We're missing out on the value of security awareness

When a program is ineffective, the problem is usually that the training wasn't designed in a way that would result in changes in behavior

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Security awareness gets no respect.

It can be extremely valuable, if properly implemented. Too often, when it falls short, that is seen as a mark against security awareness programs themselves, instead of a problem with the implementation. And implementation is often a problem, because security awareness is usually taught by untrained people.

Earlier this year, I read an article in CSO saying that security awareness would never eliminate social-engineered security threats and therefore was a waste of time. I disagree with this point of view and responded with an article of my own, in which I touted the many success stories of security awareness campaigns and noted that it is folly to believe that any security measure is ever going to be 100 percent effective.

The fact is, security awareness can provide the greatest return on investment of any security countermeasure.

To continue reading this article register now

Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.