It's a well-known fact that employees are the weakest link in IT security.
There is good news though! New research from our friends at Wombat Security Technologies and the Aberdeen Group gives a solid foundation to the anecdotal evidence that end-user education can change employee behavior. When they are
exposed to cyber risks like phishing, social media, and other attack vectors,
security awareness training can reduce your organization's risk by as much as 70 percent.
The newly published report concludes that despite soft- and hardware protection being in place, the vast majority of security incidents are caused by actions of untrained company employees. This new report clearly demonstrates that your relatively low investment in security awareness training significantly helps you to significantly improve your level of defense-in-depth. It's a great tool to get budget.
"It's important for security teams to communicate clearly about the risks that organizations are accepting when their employees' response to cyber threats is not addressed," says Derek Brink, VP and Research Fellow for Aberdeen Group, at Harte Hanks Company. "While the public disclosures of the past several months have provided some startling examples about what can happen when security awareness and training is ignored, Aberdeen and Wombat have developed this model to address the most basic and logical question that security teams so often struggle to address: How does an investment in changing end user behavior through innovative security education solutions actually reduce the organization's risk?"
The report concludes that creating budget for security awareness training is effective in changing employee behavior and measurably reduces security-related risks by between 45 and 70 percent. Well, I'm glad someone did the homework and came up with some hard numbers. You can get access at this report for FREE at the Aberdeen group, but you do need to register.
Find out how affordable Kevin Mitnick Security Awareness Training is for your organization.