As organizations seek to find ways to increase the effectiveness of their security stance, many are realizing the value of a cybersecurity-aware employee helping to keep the organization secure.
In many ways, cybersecurity is about behavior – the behavior of the attackers, the social engineering methods they employ, the tactics they use to avoid detection by security measures in place, and how they trick users within an organization into becoming their next victim. Security solutions seek to identify and stop attacks based on behavioral attack cues, but attackers are still finding ways to reach a user’s Inbox through phishing attacks.
What’s needed is to upgrade the human firewall, according to Sai Venkataraman, in his article Security awareness programs: The difference between window dressing and behavior change.
To leverage a user as part of a security posture that seeks to protect the organization from such attacks, it’s necessary to see a change in the user behavior when interacting with email or the web. Instead of taking every piece of content at face value, instead organizations should seek to have users interact with a sense of vigilance, always looking to make certain emails are legitimate, are from who they claim to be, and aren’t attempting something malicious.
Users that undergo continual new school Security Awareness Training are taught about the various kinds of scams and attacks that are used today to help your users be able to identify malicious content – even if your users never seen or been taught about the particular scam in question. Security awareness training also help to create a security culture within each employee, causing real behavioral change when it comes to incorporate good cybersecurity habits into every day work.
You can read Sai’s article here.