Training is the key to helping the enterprise avoid cyber threats from phishing or other means.
One of the most devastating things that can happen to a business is a cyberattack, but business executives are not confident employees have had sufficient security training, according to a CybeReady report released today, "The State of Security Awareness Training," which found 75% of execs to believe the most likely catalyst to a cyber attack is phishing.
CybeReady's report is based on findings from the Osterman Research white paper, "The ROI of Security Awareness Training." Phishing attacks topped the list of concerns for decision-makers with nearly 75% of executives citing phishing emails as the most significant threat. Those executives regard training as a better way to deal with this threat, but approximately 60% of users receive training less than once a quarter, meaning organizations are not being adequately trained, even with current solutions.
The most relevant finding of the report is that "Learning by doing is the most effective principle in adult learning," said Shlomi Gian, CEO of CybeReady. "As adults, we do change behavior when we make a mistake and that's the best way to get our attention."
Security awareness training is designed to bolster users' ability to recognize threats, such as phishing attempts, unusual requests that claim to be from the company's CEO, malicious advertising on web pages and more, threats designed to make users vulnerable to hacking, and subsequently, wreak havoc within an organization.
The report highlights executive concerns with phishing, business email compromise (BEC) and the unsatisfactory results, despite an increase in investment and effort. The study revealed that 58% of decision-makers view awareness training as superior to technology solutions when dealing with phishing and awareness training budgets are quickly increasing, faster than security budgets. MORE