Cyber security awareness training shouldn’t suck!
A recent Harvard Business Review article stressed, “Spending millions on security technology can certainly make an executive feel safe. But the major sources of cyber threats aren’t technological. They are found in the human brain, in the form of curiosity, ignorance, apathy, and hubris”.
I totally agree with this assertion - cyber savvy employees, customers and business partners are a vital component of a cyber resilient enterprise.
In fact several studies reveal that effective cyber security awareness programs provide the highest return on security investments.
But let’s face it, most security awareness programs still suck. To many, they are as boring as filing tax returns. The mention of security awareness reminds them of someone reciting policy clauses, and repeating the same old messages: Always mix a jumble of alphanumeric characters when choosing new passwords, change them every 90 days, never share them with your partner, and so forth.
Worse more, non-compliance is often met with severe consequences, including dismissal.
But this is not always the case. Some organisations are embracing innovative learning and development programs to boost employee or customer cyber security engagement and drive results.
I am keen to hear how fellow professionals or cyber security vendors are addressing this challenge. Kindly use the comments section below to share ideas on how this critical function can be improved.