Why Cybersecurity Awareness Programs Fall Short?
By Shlomi Gian, CEO at CybeReady
Phishing is still the most commonly used attack on organizations IDG’s 2018 US State of Cybercrime.
As of 2019, there is no proven solution to stop malicious emails from bypassing enterprise email gateway
and more importantly there is no awareness program that prevents busy professional from clicking on
these malicious emails.
As an important member of your company’s security team, you and your management understand the
importance of an effective employee awareness program and invest the appropriate budget and
resources. Unfortunately, you probably don’t feel completely comfortable with the results - the existing
training efforts are not ‘moving the needle’ and you’re aware that other companies who have followed the
same approach failed mitigate phishing attacks, which resulted in severe damage to the organization.
Why do most cybersecurity awareness programs fall short and is there any way to solve this?
- Training experts are hard to find – The typical IT professional who is technical-oriented did not sign
up for a training role and has not been “qualified to train” - a practice that entails (a) creation of
engaging content, (b) monitoring individual student progress and analyzing his/her progress over time
and (c) delivering personal training opportunities at a frequency that would yield continuous
improvement for each one of the students year round.