As part of BARR’s Identity Management Day efforts, Brad Thies, founder and president, co-presented a webinar titled, “Making Security Awareness Training Stick,” alongside Nick Santora, CEO of security awareness training company Curricula.
The two cybersecurity leaders discussed a range of topics such as:
- Data behind what motivates companies to adopt a security program
- How to change long-term employee behavior versus checking the box in terms of security awareness training
- The role company culture plays within security awareness training
- Why the “Death by PowerPoint” security training format isn’t the best solution
- Why security should be a team effort, not just IT-led
- How to use phishing tests as opportunities to teach versus treating them as baits-to-penalties
To set the stage, Thies began by sharing two eye-opening statistics.
“79 percent of organizations have experienced an identity-related security breach in the last two years,” he said. “And 81 percent of hacking-related breaches leverage weak, stolen or otherwise compromised passwords.”
Santora also shared data based on a recent LinkedIn survey on why companies adopt a security program.
“44 percent adopt a security program for compliance reasons,” said Santora. “Thirty-eight percent because they got hacked, 11 percent because a vendor contract required it, and a measly seven percent adopted a security program because it’s good for security.”
They discussed why this should be the reverse, ideally with the majority of companies adopting a security program proactively, simply because it’s good for security, versus in response to a security incident or request.