Practical safety awareness training
The emphasis here should be on success. This is because, according to Arctic Wolf, 88% of companies worldwide already have some form of IT security training in place, and another 10% are in the process of introducing this program within the next 12 months.
But not all security awareness training programs are created equal. In addition, end users often hate training regardless of best practices.
An interesting addition is the fact that only half of the 88% who have security awareness training have decided to purchase and implement IT security training. Another 44% decided to create their own security awareness program.
There’s nothing wrong with a company taking this step, says Arctic Wolf – as long as it takes time to build a high-quality program that reinforces key security concepts from time to time. But according to the survey, of the companies that have a security awareness program, only 42% use weekly topics and courses, more than half have a monthly rhythm, and 7% require their employees to complete these courses only once a year.
Furthermore, only 77% simulate phishing attacks. For the remaining 23%, programs are based exclusively on studies or explanations to explain potential phishing emails to their users. This is better than not educating users about how to identify phishing and report phishing attempts, training provider Arctic Wolf commented on the result, but it was not as effective as a practical method with phishing emails.
More transparency about security incidents
Another interesting result of the study: When it comes to security incidents, companies have been more transparent. Last year, only 26% of those affected worldwide decided to disclose all or at least some information about their incident, but in the current survey period two thirds (66%) made this information public. A third (30%) informed only the affected parties.
Source link