Research by Gartner.
Discover Three Critical Factors in Building a Comprehensive Security Awareness Program.
Key Challenges
- Most people forget the majority of what is presented in a training program that occurs infrequently.
- Interactive simulations produce higher levels of skills retention than the mere presentation of recommended security actions, but they are difficult to measure compared to other awareness metrics.
- Audiences are bored by education programs that fail to leverage a variety of media and content styles.
Recommendations
Security and risk management leaders overseeing an information security program should:
- Assess the culture of the enterprise to determine requirements for the specific messaging, delivery and frequency of security awareness information that will ensure consistent, desirable behavior.
- Leverage an attack simulation product, such as a phishing simulation program, to help identify key pockets of risk within the enterprise audience, deliver social engineering attacks and provide just-in-time training and teachable moments.
- Use communications and marketing tools for ongoing reinforcement of good behaviors and to keep security top-of-mind. Consider building a communications campaign with a mix of digital banners, web events and messaging on techniques to help reinforce lessons.