How can we improve awareness training?

Bill Rosenthal from Logical Operations chats with CSO about the failings of end user security training, and where we can look to make improvements

empty parking garage
Credit: Bossi

As more companies face the realities of cybercrime, malware and data breaches, many of them are turning to security awareness training programs to keep their employees from becoming the next victim of an attack. But a lot of these programs are ineffective, giving employees a “read this email, watch this video” program, and the CSO a “box to check off”.

In the latest episode of Security Sessions, I spoke with Bill Rosenthal, CEO of Logical Operations, about the lack of effective security awareness programs at companies.

Among the highlights of the video are the following sections:

1:14 The current state of security awareness training at companies.

2:49 What will it take to get more companies on board with security awareness training?

3:51 Why don’t end users follow cyber-security policies? How can IT engage them more?

5:37 Why going beyond self-assessment training is needed for most companies.

7:20 Figuring out different training for different employee roles.

8:54 Advice for security executives on improving engagement with end users beyond the weekly security email.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.