For the past several years now, 93% of digital attacks attempt to exploit the human factor, according to a recent study by IBM. People represent the “human factor” in the crosshairs of cyber attackers. The only defense against such attacks is education—or in industry terms, “security awareness training.”
Indeed, cybersecurity awareness training is an essential knowledge that enterprises can’t afford to overlook. Let’s face it. Much of today’s conventional cybersecurity training is simply an annual, check-the-box exercise. Unfortunately, lackluster training often results in employees being unprepared to recognize or respond to real and evolving threats.
Don’t Just Set it and Forget It
Because of the rapidly changing environment and the long list of vulnerabilities, security awareness training also cannot involve a one-shot or a “set it and forget it” approach. Most people grab their mobile phones first thing when they wake up. Why? Well, it’s a habit. And, according to research on habit formation and behavior change, repetition is a critical step in forming a well-entrenched habit. So, when it comes to online cybersecurity training for employees, make sure to offer it often, and with plenty of opportunities for practicing safe online behaviors in between.
continue reading »