3 key factors to make your cybersecurity training a success
Cybersecurity refresh training is becoming more critical as attackers become more sophisticated. Image: Getty Images/iStockphoto
- Cybersecurity training is essential for risk management as attackers increasingly use artificial intelligence (AI) driven phishing and malware to breach networks.
- New research reveals that 96% of executives believe that more organization-wide training and awareness will help reduce cyberattacks.
- While more than 80% of organizations surveyed have existing security awareness training programmes, executives must consider several factors when updating cybersecurity awareness.
The digital economy continues to evolve at a rapid pace, bringing new technologies, such as AI to every individual and industry around the globe. While AI benefits our society in numerous ways – from transforming sectors such as healthcare and education – cybercriminals are rapidly taking advantage of these tools.
Threat actors are harnessing technologies, including AI, to augment the volume and velocity of their attacks, making it inevitable that enterprises will fall victim to a cyberattack. Nearly 90% of organizations experienced one or more cyber incidents last year.
While there is rarely a single cause of a cyber incident, security and IT leaders say that multiple factors increase the likelihood of a breach, including having an IT or security staff that lacks the right skills (58%), as well as a lack of employee security awareness (54%).
The World Economic Forum Strategic Cybersecurity Talent Framework, released earlier this year, sheds light on the challenge. It states:
“As a systemic risk, there is growing concern about the potential impact of the cybersecurity workforce deficit on national security, critical infrastructure and the overall resilience and security of economies and societies. Moreover, the proliferation of cutting-edge technologies – such as generative AI, quantum computing and internet of things (IoT) – introduces new risks, expanding the attack surface and, therefore, further amplifying the need for a cybersecurity workforce equipped with evolving know-how.”
Since most malicious efforts target users directly, cybersecurity training and awareness initiatives are vital parts of an effective risk management strategy.
Employees can serve as a strong line of defence against attacks but only when equipped with the proper knowledge.
Shifting attacker strategies
According to a Fortinet report, more than 80% of organizations surveyed have existing security awareness training programmes.
Yet as technology quickly evolves and attackers advance their techniques, executives must consider key attributes when refreshing or creating a cybersecurity awareness training initiative.
A leading concern among executives is AI-driven attacks, with more than 60% of leaders expecting their employees to fall victim to attacks in which cybercriminals use AI.
Nearly all executives are already taking steps to combat potential attacks – 96% of those surveyed say their security teams are researching, implementing or already have incident response plans that focus on mitigating AI-related threats.
However, one of the primary ways threat actors use AI is to make phishing schemes harder to detect. Because phishing attempts target individual users directly, organizations must focus on teaching employees how to identify and avoid these attacks.
As a result, organizations are reevaluating their risk management strategies, including how cybersecurity education and awareness training must evolve as attackers embrace new technologies and tactics.
Most leaders say phishing prevention is part of their training programmes and plans. Other topics leaders prioritize include data security (48%) and privacy (41%).
Cyber awareness impact to society
While each organization takes a unique approach to cybersecurity education, one thing is clear: regular training and awareness are imperative to building a cyber-aware culture.
Fortinet research shows that 96% of executives believe more organization-wide training and awareness will help reduce cyberattacks. This awareness is undoubtedly crucial for enterprises but also benefits individuals in their personal lives.
When leaders support security awareness and training, organizations are more likely to see improvement after implementation. An overwhelming majority (89%) say their organization saw at least some improvement in its security posture after security awareness and training were implemented – and not a single respondent said they saw no progress.
Cyber awareness programmes – key factors
It’s encouraging to see cyber risk management becoming a corporate priority. As executives reevaluate an existing or develop a new cyber education initiative, key factors to consider can increase the programme’s chances of success.
- Define objectives. Some leaders assume that introducing a security awareness initiative will automatically alter user behaviour, which is rarely true. Creating and communicating a vision for the programme is vital. Employees will be more responsive to the effort if they understand its objectives.
- Identify champions. While the chief information security officer may lead the effort, it’s important to identify collaborators and programme champions for the initiative throughout the organization. Find opportunities for executives outside the company’s security function to discuss the programme’s value.
- Continually review. Carefully consider the content and periodically reassess the organization’s cybersecurity awareness needs. While every programme should address critical areas of concern, each enterprise requires unique educational material.
Cybercriminals will continue evolving their methods, making security awareness and training efforts a foundational element of every organization’s risk management programme.
Beyond teaching individuals how to identify and respond to threats, awareness and training help create a broader culture of cybersecurity that benefits not just industry but individuals and society at large, today and in the future.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.