What is it? And why are security teams so crazy for it?
Let's start with the punchline:
Security Awareness Training is your key defense against 90% of cyber attacks.
Big claim, right?
Over 90% of cyber attacks start with Phishing, the key form of Social Engineering. And that's according to the annual Data Breach Investigations Report from industry heavyweight, Verizon.
If a casual household name like Verizon points to Phishing as THE primary entry point for cyber attacks, it would make sense to focus defenses there, right??
Ok, your time is valuable...
Security Awareness Training is the process of testing and training your employees on the cybersecurity risks your organization faces in today's fully connected world.
A comprehensive Security Awareness Training program typically includes:
1. Periodic Training Courses - provide understandable instruction on risks and defenses
2. Simulated Phishing Attacks - consistent, varied emails that mimic real-world attacks
3. Consistent Reminders - maintain continuous learning across your team with regular nudges to complete outstanding training courses
4. Remedial Training - once someone has fallen for a simulated Phish, your program should provide additional learning opportunities
If you're wondering who else promotes Security Awareness Training. Take a look at NIST's cybersecurity guidance for organizations. We've created a handy getting started overview, also.
NIST suggests organizations implement Security Awareness Training because it is the most effective defense against the most common cyber attack.
As with any critical learning objective, your Security Awareness Training program needs executive buy-in. And it could be the best thing for your executive team! After all, those execs are juicy targets for cybercriminals.
Cyber attacks are only increasing, and hackers just need one open door to launch an attack. Your organization and your people have to block all attacks, and the hackers need just one entry point.
The good news is that