Blog courtesy of KnowBe4
Written by Stu Sjouwerman
A new study published by Ponemon Institute shows that a material portion of organisations are still using pre-pandemic security processes and policies, putting the org at risk.
It seems logical that with all the shifts in how cyberthreats are being delivered, executed, and monetised over the last two years, that every single organisation would be taking note and aligning their protective, preventative, detective, and responsive strategies to align. But according to Ponemon’s latest report, Security Innovation: Secure Systems Start with Foundational Hardware, we find some great details around how organisations have and haven’t changed their strategies.
According to the report, only 53% of organisations have refreshed their security strategy over the last two years.
Of those that have refreshed their strategy, the following priorities have changed:
- Emphasis on the remote workforce (66%)
- Expanded use of automation and AI tools for security operations (56%)
- Use of cybersecurity compliance, risk management and privacy frameworks (52%)
- Heightened awareness among employees about cyber hygiene (54%)
- Increased accountability among employees (40%)
While the strategy changes above are certainly moving organisations in the right direction, it’s a bit saddening to see of the 53% that have refreshed strategies, about half of those are doing the right thing.
Focusing in on Security Awareness Training for a moment, 54% of 53% of organisations means only about 28% of organisations are putting a newfound emphasis on educating employees on how to identify and avoid phishing and social engineering attacks.
If the pandemic has taught us nothing else about the state of cyberattacks, it has shown us that phishing and social engineering are the most often used – and most effective – initial attack vector, requiring a focused defence – one found in Security Awareness Training.
The world's largest library of security awareness training content is now just a click away!
In your fight against phishing and social engineering you can now deploy the best-in-class simulated phishing platform combined with the world's largest library of security awareness training content; including 1000+ interactive modules, videos, games, posters and newsletters.
You can now get access to our new ModStore Preview Portal to see our full library of security awareness content; you can browse, search by title, category, language or content topics.
The ModStore Preview includes:
- Interactive training modules
- Videos
- Trivia Games
- Posters & Artwork
- Newsletters and more!