Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    7 reasons for security awareness failure

    iraheadshot

    Ira Winkler and Samantha Manke just wrote a great article at the CSO site about why security awareness programs fail. 

    They started out with: "There is a great dichotomy in Security Awareness. Just about all of the CSOs we talk to believe that one of their top priorities is to improve their organization's security culture — in other words, the behavior of their users. Similarly, we see article after article and study after study talking about how humans are the primary attack vector for advanced attacks. Some studies indicate that human exploitation is the key enabler in as many as 90 percent of attacks. Buzzphrases, such as protecting and attacking "Layer 8" have emerged.

    Yet we periodically see the media entertain notions that challenge the value of security awareness. While there are notable security awareness failings, awareness, like all security efforts, is about risk mitigation not complete prevention and needs to be implemented properly."

     The Seven Awareness Failures are:

    1. Not understanding what security awareness really is
    2. Reliance on checking the box
    3. Failing to acknowledge that awareness is a unique discipline
    4. Lack of engaging and appropriate materials
    5. Not collecting metrics
    6. Unreasonable expectations
    7. Relying upon a single training exercise
    Their conclusions: "Most security awareness programs are doomed from the start, but it doesn't have to be that way. You can implement the successful habits that we previously identified, but you first have to remove any impediments to success. By setting the proper foundation, you will be able to implement a program that has a true return on investment and mitigates what is described as the top vulnerability exploited by advanced attacks."
     
     
    Here at KnowBe4, we could not agree more! So read their article and learn about the pitfalls that might trap you.
     

     

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Phishing, Spear Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews