SANS: Security Awareness Training is On the Rise



Providing users with Security Awareness Training is a critical part of a security strategy. According to the latest data from SANS, more organizations are using awareness training in 2019.

8-8-19 Image

Every year SANS puts out their annual Security Awareness report. This year’s report, entitled the 2019 Security Awareness Report: The Rising Era of Awareness Training, highlights both SANS’ Security Awareness Maturity Model, as well as where organizations fit within the model.

The maturity model is broken out into 5 stages:

  • Non-Existent: No awareness program of any capacity exists.
  • Compliance Focused: A program exists primarily to meet specific compliance or audit requirements with infrequent annual or ad-hoc training.
  • Promoting Awareness & Behavior Change: The program uses continual training throughout the year, with content encouraging behavior change at work and at home.
  • Long-Term Sustainment & Culture Change: The program has the processes, resources, and leadership support in place for a long-term lifecycle and establishing awareness as part of the organization’s culture.
  • Robust Metrics Framework: The program has an ability to track progress and measure impact using specific metrics for continual improvement.

According to the report, the majority of organizations sit in the Promoting Awareness & Behavior Change stage, where a culture of security has not yet been established, but users are being continually educated on both the need for security-mindedness and specific attack methods and tactics used – all in an effort to elevate the user’s ability to play a part in stopping a cyberattack.

A slow-but-steady shift towards more mature stages of the maturity model is evident when comparing the last 3 years of data. According to the report, the bottom two stages have reduced by 2-6% over the last three years, with the top two stages increasing by about 5% each. This demonstrates a growth in interest by organizations towards adopting and supporting continual security awareness training, and more mature implementations of security awareness programs.


Find out how affordable new-school security awareness training is for your organization. Get a quote now.

 
Get A Quote
Request A Demo
 



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews