Published September 2020
Sponsored by Infosec, KnowBe4, MediaPRO and Mimecast
Executive Summary
The goal of any corporate security infrastructure is to protect corporate data, access to on-premises and cloud-based systems, various types of sensitive information like login credentials and customer data, and even the physical assets used to manage networks and endpoints.
The conventional method of accomplishing the objective of securing these assets has been the deployment of various types of security hardware, software and cloud services, including firewalls, endpoint detection and response solutions, anti-virus software, secure email gateways, web application firewalls, and a host of other solutions. Underscoring just how important this approach has been is the fact that at least 2,336 vendorsi of these types of solutions currently operate worldwide, with new entrants joining the market continually.
However, cybersecurity technology can go only so far in protecting an organization. Because bad actors increasingly target users of corporate systems and services, these users must be adequately equipped to deal with a growing variety of threats directed at them, sometimes specifically at their role within the organization. Consequently, good security awareness training is essential in protecting the organization from security threats and the damage they can cause. But the goal of security awareness training should be the development of fundamental change in users – change in the way they think about security – that will translate into the development of a robust security culture.
Includes both our white paper and the associated survey report.