SANS Security Awareness Report Highlights the Rising Era of Awareness Training

It thrills me to be able to post an article with this title.  I honestly do not believe there is anything more important and more impactful to the overall security of any organization than effective user awareness training.  An increase in effective training is an increase in overall security.

I have been a student of and an advocate for the SANS Institute for many years.  Lance Spitzner and his team do a marvelous job spreading the word of awareness and safety online.  This report is a good resource and a worthwhile read.  Enjoy!

New Bill Proposes Cybersecurity Training for U.S. House Members

Photo Source: Wikipedia

Don’t get me wrong.  I am excited and encouraged to know that certain members of the House recognized the need for cybersecurity awareness training for everyone in Congress and presented this legislation.  But I must admit that I am a bit sad and discouraged that it will take a literal act of Congress to force our government to train and prepare itself for these types of threats.

As the article mentions, this move is quite a few years late in terms of a best practices approach to cybersecurity.  Let’s hope it passes and our government can take another small step forward in the fight against cyber crime.  Let’s also hope that all other branches of our government see the value of this training and follow suit!

Cyber Security is About Culture and People, not Technology

Rarely do I agree as strongly with a post as I do with this content from the team at KnowBe4.  Successful cybersecurity defense is rooted in an aware and engaged organizational culture.  An organization needs consistent and effective security awareness training, and that training needs to be accepted and adopted and placed into action by all employees.  Everyone in the organization has a role and a responsibility in the success of the cybersecurity program.

Cybercriminals Double-Down on What Works, Nearly Doubling the Number of Phishing Attacks in 2018

Have you noticed a significant increase in phishing messages over the past year?  Have you noticed that these messages seem to be better crafted, harder to identify, and generally very sneaky?  The stats from the team at KnowBe4 bear out the truth that most of us have been living over the last couple of years.

This significant increase in well crafted phishing messages should be a strong motivator to increase awareness training for our end users.

C-Level Represents Biggest Mobile Security Risk

Near continuous use of mobile devices is certainly a concern for C-level employees, but do not take security awareness for granted.  Though individuals in these high ranking positions should be more aware than most of the cyber risks they face, they may not leverage that knowledge and take the right steps to protect themselves.  Continue to educate all employees including your C-suite.  Use that time honored adage from the back of your shampoo bottle – Train / rinse / repeat!

5 Signs Your Cybersecurity Awareness Program Is Paying Off

This article describes a dream many IT Security professionals have had – positive response from awareness training.  For the record, it does not have to be a dream.  It can be reality.  I have seen it happen, so do not give up.  Just last evening, I was speaking at a gathering of business professionals and I received motivated, engaging and intelligent questions from smart people actively seeking to improve their IT security situations.  End users and business leaders want to be trained and educated.  Keep training and sharing.

Half of IT Pros Say Insider Threats Are a Bigger Concern Than Hackers

I would place myself in the category of someone who believes the insider threat is the biggest risk to an organization, but with a strong clarification.  Insider threats are threats that are caused by humans – human error, socially engineered staff, and users with malicious intent.  People will make mistakes and no amount of technology can fully prevent those errors.  We must train our users thoroughly and often and we must prepare for the inevitable mistakes that will happen.