Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Awareness training: How much is too much?

Taylor Armerding | Sept. 16, 2016
Security awareness training is one of the most effective ways to strengthen what is generally known as “the weakest link in the security chain.” The key is to make employees skeptical without paralyzing them with paranoia

stacy shelley

The more relevant the training is to how the user operates day-to-day, the better it will resonate and be retained. 
Stacy Shelley, vice president and chief evangelist, PhishLabs

“What technologies do they use? What threats are they likely to encounter? The more relevant the training is to how the user operates day-to-day, the better it will resonate and be retained,” he said.

There is general agreement that any generally good thing – physical fitness, diets, working – can be overdone. Still they say regular security training is not overdoing it.

Regular fake spear phishing tests, rather than sowing distrust, should, “help the organization know who are the biggest offenders and how to better train them,” Loomis said.

Shelley suggested thinking about awareness training, “as conditioning, in which an individual’s susceptibility to attack will increase over time without frequent training to keep them sharp.”

But, it is also important to be realistic about what can be accomplished.

“Training can absolutely reduce the chance and percentage of those who fall victim,” Spitzner said. “Most organizations can reduce failure rate to less than 5 percent. Can they make it 0 percent? Absolutely not. Can any control reduce risk to 0 percent? Absolutely not.”

Cloudsec Banner Top

To meet world-class experts in cybersecurity, don't miss CLOUDSEC Singapore 2017, 22nd August 2017, Singapore. Click here to attend 

Cloudsec Banner Bottom

Cloudsec Logo

 

Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.