Security Awareness is a critical tool in an organization's toolkit. Yet, it tends to be a lower budget priority than other technical controls. According to recent research, 98% of organizations have a Security Awareness program, but only 23% use a mix of available education and training tools and techniques1. And, 29% strictly use simulated phishing tests. Given that most threats are human activated, this limited approach paired with security solutions alone isn't enough to effectively reduce risk.
In the latest Hashtag RealTalk with Aaron Bregg, Cadre's Manager of Knowledge Services, Tim O'Connor, discusses these issues and what companies don't understand about Security Awareness programs.
The podcast tackles the hard talk about security awareness, including:
- Security awareness is more than just phishing awareness training
- What businesses don't get about security education
- Risk assessments and vulnerability assessments are two different things
- The importance of table top exercises
- Brand name protection
- IT is NOT where the cybersecurity buck stops
1 Proofpoint. "Measuring Security Awareness Impact for Long-Term Success." 2021