AI, cyber workforce gap, ever-evolving cyber attacks, bigger stakes, larger cybersecurity landscape, custom training content, mobile training…you’ve surely heard some or all these expressions attached to Security Awareness discussions.
However, have you stopped and thought about how this activity changed over the last years and where it is going in 2024 and beyond?
This was the central theme of our latest webinar, “Why Should Organizations Rethink Security Awareness in 2024?” featuring Dennis Legori, Associate Director of Security Awareness for Carrier. Here are some highlights from this conversation. For the full session, please access the video below.
The Evolution of Security Training
Dennis Legori opened the discussion by reflecting on the early days of security training, which often comprised annual, compliance-focused sessions. This approach, while fulfilling regulatory requirements, was insufficient in cultivating a lasting security-conscious culture. The RSA data breach of 2011 served as a pivotal moment for the industry, demonstrating that even the most fortified organizations could fall victim to sophisticated cyber-attacks.
Shifting Focus from Compliance to Engagement
The webinar highlighted a crucial shift in security awareness strategies – from a compliance-driven approach to an engagement and reporting-focused model.
Dennis emphasized the importance of fostering a culture where employees are encouraged and rewarded for reporting suspicious activities, rather than being penalized for mistakes. This approach not only enhances incident detection but also builds a more resilient and proactive security culture.
The Role of Gamification and Continuous Learning
Dennis shared innovative approaches to security training, such as gamification and immersive learning. By integrating elements like phishing simulations into daily routines and leveraging popular media for educational purposes, organizations can maintain constant vigilance and improved recall of security protocols among employees.
Key Metrics for Evaluating Security Awareness
The discussion also delved into the metrics used to evaluate the effectiveness of security awareness programs. Dennis highlighted the importance of tracking not just click rates in phishing simulations, but also the resilience ratio – the balance between reports and clicks. He also underscored the value of user engagement metrics, such as participation rates in live training and the number of ‘enterprise defenders’ or champions within the organization.
Building a Collaborative Security Environment
A significant takeaway from the webinar was the emphasis on collaboration between the security awareness teams and the Security Operations Center (SOC). By aligning these teams, organizations can ensure a more comprehensive and effective response to cyber threats. This partnership allows for a quicker response to incidents and a stronger overall security posture.
Conclusion: Towards a More Secure Future
As we look towards 2024, the key message from Dennis Legori and the webinar is clear: organizations must evolve their security awareness programs beyond mere compliance. By fostering a culture of engagement, continuous learning, and collaboration, we can build a more resilient and responsive security landscape.
Stay tuned for more insights and discussions in our upcoming webinars, as we continue to explore the frontiers of cybersecurity with industry experts.