brigit Fire (a Division of Hudaco Trading) Elvey Security Technologies Fire & Safety Security Services & Risk Management
Brigit Fire has partnered with the Elvey Group. The collaboration will see Brigit Fire distributing both the advanced C-TEC addressable fire detection systems (CAST Technology) and GreenMist lithium extinguishers.

Read more...
Fire protection for a solvent extraction plant in Africa
FS Systems Fire & Safety Security Services & Risk Management Mining (Industry)
A prominent mining site operates a state-of-the-art solvent extraction (SX) plant, integral to separating and purifying metals from ores, which pose significant fire risks, as SX processes involve highly flammable organic solvents and elevated operating temperatures.

Read more...
Unique fire detection challenges in hospitals
Securiton Fire & Safety Healthcare (Industry) Training & Education
Africa’s healthcare sector is a growth opportunity for business as new hospitals bring better health for millions, and the fire safety industry has a key role to play by ensuring these long-desired new hospitals do not go up in flames.

Read more...
Taking fire safety seriously
G2 Fire Editor's Choice Fire & Safety Security Services & Risk Management
To gain insights into how fire systems must be designed, installed and maintained, SMART Security Solutions asked Nichola Allan, MD of G2 Fire, for some insights into the local fire market.

Read more...
SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
How to securely manage your digital footprint
Information Security Training & Education
Managing your online presence is critical to safeguarding your privacy and security. It is imperative to take a proactive approach, including using robust cybersecurity best practices.

Read more...
Innovation and security go hand in hand
Technews Publishing Facilities & Building Management Security Services & Risk Management
In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.

Read more...
Cybersecurity fatigue: A growing risk with AI-driven social engineering attacks
Information Security Training & Education
Despite the significant amounts of time and money invested in cybersecurity training and awareness, employee carelessness and ignorance remain the most vulnerable parts of the average enterprise’s security posture.

Read more...
Bomb threat landscape in South Africa
Editor's Choice Security Services & Risk Management
Over the past 25 years, South Africa has faced thousands of bomb threats and explosive incidents annually, imposing a significant economic burden on the nation, costing billions of rand.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.