Most organizational employees lack basic knowledge of cybersecurity.
- Writer: info@mps-asia.com at
- Tech news
DNVN – On October 28, Fortinet released the 10 Global Cybersecurity Awareness and Training Study Report, highlighting the important role of a cybersecurity-savvy workforce in managing and mitigating risks for organizations.
As malicious actors use AI (artificial intelligence) to increase the number and speed of attacks, leaders say they find it harder for their employees to detect these threats, the report says.
More than 60% of survey respondents predicted that more employees would likely fall victim to attacks by cybercriminals using AI. However, the good news is that most respondents (80%) also said that knowledge of enterprise-wide AI attacks has made their organizations more prepared to deploy cybersecurity training and awareness.
Employees may be an organization’s first line of defense, but leaders are increasingly concerned about their employees’ lack of security awareness. Nearly 70% of respondents believe their employees have a severe lack of cybersecurity knowledge, up from 56% in 2023.
As threat actors embrace new technologies like AI, employees in organizations and businesses must be a strong first line of defense, said John Maddison, Fortinet's chief marketing officer.
Leaders recognize the importance of cybersecurity awareness training and believe that specific, tailored content is what makes training programs more effective. More than 80% of leaders are satisfied with their organization’s current cybersecurity awareness and training efforts.
One of the most common ways cybercriminals use AI is to make phishing schemes or programs more believable and harder to detect. Since phishing attacks target individual users directly, organizations should focus primarily on educating employees on how to spot and avoid falling victim to these attacks.
End users remain the primary target. Last year, more than 80% of organizations faced attacks in the form of malware, phishing, and password attacks aimed directly at individuals.
As attacks evolve, cybersecurity awareness and training becomes even more important. Nearly all (96%) of survey respondents said their business leaders support cybersecurity awareness and training for employees.
Nearly all (98%) said fraud prevention is part of their training programs and plans. Other top training priorities include data security (48%) and data privacy (41%).
While IT and security teams play a vital role in protecting organizations from cyber threats, a business's employees also play a vital role in preventing breaches.
Employees are open to cybersecurity training and awareness opportunities. Most leaders (86%) say their employees view cybersecurity training and awareness positively, with 55% rating it “very positive.”
Organizations see positive results when implementing cybersecurity awareness and training programs. The majority of leaders (89%) said their organization had at least some improvement in security posture after implementing cybersecurity awareness and training programs, and none said there was no improvement.
Responding to the survey, nearly all decision makers (96%) said their business leadership supports implementing training to raise cybersecurity awareness among employees.
According to this year’s survey, 96% of leaders believe that raising employee awareness will help strengthen their organization’s cybersecurity posture. However, respondents also pointed out that there are several key factors that determine the effectiveness of training programs.
Engaging content is key. While 86% of managers are satisfied with their current security awareness and training solution, among those who are dissatisfied, the biggest concern is the lack of engaging content.
Consider the training duration. To avoid overload, consider the amount of time required for the learner. Requiring too much time from employees can overwhelm them. The most commonly recommended duration is 1,1 to 2 hours, with an average of around 3 hours.
Build a cybersecurity-aware workforce with Fortinet security awareness and training services
Just one breach can have serious consequences for a business. A three-pronged defense strategy should include security awareness and training for all employees, specialized skills for IT and security staff, and advanced security solutions for the network.
In addition to educating employees on how to respond to threats, training and awareness should also create the foundation for a cybersecurity culture throughout the organization. Fortinet offers cybersecurity training and awareness services for businesses looking to develop a cybersecurity-aware workforce.
Taught by top-notch instructors world Designed by Fortinet Training Institute, the service covers a wide range of topics, with customizable content that reinforces learners’ knowledge through periodic refreshers and quizzes. Organizations using the service can also access various dashboards to track progress and receive training reports, demonstrating that the business is keeping its network secure and compliant with the necessary regulations.