Is it really any wonder that cyber security education has really taken off? After all, the majority of Americans fall for phishing scams, so say the headlines (and the statistics are staggering). With companies spending millions correcting cyber security errors, a few thousand on end-user training seems like a smart formula.But does cyber security awareness education actually work? Yes and no. We’ll take a look.
When it comes to protection against attack, the heat is on. After a series of global computer viruses (from WannaCry to NotPetya) swept through industries, the pressure cooker has turned up and people are looking for someone to take responsibility. Most incidents still start with a phishing scheme, from the attack on the Democratic National Conference to an infiltration on a Pentagon official.
While most individuals will not be held liable for personal phishing attacks that lead to fraud, certain professions are looking like they’ll be expected to maintain security. For example, lawsuits over hacked (and false) emails of lawyers. That means that your workplace interactions can make you, or your organization, liable for cyber threats. Familiarity with cyber threat intelligence, especially in fields dealing with sensitive information, and especially those not working for the IT department, could go a long way toward strengthening the security for all.
The other problem with education is that it isn’t always effective. From company-wide “sensitivity training,” to seminars on using Excel spreadsheets, the problems with educating employees reveal all kinds of difficulties with schooling. Some people can sit in an auditorium and learn from a PowerPoint presentation, and others won’t remember a word of it.
That means that you need to have other protective mechanisms in place, beyond such mandatory training. Set up systems which will:
It doesn’t do much good to lament that end-users “can’t spot a fake email.” Fakes are getting better and more effective. Adding security saves you from the effects of being bamboozled.
Despite these safety tactics, training can be very effective in reducing the success of cyber attacks. It requires a fun, more individualized approach. Consider using these techniques:
Real familiarity with current threat intelligence makes employee cyber security education much more effective. It’s about actionable intelligence, not fear tactics. Fear of liability, fear of causing organizational harm, and fear of some nebulous concept of hackers, will only go so far toward prevention.
Get real with threat intelligence feeds which provide industry-relevant insight into the real-time threats against gearing up to strike your business. We can help you develop policy and effective education while combatting real threats with effective tools. These factors combined provide the most complete protection against cyber attack.