Cybersecurity blog Cybersecurity blog
What is Cyber Security Awareness Training?
Facebook Twitter LinkedIn

What is Cyber Security Awareness Training?

blank
Ragnar Sigurðsson
6 min read ∙ May 9, 2019
blank

In the past several years, there has been an increase in cyberattacks as we have never seen before. This has been attributed to the increase of remote work following the COVID pandemic, but it is also attributed to the digital shift when conducting both work and pleasure. This has fundamentally changed how we must think about security. Cyber security awareness training is one of the core elements we need to take into consideration when thinking about cyber security.

Woman working from home at an online meeting with multiple participants visible on computer screen. Indicating hybrid work and part of cybersecurity awareness training.

The Cost of Low Cyber Security Awareness

The numbers demonstrate the rapid change that has been going on just in the past couple of years:

  • 2021 had the highest average cost of data breaches yet. Rising from USD 3.86 million in 2020 to USD 4.24 million according to the IBM Cost of Data Breach Report.
  • Ransomware attacks have doubled between 2020 and 2021.
  • The record-breaking ransomware payout in 2021 was 40 million dollars.
  • According to FinCEN the first six months of ransomware payouts 590 million dollars in 2021 – was exceeding the whole year of 2020 which amounted to 416 million dollars.

Combating Human Error with Cyber Security Awareness 

It has been estimated that 85% of all cybersecurity breaches are due to human error. There of 36% are due to phishing. But that’s not all: General lack of knowledge about best practices when it comes to cyber security, ranging from reusing passwords to not password protecting one’s phone, are also common culprits. Organizations are in dire need of cyber security training programs that tackle these threat vectors. Measuring the effect of security training is also important. This helps with general cyber risk mitigation and shows the overall status of security awareness within the workplace. Doing a vulnerability assessment on employees will show security leaders who to train and how.

Computer screen on a laptop showing somone type in a passphrase made from superimposed neon colored icons on the image. Still from cybersecurity awareness training video from AwareGO.
Teaching people how to create long and secure passwords is part of any good cyber security awareness training.

The majority of cyber security breaches are not brute-force attacks, but rather poking around for vulnerabilities. They rely on people to make mistakes and being unaware of the risks.

This can be:

  • Clicking on links in phishing emails that will install malware into critical systems
  • Bad password habits, such as re-using passwords or having simple passwords, making it easy for hackers to crack into systems or inboxes
  • Not updating critical software updates or accepting updates from unreliable websites.

This is why we need cyber security awareness training. But what exactly does that entail?

So What is Cyber Security Awareness Training?

Cyber security awareness training is a combination of raising awareness and educating about tools and latest threats. Part of it is implementing and reinforcing policies and best practices. In the end it all comes down to risk mitigation and cyber risk management. Security awareness training is based on the premise that in order to be able to protect against cyberattacks, it is not enough to only have technical solutions. What organizations need is also a social and cultural knowledge on individual level about threats, tools, and best practices. 

Woman with red hair in kitchen about to stick a fork into a green toaster. Still from video about Cybersecurity awareness training.
Cyber security knowledge should become part of our common sense. You do not need to be an electrician to know that this is dangerous.

4 Principles of Cyber Security Awareness Training:

     1. It is human-centric

Making cyber security awareness training personal and humanized, makes it relevant to real-life circumstances. Adult learners are more likely to take instructions seriously if they are professional, personal, and relevant. A touch of humor doesn’t hurt, but the main focus should be about raising awareness and educating about new threats or technologies.

     2. It is incremental

Users have different levels of knowledge about existing threats and potential security vulnerabilities. Cyber security awareness training is not aiming to make every employee a cyber-security expert. Rather, it aims to empower employees with enough knowledge and understanding of the threat-landscape to be able to question suspicious emails or activities. To understand why complicated passwords are important, why it is necessary to install security updates, and what a password manager is. And doing so in steps is the only way, as there is a lot to learn!

Sample from AwareGO Human Risk Assessment showing cybersecurity awareness status and metrics for two people

     3. It has metrics to measure what is working and how to train

Having security training that is targeted to the needs of your organization and the skills of your employees is the key for success. Successful cyber security awareness training is dynamic. It needs to be relevant to current threats, as well as to the knowledge and understanding of the employees. There is no “one-size-fits-all” when it comes to cyber security awareness training. Having metrics that enable organizations to customize their cyber security awareness training according to their needs is of essence.

     4. It is genuine

The leadership needs to take the cyber security awareness training seriously and care about cyber security training in a positive way. This is what we call creating a security culture that focuses on creating and maintaining a healthy and positive attitude towards cyber security.

Does Cyber Security Awareness Training Work?

“Overall, the research found that about 90% of all cyber claims stemmed from some type of human error or behavior.”

ChiefExecutive

The above statement has been repeated in one way or another for years. If 9 out of 10 cyber attacks stem from human activity, the first logical step is to minimize risk by focusing on the humans.

Man yawning at a lecture. The old way of doing cybersecurity awareness training.
It matters how you do cyber security awareness training.
Long lectures that bore employees and affect their productivity should be a thing of the past

Studies and reports from multiple sources, such as Aberdeen Group and Global Market Estimates suggest that cyber security awareness training can minimize cyber risks by up to 70%. They also state that it can give organizations an ROI of about 5-times. Even if you are just doing cyber security awareness training to check off a compliance item you are still doing good for your organization. An even better reason to offer cyber security awareness training is to minimize the risk to your bottom line. You could and should create a workforce that is your number one defense against cyber attacks. 

Learn more about our cybersecurity awareness training videos and platform

AwareGO offers top quality micro-learning videos that employees love, proven to increase engagement and learning.

blank
blank
Ragnar Sigurðsson
6 min read ∙ May 9, 2019

Become cyber secure

You and your employees are going to love AwareGO. It’s a modern, cloud-based system for managing human risk, from assessment to remediation. We’ve made it super easy — schedule your first assessment or training in minutes.

Get started for free and give it a go right now.

You’ll love the way AwareGO can fit into your existing infrastructure. Our robust APIs, widgets, and content available in SCORM format make sure that the integration is seamless. We also integrate with Active Directory, Google Workspace, and popular tools like Slack and Teams.

Contact us and our experts will recommend the best way to integrate.

Upgrade your cybersecurity business by adding human risk management to your existing portfolio of services. Increase your deal size by leveraging Human Risk Assessment or offering Security Awareness Training to your current customers and creating a new revenue stream.

Contact us to become an AwareGO partner, and we will support you every step of the way.

Join top companies worldwide in the mission to make workplaces cyber-safe

Get started free
blank blank blank blank blank blank blank blank blank blank