According to security compliance vendor ThreatSwitch in their 2021 Industrial Security Benchmark Report, organizations are waking up to the need for better awareness training.
The shift to a partially or completely remote workforce has had repercussions felt for the last 3 quarters by organizations worldwide. I sounded the alarm last year not just once, but twice about how remote work isn’t making organizations any more secure. And with the security of remote employees being a top cybersecurity concern in 2021, it’s necessary to get a bit more practical and determine how to make the employee (and, therefore, the organization) more secure.
According to the ThreatSwitch data, 23% of organizations see the lack of a security culture and employee participation in a security program as their biggest security obstacle – which means, the organizations recognize the problem and are feeling the pain.
To address this, I noticed two related facts from the report:
First, 49% of organizations said they plan on increasing budget to training, with another 46% keeping it the same, and only 5% reducing their training budget in 2021.
Second, of the security frameworks organizations are working to more strictly adhere to, the greatest focus (by 74% of organizations) is the Cybersecurity Maturity Model Certification (CMMC). One of the many domains of focus within CMMC is Awareness Training. Digging into the certification a bit deeper, of the 5 maturity levels CMMC establishes, there are 3 levels with practices you can implement:
Source: CMMC
Many security practitioners believe the user is the one part of the security environment you can’t patch. Or can you?
The reality is by following the CMMC guidance (necessary for certification) around Security Awareness Training, you’re not only implemented recommended best practices, but are also making the least secure part of your environment far more secure.
