• United States



Make your employees your best asset in combating cybercrime

Jun 08, 20235 mins

Fortinet recently surveyed nearly 1,900 IT and cybersecurity decision-makers from around the globe to understand their concerns about and the actions they're taking to enhance cyber awareness among their respective workforces.

two asian businesspeople working at office.jpgs1024x1024wisk20cgn8a e l6u gyssbf ecxo3axkusvn6knobz
Credit: iStock

As cyber risks intensify and the threat landscape grows, there’s no better time to reassess your organization’s security posture. Having the right people, processes, and technologies in place is a vital component of any effective risk management strategy, including employees who play a crucial role in helping to secure the business.

While attackers are constantly finding new, creative ways to infiltrate organizations, the reality is that it’s typically employees—not just your security team—who are on the front lines when it comes to halting these cybercriminals in their tracks. Your workforce has the potential to be one of your best defenses against cyber incidents, but this is only possible if employees know and can quickly identify the common methods threat actors use to gain access to a network. And one of the best ways to ensure employees have this crucial knowledge is to implement an ongoing cyber awareness training program.

Fortinet recently surveyed nearly 1,900 IT and cybersecurity decision-makers from around the globe to understand their concerns about and the actions they’re taking to enhance cyber awareness among their respective workforces. Here’s a look at their responses.

Breaches aren’t a matter of ‘if,’ but ‘when’

In the past, it was easy to assume that significant cyberattacks only impacted large, well-known organizations or sectors in which prolonged downtime would significantly hamper operations.

Today, threats like ransomware are so ubiquitous—and increasingly simple for many novice attackers to execute thanks to maturing Crime-as-a-Service syndicates–that every organization, regardless of size or industry, is now a target. Case in point: The most recent Global Threat Landscape Report published by Fortinet’s FortiGuard Labs found that incidents involving destructive wiper malware increased more than 50% from Q3 2022 to Q4 2022, and that ransomware threats remain at peak levels.

Organizations are undoubtedly feeling the effects of this increase in the volume and variety of attack tactics that cybercriminals are using. The Fortinet 2023 Cybersecurity Skills Gap Global Report found that 84% of organizations experienced at least one breach in the past 12 months, with 29% experiencing five or more. And 65% of IT and cybersecurity leaders say they expect cyberattacks to increase in the next year.

Developing a cyber-aware workforce through effective training

Attackers are showing no signs of slowing, making it imperative that organizations implement proper safeguards to protect their assets. Having a cyber-aware workforce should be at the top of CISO and business leaders’ priority list, as cybercriminals routinely target employees. According to Fortinet’s new 2023 Security Awareness and Training Global Research Brief, 83% of the malware, phishing, and/or password attacks that occurred within organizations last year were targeted at users.

More than 90% of leaders believe that increased employee cybersecurity awareness would help lessen the occurrence of cyberattacks. Survey respondents believe that protecting sensitive data and systems while working remotely is the most important aspect of cybersecurity awareness for employees, followed by knowledge about protecting sensitive data in general and knowing how to avoid threats delivered via email, SMS, and voice.

The good news is that 85% of those surveyed said their organization has a security awareness and training program in place. But what’s concerning is that even though so many have already implemented cyber education strategies, more than half still believe their workforce lacks critical cyber knowledge. This gap suggests that existing training programs aren’t as effective as they could be, training isn’t conducted frequently enough, or the material isn’t being reinforced sufficiently.

While it’s encouraging that so many organizations are already making cyber awareness training a priority, it’s clear that there is still room for improvement. And other leaders outside of IT and security—including boards of directors—are taking a greater interest in cybersecurity strategies, including employee education efforts. The report found that 93% of organizations indicated their board of directors is asking about the organization’s cyber defenses and strategy.

Security awareness and training programs for employees

Whether you’re interested in implementing cybersecurity awareness training for your employee base or evaluating the effectiveness of an existing program, look for awareness and training services that not only cover the basics—like phishing, ransomware, social media use, mobile device use, social engineering, and cloud security, to name a few—but allow you to customize the content, such as including education on attack tactics that are unique to your business or industry.

As cybercriminals find new ways to carry out attacks, organization-wide cybersecurity education is an increasingly crucial component of any comprehensive risk management strategy. Empowered with the necessary knowledge to spot and thwart an attack, your employees can become one of your best defenses against cybercrime.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification program, Academic Partner program, and Education Outreach program—are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.