Thursday 13 December 2018
 
»
 
»
Story

Lance Spitzner, director, SANS Security Awareness

Security awareness ‘stalled by lack of resources’

DUBAI, June 17, 2018

Cyber security awareness programmes are beginning to gain ground among businesses, but that many of the professionals responsible for their implementation are challenged by a lack of time, budget and resources, a report said.

The 2018 Security Awareness Report titled “Building Successful Security Awareness Programs” from SANS Security Awareness, a leading provider in security awareness training, and a division of SANS Institute, also highlighted a clear correlation between the level of support given to security awareness by the organisation’s leadership and the maturity of that programme within the organisation.

“In light of recent large breaches such as those suffered by Equifax, Yahoo!, and the WannaCry ransomware attack on the NHS, and with new regulations like the EU General Data Protection Regulation throwing data protection into sharp focus, there’s a new sense of urgency around cyber security that’s stimulating both support and change,” said Lance Spitzner, director, SANS Security Awareness.

“Security awareness can be challenging, but it’s necessary, and it’s worth the effort,” he added.

Working with researchers from The Kogod Cybersecurity Governance Center (KCGC) of Initiative at American University’s Kogod School of Business (KSB), the survey found:

•    The defence industry is the most mature, reporting over 10% at the highest stage in the Security Awareness Maturity Module, with the manufacturing industry the least mature, reporting only 2%

•    Finance and Operations departments are the largest blockers to building or maturing a security awareness programme

•    The majority of awareness professionals come from a technical background, with less than 20% coming from non-technical fields such as communications, marketing, legal or HR

“The report reveals that a clear majority (80%) of security awareness professionals see their awareness programme activity as being only a portion of their overall job responsibilities,” said Dan DeBeaubien, product director for SANS Security Awareness.

 “Many claim to have no budget for an awareness programme or to not know what their budget is, and most lack the skills or background required to effectively communicate the programme to and engage with the workforce.”

The SANS Security Awareness Report was developed to enable security awareness professionals to make data-driven decisions on how to improve their security awareness programmes and to allow them to benchmark these programmes against others. In short, its aim is to more definitively answer the question of what makes great security awareness programmes a success. This year, data analysed from over 1,718 respondents provides even greater insight in how to benchmark and mature a security awareness programme.

The report utilises the Security Awareness Maturity Model as a guide to identify an organisation’s level of a programme’s impact and how to measure human risk and change end-user behaviour. – TradeArabia News Service




Tags: awareness | Cyber Security | Sans |

More IT & Telecommunications Stories

calendarCalendar of Events

Ads