Security awareness training needs a revamp
Abstract
While security tools and platforms are regularly updated or replaced to meet the challenges of a constantly changing threat landscape, security awareness training has remained stagnant. Training is the first, and often the only, interaction with the security team, said Marisa Faga, head of trust culture and training at Atlassian. At the Insider Risk Summit in late September, Faga explained that traditional awareness training does not focus on outcomes, it's not interesting or engaging, and worst of all, it doesn't convince anyone to actually care about security. What's missing from traditional security awareness training Security awareness training has stagnated, in part, because it is a financially undervalued - and underfunded - piece of the cybersecurity platform. Security awareness training professionals end up spending most of their work time on other projects, according to a study from the SANS Institute. Not having enough - or the right people - to do the job could be why security awareness training itself misses the mark. Storytelling as training Another behavioral training method is to use storytelling.