THERE is a connection between increased cyber awareness among company personnel and decreased organizational risks to cyber breaches. That much is the core finding in Fortinet’s 2024 Security Awareness and Training Global Research Report.
The survey was conducted among 50 executive-level and management-level professionals in the Philippines and Malaysia at organizations that have cybersecurity awareness training in place. Survey respondents came from a range of industries, including technology (24 percent), manufacturing (16 percent), financial services (10 percent), and professional services (12 percent).
Other key findings
– As malicious actors use AI to increase the volume and velocity of their attacks, corporate leaders believe these threats will be harder for their employees to spot. Still, most respondents (92 percent) also say that enterprise-wide knowledge of AI attacks has made their organizations more open to implementing security awareness and training.
– Employees can be an organization’s first line of defense, although leaders are increasingly worried that their employees lack security awareness.
– Leaders recognize the importance of security awareness training but believe there are specific attributes that make some training programs more effective than others.
Latest threats
One prominent way in which cybercriminals use AI is to make phishing schemes more believable and harder to detect. Because phishing targets individual users directly, organizations are overwhelmingly focused on teaching employees how to spot and refrain from falling victim to these attacks.
– End users remain attractive targets of malware, phishing and password attacks that directly target individuals.
– As attacks evolve, security awareness and training will only become more vital.
– Nearly 90 percent say phishing prevention is a component of their training programs and plans. Other top training priorities include data privacy (62 percent), malware and ransomware (60 percent), and data security (50 percent).
First line of defense
While security and IT teams are crucial in safeguarding organizations against cyberthreats, employees also play an important role in preventing breaches.
– Employees are open to cybersecurity awareness and training opportunities as they view security awareness and training positively.
– Organizations see positive results when they implement security and awareness training programs, with a majority of leaders saying their organization saw at least some improvement in its security posture after security awareness and training were implemented.
Not all training programs are created equal
Most organizations are motivated to introduce security awareness and training based on their experience being breached or knowledge of threats in their industry or sector.
Almost all decision-makers say their leadership team supports implementing training to raise employees’ cybersecurity awareness. They also think increased employee awareness would strengthen the organization’s cybersecurity posture.
At the same time, respondents also agree that there are key attributes of training programs that are important for effectiveness, as follows:
– Engaging content is paramount. Lack of engaging content is among the biggest complaints against current security awareness and training solutions.
– Consider the time commitment required to avoid training fatigue. Demanding too much time on training employees could overburden them.
Cyber-aware workforce
One breach incident alone has significant repercussions for a business. Beyond teaching individuals what to do when they encounter threats, awareness and training lay the foundation for creating a culture of cybersecurity throughout the organization.
Fortinet offers its Security Awareness and Training service to businesses that want to develop a cyber-aware workforce. Designed by the Fortinet Training Institute, this service covers a broad range of topics, offers content customization opportunities, and reinforces learning with periodic reminders and checks. Organizations using the service also have access to a dashboard to track learner progress and reporting to address cyber insurance and compliance needs.
Be the first to comment