Digital technology has changed the way we live and work, for better and for worse. The negatives include fake news and cyber crime. COVID-19 has created new opportunities for cyber criminals to exploit remote workers.
Businesses which concentrate their cyber security investments in technology neglect the human factor. All employees, from senior management to part time, are an organization's largest vulnerability. The best technology can be undermined by an employee clicking on a phishing email.
Organizations must create a sophisticated cyber security culture. Training is an important part of this process. However, effective cyber security training is difficult to do well. It is often too broad, too sporadic or too boring to cultivate needed skills.
If cyber security is the responsibility of IT professionals while training is the responsibility of human resources, neither department will do well unless they are cross-trained. Officers and directors often lack knowledge of threats; have not had cyber security audits; and have not trained their employees in the past twelve months.
The Cyber Security Intelligence website now issues reports evaluating the positive and negative aspects of current cyber training programs. Reports discuss background and objectives; training methods and activities; and present key findings and recommendations. You can contact them at cybersecurityintelligence.com.