Sponsored by VigiTrust
Published March 2022
Executive Summary
The goal of any corporate security infrastructure is to protect corporate data, access to on-premises and cloud-based systems, various types of sensitive information like login credentials and customer data, and even the physical assets used to manage networks and endpoints.
The conventional method of accomplishing the objective of securing these assets has been the deployment of various types of security hardware, software and cloud services, including firewalls, endpoint detection and response solutions, anti-virus software, secure email gateways, web application firewalls, and a host of other solutions. Underscoring just how important this approach has been is the fact that at least 2,336 vendors of these types of solutions currently operate worldwide, with new entrants joining the market continually.
However, cybersecurity technology can go only so far in protecting an organization. Because bad actors increasingly target users of corporate systems and services, these users must be adequately equipped to deal with a growing variety of threats directed at them, sometimes specifically at their role within the organization. Consequently, good security awareness training is essential in protecting the organization from security threats and the damage they can cause. But cybersecurity is a journey, not a destination. As such, the goal of security awareness training should be the development of fundamental change in users – change in the way they think about security – that will translate into the development of a robust security culture.
Security awareness training must be compelling and memorable to result in serious change. Organizations should seek out vendors that offer quizzes, micro-learning experiences and other fun types of gamification that will keep users engaged.
