We're missing out on the value of security awareness

When a program is ineffective, the problem is usually that the training wasn't designed in a way that would result in changes in behavior

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Security awareness gets no respect.

It can be extremely valuable, if properly implemented. Too often, when it falls short, that is seen as a mark against security awareness programs themselves, instead of a problem with the implementation. And implementation is often a problem, because security awareness is usually taught by untrained people.

Earlier this year, I read an article in CSO saying that security awareness would never eliminate social-engineered security threats and therefore was a waste of time. I disagree with this point of view and responded with an article of my own, in which I touted the many success stories of security awareness campaigns and noted that it is folly to believe that any security measure is ever going to be 100% effective.

To continue reading this article register now

Join the discussion
Be the first to comment on this article. Our Commenting Policies