Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Is Your Security Awareness Training Program Broken?

    users are the weak link in IT Security

    Steve Ragan over at CSO Magazine wrote:

    "A new study on user risk shows that employers are willingly conducting user awareness training, but only half of them follow-up with additional tests to gauge such training's effectiveness. 

    "As network defenses grow stronger, and the gaps within those various layers of protection shrink, criminals are looking towards the soft targets, including employees, contractors, and customers, in order to launch an attack. Such knowledge isn't a secret, this is why user awareness training exists; it helps mitigate the risk associated with soft target attacks, including phishing and social engineering. 

    According to the 2013 Verizon Data Breach Investigations Report, 29 percent of the attacks referenced by Verizon could be traced back to social tactics, such as phone calls, email, and social media (e.g. Facebook, LinkedIn, or Twitter). This type of data is often what drives awareness programs, and why companies spend money in order to teach employees how to spot Phishing scams and how to limit their exposure online.

    However, teaching without testing opens a rather large gap in the overall usefulness of such programs. In a recent study published by Rapid7, based on responses from IT professionals representing more than 550 organizations, it was revealed that 66 percent of those firms conduct user awareness training, but only 33 percent of them actually follow that training with tests to measure effectiveness.

    So in Rapid7's survey, the real story is that 50 percent of those surveyed admitted to having broken awareness programs. Going back to Verizon's data, Phishing accounted for at least 22 percent of all the reported incidents documented in the report. At the same time, the research points out that even the most targeted and malicious attacks an organization faces often rely on relatively simple techniques such as this to get started.

    When it comes to making a dent in socially-based attacks, the organization needs to have awareness programs that teach and test, alongside common technical controls, such as email filtering and endpoint protections."

    And that is exactly why we built KnowBe4 with its Kevin Mitnick Security Awareness Training. We train and test, test, test the whole year through.

     

     

    Return To KnowBe4 Security Blog

    Topics: Social Engineering, Phishing, Spear Phishing, Security Awareness Training

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews