{"id":13970,"date":"2023-12-01T17:17:29","date_gmt":"2023-12-01T17:17:29","guid":{"rendered":"https:\/\/insulation.org\/io\/?post_type=articles&#038;p=13970"},"modified":"2024-01-04T17:58:37","modified_gmt":"2024-01-04T17:58:37","slug":"how-security-awareness-training-is-evolving","status":"publish","type":"articles","link":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/","title":{"rendered":"How Security Awareness Training Is Evolving"},"content":{"rendered":"<p><a href=\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-13966\" src=\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-300x191.jpg\" alt=\"\" width=\"300\" height=\"191\" srcset=\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-300x191.jpg 300w, https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-1024x653.jpg 1024w, https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-768x490.jpg 768w, https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-1536x980.jpg 1536w, https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01.jpg 1788w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>Human resources (HR) departments were once blissfully divorced from cybersecurity responsibilities\u2014but not anymore. Today, they are increasingly involved in cyber-training programs for employees. Security awareness training, in particular, has risen from obscurity a decade ago and is now a huge industry. According to Cybersecurity Ventures, the security awareness training market is worth $5.6 billion in 2023 and is expected to almost double in value by 2027 to more than $10 billion.<\/p>\n<p>The driver of this trend has been the relentless phishing campaigns of cybercriminals. This year&#8217;s installment of the annual Verizon Data Breach Investigations Report (DBIR) found that 74% of data breaches involved a human element, with phishing (a.k.a. social engineering) being one of the most prevalent attack vectors. In addition, 50% of all social engineering attacks involve pretexting\u2014researching the intended phishing victims prior to launching an attack (such as reading their social media posts to glean background information on their job, family, lifestyle, and habits). Businesses have realized that no matter how much they spend on cybersecurity, their employees and suppliers remain their weakest link. If they keep falling prey to phishing scams via emails, then the bad guys can gain access to the network and launch a ransomware attack.<\/p>\n<p>\u201cGiven that it is impossible to prevent all attacks automatically, we need to make humans part of our firewall,\u201d said Jamal Bihya, Analyst at Gigaom, a technology research firm. \u201cAwareness training enables the mitigation of human risk when sitting in front of a computer.\u201d<\/p>\n<h2>How HR Builds a \u201cHuman Firewall\u201d<\/h2>\n<p>In addition to network firewalls and other security safeguards, companies are investing in the creation of a \u201chuman firewall\u201d of employees who are educated enough not to fall for phishing scams. As every employee now has a definite cybersecurity duty, it is up to HR to train them. This often takes place during onboarding and in regular, usually quarterly, training modules to keep phishing alertness front and center. Such training also covers password policy, breaking bad password habits, and other areas of cyber-hygiene.<\/p>\n<p>\u201cThe idea behind awareness training is, \u2018Change everyone&#8217;s reflexes,\u2019\u201d Bihya said. \u201cIf I see an email with a link, my reflex should be to not click on the link.\u201d<\/p>\n<p>With human error being the path of least resistance for cybercriminals, the need to bring awareness and education to employees through security awareness training has been given more priority. It has become clear that annual lunch-and-learn trainings are no longer enough.<\/p>\n<p>\u201cWhile providing people information does have value, changing behavior should be the focus of an awareness program,\u201d said Erich Kron, Security Awareness Advocate at KnowBe4, a cybersecurity training firm. \u201cEducation should not be limited to topics that focus on email phishing, but also to overall security hygiene, including how to secure accounts with multifactor authentication and how to use tools such as password vaults to create long, secure, and especially unique passwords.\u201d<\/p>\n<h2>The Evolution of Security Awareness Training<\/h2>\n<p>In recent years, security awareness training has evolved to incorporate adult learning principles and elements such as:<\/p>\n<ul>\n<li>Continuous awareness, training, and education on the cyberthreat landscape. Rather than text, most training modules use audio and visual elements, with characters acting out scenarios of good and bad behavior.<\/li>\n<li>An opportunity to apply what has been learned using simulated programs, where fake phishing emails are sent out at random times to people in the organization to see how many are tricked into clicking on malicious attachments and links.<\/li>\n<li>Assessments and quizzes. At the end of each section of training, the employee answers a few questions to see if they have understood the concepts. Then, at the end of the module, they are assessed on their likelihood to follow the principles taught.<\/li>\n<\/ul>\n<p>Kron recommended that HR departments find ways to automate training assignments and use positive messaging when communicating about such programs. Having leadership reinforce the importance of education and training programs can also improve completion rates and reduce the effort required to ensure people are doing the training. Kron favors the deployment of shorter training sessions more often and with a more targeted and thought-out approach.<\/p>\n<p>\u201cUnlike in the past, different types of training are now being developed to communicate with employees in the form of games, animation, live-action teaching, and even season- and episode-formatted shows that look like high-quality television productions,\u201d he said.<\/p>\n<p>In addition, artificial intelligence components are being introduced to tailor content provided to employees, based on their own specific areas of weakness or the latest threat vectors. Another development is point-of-failure training to provide real-time guidance as to why an action taken by an employee could be dangerous. This helps people better understand the threats they face and the purpose of the policies or security controls they may have inadvertently violated, or the reason for the simulated attacks.<\/p>\n<p>\u201cSecurity awareness has begun to blend into programs related to physical safety and awareness,\u201d Kron said. \u201cJust like safety campaigns that have been run for decades to warn people of dangers from machinery, chemicals, and other physical threats, digital dangers will also be addressed in the same way with signage and coordinated, highly visible campaigns.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As cyber threats evolve, so do the latest approaches in security training for employees.<\/p>\n","protected":false},"author":[643],"featured_media":0,"template":"","categories":[640,641],"class_list":["post-13970","articles","type-articles","status-publish","hentry","category-december-2023","category-life-safety-fire-protection","author-drew-robb"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.0 (Yoast SEO v24.6) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Security Awareness Training Is Evolving - Insulation Outlook Magazine<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Security Awareness Training Is Evolving\" \/>\n<meta property=\"og:description\" content=\"As cyber threats evolve, so do the latest approaches in security training for employees.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/\" \/>\n<meta property=\"og:site_name\" content=\"Insulation Outlook Magazine\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-04T17:58:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-300x191.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/\",\"url\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/\",\"name\":\"How Security Awareness Training Is Evolving - Insulation Outlook Magazine\",\"isPartOf\":{\"@id\":\"https:\/\/insulation.org\/io\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-300x191.jpg\",\"datePublished\":\"2023-12-01T17:17:29+00:00\",\"dateModified\":\"2024-01-04T17:58:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#primaryimage\",\"url\":\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01.jpg\",\"contentUrl\":\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01.jpg\",\"width\":1788,\"height\":1141},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/insulation.org\/io\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How Security Awareness Training Is Evolving\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/insulation.org\/io\/#website\",\"url\":\"https:\/\/insulation.org\/io\/\",\"name\":\"Insulation Outlook Magazine\",\"description\":\"The only global magazine dedicated to insulation.\",\"publisher\":{\"@id\":\"https:\/\/insulation.org\/io\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/insulation.org\/io\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/insulation.org\/io\/#organization\",\"name\":\"National Insulation Association\",\"url\":\"https:\/\/insulation.org\/io\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/insulation.org\/io\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2016\/10\/insulation-outlook-logo.png\",\"contentUrl\":\"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2016\/10\/insulation-outlook-logo.png\",\"width\":229,\"height\":90,\"caption\":\"National Insulation Association\"},\"image\":{\"@id\":\"https:\/\/insulation.org\/io\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How Security Awareness Training Is Evolving - Insulation Outlook Magazine","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/","og_locale":"en_US","og_type":"article","og_title":"How Security Awareness Training Is Evolving","og_description":"As cyber threats evolve, so do the latest approaches in security training for employees.","og_url":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/","og_site_name":"Insulation Outlook Magazine","article_modified_time":"2024-01-04T17:58:37+00:00","og_image":[{"url":"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-300x191.jpg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/","url":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/","name":"How Security Awareness Training Is Evolving - Insulation Outlook Magazine","isPartOf":{"@id":"https:\/\/insulation.org\/io\/#website"},"primaryImageOfPage":{"@id":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#primaryimage"},"image":{"@id":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#primaryimage"},"thumbnailUrl":"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01-300x191.jpg","datePublished":"2023-12-01T17:17:29+00:00","dateModified":"2024-01-04T17:58:37+00:00","breadcrumb":{"@id":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#primaryimage","url":"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01.jpg","contentUrl":"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2024\/01\/IO231203_01.jpg","width":1788,"height":1141},{"@type":"BreadcrumbList","@id":"https:\/\/insulation.org\/io\/articles\/how-security-awareness-training-is-evolving\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/insulation.org\/io\/"},{"@type":"ListItem","position":2,"name":"How Security Awareness Training Is Evolving"}]},{"@type":"WebSite","@id":"https:\/\/insulation.org\/io\/#website","url":"https:\/\/insulation.org\/io\/","name":"Insulation Outlook Magazine","description":"The only global magazine dedicated to insulation.","publisher":{"@id":"https:\/\/insulation.org\/io\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/insulation.org\/io\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/insulation.org\/io\/#organization","name":"National Insulation Association","url":"https:\/\/insulation.org\/io\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/insulation.org\/io\/#\/schema\/logo\/image\/","url":"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2016\/10\/insulation-outlook-logo.png","contentUrl":"https:\/\/insulation.org\/io\/wp-content\/uploads\/sites\/3\/2016\/10\/insulation-outlook-logo.png","width":229,"height":90,"caption":"National Insulation Association"},"image":{"@id":"https:\/\/insulation.org\/io\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/insulation.org\/io\/wp-json\/wp\/v2\/articles\/13970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/insulation.org\/io\/wp-json\/wp\/v2\/articles"}],"about":[{"href":"https:\/\/insulation.org\/io\/wp-json\/wp\/v2\/types\/articles"}],"wp:attachment":[{"href":"https:\/\/insulation.org\/io\/wp-json\/wp\/v2\/media?parent=13970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/insulation.org\/io\/wp-json\/wp\/v2\/categories?post=13970"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/insulation.org\/io\/wp-json\/wp\/v2\/author?post=13970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}