Today, the most surprising companies have jumped on the security awareness training bandwagon. Antivirus companies like Sophos, Kaspersky, Webroot and ESET are loudly promoting the fact that end user training is a must.
Well, until recently, the AV industry considered that promoting awareness training was an embarrassing admission that their product was not effective.
By now they seem to have realized that their antivirus product is not the "end-all" and really just only one layer of the defense-in-depth puzzle. There is no way that AV tools can be effective protection against social engineering. So, users need to be trained against that type of attack.
They also might be looking for additional sources of revenue as an "upsell" since Windows 10 has come out with an antivirus protection layer called Windows Defender which is "good enough" and is free with the OS. Perhaps they feel the threat of losing their customers who may use their AV budget to subscribe to end-user awareness training instead.
An ESET survey conducted this month sought to gain some insight into how much training organizations provided their employees. 17.9% said "a lot," 32.5% said "some," 16.3% said "a little," and a full third, 33%, said "none."
This is remarkably risky.
The obvious risk is that an organization will find itself compromised. But that might not be the biggest risk. Security training has increasingly become an important part of standards of care.
Organizations that fail to provide it expose themselves not only to being hacked, but to civil lawsuits, breach of contract claims, and considerable regulatory penalties.
A number of US states have laws that demand some form of security training. Organizations flout these at their risk. New-school security awareness training that awakens employees to the threat of phishing and other forms of social engineering is an important and surprisingly affordable way of managing such risk.
I strongly suggest you get a quote for new-school security awareness training for your organization and find out how affordable this is. You simply have got to start training and phishing your users ASAP. If you don't, the bad guys will, because your filters fail on average 10.5% of the time. Get a quote now and you will be pleasantly surprised.
Don't like to click on redirected buttons? Cut & Paste this link in your browser:
Let's stay safe out there.
Founder and CEO, KnowBe4, Inc