The importance of Security Awareness Training

Article by Angelos Triantafyllou

The widespread digitization of production processes in all sectors contributes to organizations relying more and more on their information systems. This makes the creation of procedures and countermeasures necessary to protect their digital systems and ensure their smooth operation.

Studies show in recent years that the most crucial factor in cybersecurity is the human factor. According to Verizon research (DBIR 2023), 74% of successful security breaches (breaches) were initiated by human error. It is therefore essential to create a culture of employee awareness of cyber security (security awareness) within organizations, for their security policies to be truly effective.

Recognizing the problem, organizations began years ago to raise awareness and educate their users about cybersecurity. The methods they initially used were traditional, mainly including the projection of presentations in conference rooms, which did not attract the interest and participation of those who attended them, while there were no indicators to prove their effectiveness or not. On the one hand, the static method with which organizations dealt with the issue of education, and on the other hand, the rapid evolution in the methods used by threat actors, increased the scope that hackers could exploit with sometimes disastrous results for the organizations they targeted.

Nowadays, organizations can use modern and automated methods for the effective training of their users, that provide tools to create personalized training at the user or department level individually and content that increases their engagement to get the maximum benefit. At the same time, they provide insights that monitor the progress of the users so that more effort is put into strengthening those who are most in need of training.

At SysteCom, our goal is to provide innovative and cutting-edge solutions to meet organizations' need for cybersecurity training. In this context, six years ago we started our collaboration with KnowBe4, the pioneer company in the field of Security Awareness Training.

The innovation of KnowBe4’s training program is that its configuration is focused on two main pillars which are:

• the educational material (Training Campaigns)
• phishing test simulations (Simulated Phishing Campaigns)?

The first pillar enables continuous and personalized training for employees on cyber security issues, thus achieving the reduction of cyber attack risk for the organization.

The second pillar is about phishing test simulations, which helps the organization identify and consider the risk that exists, and more specifically the percentage of users who would click on a malicious link.

KnowBe4's platform offers a library of training materials and ready templates covering threats such as Spear Phishing, Malware, Phishing, Social Engineering, etc., and regulatory guidelines such as GDPR, HIPPA, PCI, PII, etc. This library is continuously updated with new material to meet employees’ training needs and the simulation of new threats that are constantly changing, thus strengthening the organization's defenses against such attacks.

According to a study conducted by KnowBe4, a user who has participated in a cyber security awareness program for 12 months is up to 6 times less likely to fall victim to a phishing attack. More specifically, users before joining the training program clicked on the malicious link at a rate of 33.2%, while after 12 months of regular training and phishing test simulations, this rate dropped to 5.4%. The above research has been carried out on 12.5 million users and proves the benefits offered by such a solution.

In conclusion, training employees on cyber security with modern means is an ongoing and repeatable process for organizations, which reduces risk and helps deal with ever-changing threats.