How can we improve awareness training?

Bill Rosenthal from Logical Operations chats with CSO about the failings of end user security training, and where we can look to make improvements

empty parking garage
Bossi (Creative Commons BY or BY-SA)

As more companies face the realities of cybercrime, malware and data breaches, many of them are turning to security awareness training programs to keep their employees from becoming the next victim of an attack. But a lot of these programs are ineffective, giving employees a “read this email, watch this video” program, and the CSO a “box to check off”.

In the latest episode of Security Sessions, I spoke with Bill Rosenthal, CEO of Logical Operations, about the lack of effective security awareness programs at companies.

Among the highlights of the video are the following sections:

1:14 The current state of security awareness training at companies.

2:49 What will it take to get more companies on board with security awareness training?

3:51 Why don’t end users follow cyber-security policies? How can IT engage them more?

5:37 Why going beyond self-assessment training is needed for most companies.

7:20 Figuring out different training for different employee roles.

8:54 Advice for security executives on improving engagement with end users beyond the weekly security email.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)