Skip to main content

Lack of Employee Training and Communication Skills Drown Enterprise Security Awareness Programs

SANS 2017 Security Awareness, a new report by leading cyber security training and certification institute SANS, has revealed the lack of time dedicated to employee training and the lack of communication skills as the key reasons organizations’ cyber security awareness programs fail to meet their objectives. In identifying these factors, the researchers also found that women are twice as likely as men to be dedicated full-time to cyber security awareness. The report further went on to specify human resource allocation, partnerships, hiring of dedicated professionals, and fostering of security ambassadors as the four areas organizations need to focus on to dramatically improve the effectiveness of their awareness campaigns.

“There is no doubt that awareness programs play a vital role in strengthening IT security,” stated Ned Baltagi, Managing Director, Middle East & Africa at SANS. “While Middle East organizations are doubling down on their security investments, the challenges cannot be solved by technology alone. The behaviour of end-users, most commonly unintentionally malicious, are often the root-cause of data breaches, which is why SANS has worked to pinpoint the shortcomings of security awareness programs and provide enterprises with a clear outline for how they can overcome these.”

Time Constraints

Surprisingly, respondents did not cite budget constraints as an inhibitor to the success their security awareness initiatives. Instead, the biggest challenge appears to be time as over 75% of security professionals spend just 25% of their time on awareness. The report pointed out that to bring awareness up to a basic level, organizations should on average have 1.4 full time employees (FTEs) dedicated to these initiatives. This number increases to 2.6 FTEs in organizations that have the most successful awareness programs.

The Lack of Communication

Reported by 30.23% of respondents as their biggest challenge, the lack of communication and employee engagement is the other major hurdle that security awareness professionals face. This largely results from the inability of IT staff dedicated to this function to translate the impact human risks present to cyber security to their non-technical counterparts. While 80% of security awareness professionals have technical backgrounds, just 8% of them have soft skills backgrounds such as communications, marketing, training or human resources.

Not surprisingly, organizations that had the most robust security programs were also those that had complete buy-in from higher management, while 64.5% of organizations that did not receive sufficient support from company leadership categorized their awareness programs as non-existent.

Remedying Security Awareness Challenges

“In addition to dedicating the right resources and time to security awareness and working on the communications skills of security professionals, organizations should strategically leverage their budgets to hire resources who will get their awareness programs off and running. They should also identify and empower awareness ambassadors- employees who are committed to security initiatives and push their colleagues to do the same- as a cost-effective means to raise the entire organization’s security posture,” said Baltagi.

Comments

Popular posts from this blog

Cloud Computing powering India’s priority of ‘Digital-first country’

By: Sunil Mahale, India MD and VP, Nutanix
Digital transformation has been recognized as being vital to the growth of our nation. This transformation has enjoyed the unanimous approval and contribution from all stake holders including enterprises, MSMEs, government bodies and citizens. But this level of adoption in a country with a population of over a billion people would need a robust technology base that is capable to collecting and distributing vital data seamlessly.
Digital India envisions creating high speed digital highways, that will impact commerce and create a digital footprint for every individual. Technologies based on mobility, analytics, Internet of things and most importantly, cloud technologies are the building blocks for the digital India missionThere is a growing need to manage huge volumes of data, and making them readily available to public through digital cloud services. Cloud has a pivotal role in enabling this change.
While Data centers have become crucial to th…

RevStart launches its RevItUp Incubation Programme

Underlining its vision of creating a nurturing ecosystem for start-ups to grow in, RevStart, a co-working and incubation centre, has announced the launch of its RevItUp Incubation Programme. The 12-week long programme will be held at RevStart Incubation Centre in Noida from July 1, 2018 onwards. As part of the programme, RevStart will select five high potential start-ups from the ed-tech sector, AI, Consumer Internet, Sustainability, as well as for-profit social impact companies to assist them with developing their business, along with connecting them to global mentors across industries and sectors. In addition, start-ups selected for the programme will receive INR 5 lakh to Rs. 25 lakhs worth of cash and benefits, while RevStart will get an equity stake in the ventures.
The RevItUp Incubation Programme has been created to enhance the founding team’s industry, product, and company building knowledge and capabilities through a world-class curriculum. The programme will focus on tailor…

The Workplace of the Future

By: Arnab Ghosh – Director, Synergy Property Development Services)
Workplaces are undergoing a major transformation today to stay relevant. Conventional space planning and design approach for office space are slowly but steadily changing across the globe. What was a trickle a decade back is snowballing into a movement as we speak? The nature of the work we do and the time we spend in our workplace is driving this change. 
The Social Workplace The original office in the west was originally based on the factory floor design. The Workers occupied the maximum space followed by Managers and the Senior Executives in their glass cabins. The term “productivity” also has industrial roots. There were well-defined tasks and targets for the employees to achieve in their working time. All these have changed drastically over the last few decades and going to change further in the future. The culture of organizations has to adapt to this change to stay ahead and retain talent. Productivity is no long…