One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1931635 |
| Date de publication | 2020-09-22 05:01:00 (vue: 2020-09-22 05:06:18) |
| Titre | Security awareness training explained |
| Texte | This blog was written by a third party author. Cyberattacks are an almost daily occurrence for many IT and security professionals, and there are a host of different security solutions in the marketplace today that look to help companies detect and prevent those attacks. However, despite all the technology organizations have in place, their users remain their weakest link. Phishing is still one of the top initial attack vectors. Why? Because, for a wide range of different reasons – from lack of knowledge to lack of responsibility – users are prone to fall for email and web-based scams. Organizations looking to create a more secure environment need to shore up every vulnerability that exists – and that includes their users. One effective way to help users become a part of the security solution and not a part of the problem is through security awareness training. What is security awareness training? Security awareness training aims to help your users understand the key role they play in helping to protect an organization’s data and other key assets. It also educates them on threat tactics, the use of social engineering, and the scam themes used in order to improve their ability to spot malicious content before they become a victim. It’s crucial that this training includes everyone within your organization – from the CEO to the person in the mail room – as each one can be utilized as part of a cyberattack. It should also include temps, contractors and anyone else who performs authorized functions online within your business. All these people have a role to play in ensuring an organization’s data is as secure as possible. Which organizations should pursue security awareness training? Security awareness training isn’t just something for large enterprises; employees across all business sizes need to be aware of the security threat landscape. Small businesses are just as vulnerable to attack as large ones, in fact often more so as they lack the assets to put in place the technology to protect themselves. A recent study revealed that 67% of small businesses reported a cyber-attack in 2018, up from 61% in 2017. Plus, many small businesses can act as a gateway to the assets of a larger organization for whom they perform work. Indeed, for many organizations security awareness training is essential to meet compliance regulations, such as CCPA, PCI, HIPAA, GDPR, or Sarbanes-Oxley. Security awareness training can take many different forms, but most successful training starts with either traditional classroom-based training or online training and is then supported by regular reminders. These can include follow-up emails outlining new threats and reminding people of their role in defending against them, visual aids around the office to help reinforce the security messaging, and even simulated phishing campaigns where your security team will send out a spoof phishing email and see who clicks on it. This latter one being a very clear way of showing how successful your training has been. Importantly, though in all this you need to remember that security awareness training is not a one-time thing; it is an ongoing process to ensure that security remains front of mind for everyone within your organization. Building a security awareness program At the core of a good security awareness program is ensuring that everyone within your organization has the appropriate level of understanding about the security threats your company faces, along with an understanding of the role and responsibility they play as part of your company’s cyber defenses. If you’re going to build out your own security awareness training program, there are a few key essential you’re going to need: Security champion |
| Envoyé | Oui |
| Condensat | hipaa or sarbanes pci 2017 2018 ability about access across act adapted afforded against aids aims all almost along already also anyone approach appropriate appropriate: are areas around as ccpa assess assets attack attacks author authorized aware awareness balance based because become becomes been before being benefits best blog bring build building built business business’ businesses but buy cadence campaigns can capture ceo champions classroom clear clicks communicated companies company company’s competing compliance consideration consuming content contractors core course courses create creating crucial culture current cyber cyberattack cyberattacks cybersecurity daily data defending defenses definitely desensitized design despite detect different documentation done down each earlier easily easy educates effective either else email emails employee employees encouraging engineering enough ensure ensures’ ensuring enterprises; environment essential even every everyday everyone execute exists explained external faces fact fall feedback find focus follow formal forms from front functions gateway gdpr get getting goes going good greater guard happens has have help helping here hit host how however hundreds importance importantly improve incident include includes indeed initial initiatives instead isn’t it’s its’ itself joins just key knowledge lack landscape large larger latter let level like link look looking mail malicious management many marketplace matched may mean measure mechanism mechanisms meet mentioned messaging mind mindset more most much need need: needs negative new not occasions occurrence of understanding off office often one ones ongoing online order organization organization’s organizations other out outlining own oxley part party people perform performs person phishing piece place play plus poignant possible possibly pre predetermined prevent priorities probably problem process professionals program promote prone protect provide providers pursue put quarterly quickly range reaching reality reason reasons recent regular regulations reinforce relevant remain remains remember remind reminders reminding reported resources responsibility results revealed rights role roles room scam scams secure security see send sending senior serious services set shore should showing simulated sizes skills small social solid solution solutions some something sometimes specialize specific spoof spot start starts stats strike study successful such support supported switched switches tactics tailored take team technology temps tests them themes themselves then therefore these thing thing; third those though threat threats through time times today too top traditional training understand understanding unless use used user users utilized vectors very victim visual vulnerability vulnerable way weakest web what when where which who whom why wide will within work written you’re you: your |
| Tags | Vulnerability Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.