Press "Enter" to skip to content

Boring cybersecurity training doesn’t work. So what does?

Here’s a shocking headline – boring cybersecurity training doesn’t make for secure employees.

Osterman Research conducted a study and found that those who do get security training are more likely to spot phishing and other threats when compared against those without training, and the research also shows that employees get far more out of interesting and engaging training.

Other key findings:

  • About 45% of employees surveyed expect to spend 15 minutes or more per month in training by mid-2021. That’s up from 26% in 2020.
  • Security and IT leaders, their staff members and business leaders are largely on board with the idea that developing a strong cybersecurity culture is important. Everyday employees, however, are much less convinced about the importance of doing so.
  • Cybersecurity awareness training is perceived to be as important as technology in dealing with security threats; therefore, organizations will devote more employee time to training over the next year.

Meanwhile, Gartner’s VP of research speaks to the value of security metrics – context matters.     From the coverage in CIO Dive:

Numbers without the “why” context won’t capture the story the metrics are there to support. When presenting security metrics and data to non-technical stakeholders, security leaders’s messaging could get lost in translation.

Security leaders need to know why they’re presenting security metrics and numbers, what makes them relevant, and if they’re even needed to get their point across to their audience: finance, legal, marketing, sales. 

Why do we care?

Well, duh, right?       The snark makes the point – don’t miss the obvious piece about making it effective, and good content is not easy.   If it was, everyone would be doing it – and because it’s hard, it’s also profitable.

The “why” context is important in not just security, of course, although here it’s important to reinforce.   Again, that whole business value – if you’re solving problems and explaining the “why” of things, you will be more effective.  

Source:  Channel Futures

Source: CIO Dive