Provided by Nemertes Research

How to Create a Culture of Security Awareness

The recent success of Ransomware as a Service (RaaS) attacks has thousands of companies facing systematized extortion. The enterprise facing the decision of whether “to pay or not to pay” can usually thank an unaware employee—even a CEO—who fell victim to the oldest cybersecurity ruse, the phishing email.

The best defense against cybersecurity threats is a security-aware culture that permeates the entire organization and which touches anyone on the network—from the board to the lowest intern. For this culture to reach beyond the IT security team, enterprises must implement targeted and sustained security awareness training. Best-of-the-best security organizations consistently rate security awareness training as a top challenge. Yet when it comes to budgeting, companies often give training short shrift. The training budget and other factors will influence how a company approaches training.

Whether a company develops an in-house security awareness training program or opts to outsource to a third party, the steps must remain the same: assess, plan, develop, implement, monitor and maintain.

The spread of ransomware through email phishing shows that security is only as effective as the humans entrusted with it. Find out how to make your organization security aware.