Undervalued and ineffective: Why security training programs still fall short

Research reveals a glaring disconnect between the need for security training and its perceived value. But organizations that have made their awareness programs a strategic priority and adopted more modern approaches are finding success.

A target floats aimlessly in an ocean of missed darts.

As a former U.S. Naval officer, Bruce Beam says corporate security training would benefit from adopting the military notion that you fight like you train.

In other words, he says, all employees need to be trained to combat the range of attacks they’ll likely face; all workers should be practiced in how to spot and respond to those threats. That way, when they’re face to face with the real thing, they can fight back just as they learned to do.

“We’ve got to impress on them how really important it is to be prepared,” says Beam, CIO for (ISC)², a nonprofit organization specializing in training and certification for cybersecurity professionals.

A prepared response to threats is the goal of security training programs, but data says organizations are falling short when it comes to getting their workers prepped for battle.

CSO’s 2020 Security Priorities research shows that 36% of security incidents stem from non-malicious user error such as being victim to a phishing scam or unknowingly violating security policy, while 27% of survey respondents say their organization provides inadequate security training for users.

To continue reading this article register now

7 hot cybersecurity trends (and 2 going cold)