Humans are the weakest link
in the enterprise security chain. But a survey finds that more than half aren’t
getting any security awareness training at all. The good news is that there is
plenty of advice on how to do it, and do it better
But, it is apparently not
common enough throughout the enterprise sector. A recent report by
Enterprise Management Associates (EMA) found that 56% of workers may not
receive any security awareness training (SAT) at all.
The report, titled “Security
Awareness Training: It’s Not Just for Compliance,” is based on a survey of 600
people working for companies ranging from fewer than 100 employees to more than
10,000.
Any doubts about the need for
SAT should have been dispelled by last year’s Verizon Data Breach
Investigations Report (DBIR),
which found that four out of five breaches were caused by stolen credentials –
usually the result of social engineering attacks or weak passwords. And there
is abundant evidence that
social engineering attacks have become much more sophisticated, and
therefore successful.
