The hybrid work era has significantly increased the attack surface and the risk of data breaches. Organizations must reorient cybersecurity awareness training to limit human error. Let’s hear from experts on what it takes to build a robust security awareness program.
Ransomware attacks have risen dramatically in the last few years and continue to monopolize the headlines. As a result, in its 18th year for Cybersecurity Awareness Month, Cybersecurity & Infrastructure Security Agency (CISA) has encouraged individuals and companies to #BeCyberSmart. To refocus the attention on cybersecurity awareness, Toolbox asked cybersecurity and risk management experts to weigh in on this growing and costly problem and provide recommendations for cyber awareness training that meets employees’ needs.
In the hybrid work era, a significant proportion of the workforce is now working ‘outside of the perimeter,’ Daniel Clayton, VP of global security operations and services, Bitdefender said. Alerting to the fresh realities of handling sensitive data that employees are slowly adjusting to, Clayton explained that they are increasingly using devices that are out of the bounds of security teams, and this could sometimes lead to unintended data exposure, breach, or loss. A recent report The Psychology of Human Error, from Jeff Hancock, a professor at Stanford University and Tessian, found that 43% of employees have made mistakes that led to compromised cybersecurity posture while 43% have fallen victim to phishing scams.
According to Gary E. Barnett, CEO, Semafone, “This is where cybersecurity awareness training and employee education can come into play and ensure that organizations are alert to risks and take proper precautions.”
In a recent interaction with Toolbox, Sailpoint’s CISO Heather Gantt-Evans shared that in the hybrid era, cybersecurity awareness training could also be a source of community building with gamified training tournaments, lunch and learns, and more.
“In these circumstances we rely on the workforce to understand the potential risks associated with their situation, take precautions, and make informed decisions. In the past we could be loosely aligned, but highly governed. Today, we must be tightly aligned as we are governed less stringently,” Clayton further added.
While cybersecurity awareness has become a topic of great concern, what organizations should ask themselves is, are they doing enough to secure hybrid workers? What steps can they take to prevent employees’ security mistakes from turning into security incidents?
Check out six actionable insights to level up cybersecurity training for the hybrid work era:
1. Cybersecurity Awareness Training Must Go From Executive to Endpoint
2. Make Cybersecurity Awareness Training Mandatory for Employees
3. Cybersecurity Awareness Training Needs To Be Carried Out Regularly
4. Design Security Training and Tooling To Meet Employees’ Needs and Avoid Shadow IT
5. Create Training That Incorporates Employees’ Workflow Changes
6. Implement a PCI DSS Security Awareness Training Program for Employees
By Neha Pradhan