SANS Insights: Founders Journey, Security Culture & Awareness Excellence in 2024

??Check Out the SECURE | CYBER CONNECT Podcast: https://youtu.be/NNvum3TRWvs?si=48PoVrWgVbm4X9ab

In today’s rapidly evolving digital landscape, businesses face unprecedented challenges in safeguarding their assets and reputations. The SANS Security Awareness - SANS 2024 Security Awareness Report reveals a crucial shift: people have become the primary attack vector for cyber threat actors. This year’s survey, which examined thousands of security awareness practitioners, highlights critical statistics that emphasise the pressing need for robust security measures across all organisational levels.

?

As leaders in Cyber Security, it is imperative to understand these dynamics to fortify your organisation’s security posture effectively. The increasing sophistication of cyber threats necessitates a proactive approach to training and awareness, recognising that technology alone cannot mitigate risk without a well-informed and vigilant workforce.

?

10 Insights from the SANS Report 2024:

1. Investment in Security Programmes: Mature security awareness programmes average 4.18 Full-Time Employees (FTEs). This underscores the need for a dedicated team to foster a security culture. However, 41% of respondents noted time and staffing as barriers to effective programmes, highlighting the necessity for strategic resource allocation.
2. Focus on Human Threats: 89% of respondents cited social engineering attacks as their top concern, exposing employee vulnerability. Comprehensive training is vital to educate staff on threats and empower them to respond effectively, reducing human error risks.
3. Reporting Structure: Most security awareness teams report to Cyber Security or IT, essential for integrating efforts. However, mid-level managers often block initiatives, viewing them as obstacles. Targeted training is necessary to help these managers appreciate security awareness's value.
4. Partnerships with Cyber Security Teams: Collaborative relationships between security awareness and Cyber Security teams are crucial for risk management. Organisations that foster these partnerships are better positioned to identify human risks and enhance security culture.
5. Challenges in Scaling Programmes: Larger organisations struggle to scale security awareness programmes across diverse demographics. A dedicated team is essential to ensure training relevance and accessibility for all employees.
6. Salary Trends: Average salaries for security awareness professionals have risen, reflecting a ￡10,000 increase from the previous year. This trend indicates growing recognition of these roles, necessitating competitive compensation to attract talent.
7. Investment in Human-Focused Security: Organisations often under-invest in human-focused security compared to technical measures. Bridging this gap by allocating budgets for training can effectively mitigate human-related security risks.
8. Risk Awareness and Training: A shift from mere regulatory compliance to understanding human risk is crucial. Integrating security awareness into broader risk management strategies fosters a culture of security while ensuring compliance.
9. Effective Communication: Effective communication is essential for security awareness professionals. Those with strong technical skills may struggle to engage the workforce. Partnering with communications teams can enhance message resonance.
10. Assessment and Measurement: Regular assessment of security awareness programmes is vital. Organisations that evaluate training initiatives can identify gaps, improve engagement, and demonstrate impact in reducing risk.

To tackle these challenges, organisations can greatly benefit from partnering with established cyber security training providers. These partnerships empower employees with essential skills to combat human-related security risks. An innovative approach focused on fostering a security-first culture ensures that security awareness resonates throughout the organisation. By delivering tailored training programmes and effective communication strategies, such providers can help make security awareness integral to operations. This aligns with the report's insights, emphasising the need for dedicated resources and strategic collaborations to enhance security measures and mitigate vulnerabilities.

Spotlight on Bob’s Business | The Cybersecurity Culture Company

When it comes to Cyber Security awareness training, few names stand out as much as Bob's Business | The Cybersecurity Culture Company. An award-winning provider of Cyber Security training, Bob’s Business has earned the trust of both public and private sector organisations across the UK. Their innovative approach to training focuses on engagement and accessibility, helping teams understand the importance of Cyber Security and empowering them to take an active role in safeguarding their organisations.

For security leaders, partnering with Bob’s Business can provide a comprehensive training framework that addresses the human element of security risk. Their training modules are designed not only to inform but also to inspire a security-first mindset within organisations, crucial for reducing human error and enhancing overall security posture.

?

Introducing Melanie Oldham OBE | A Leading Voice in Cyber Security

We are proud to spotlight Melanie Oldham OBE, FCIIS, a pioneering entrepreneur with over 20 years of experience in the Information Security industry. As the founder and CEO of Bob’s Business, Melanie has been instrumental in driving forward the vision “To create a world where everybody can be safe online.” Under her leadership, Bob’s Business has become a leader in Cyber Security awareness training, equipping organisations with the tools and knowledge necessary to mitigate human risks effectively.

Melanie’s influence extends beyond her company; she plays a pivotal role in several community-driven projects, previously serving as the Director of UKC3 and the Founding Director of the Yorkshire Cyber Security Cluster. Her dedication to fostering collaboration and innovation within the Cyber Security landscape is commendable. Her tireless work earned her a 2022 New Year’s Honours for Services to Business and Cyber Security, alongside recognition as Executive in Residence at Sheffield Hallam University and a Fellowship with the Chartered Institute of Information Security Professionals (CIISP). As a passionate advocate for the human side of Cyber Security, Melanie continues to be a leading voice in raising awareness and educating organisations on the importance of proactive risk management.

?

In our latest podcast episode, we delve into the pressing issues highlighted in this newsletter. We explore the evolving role of people as the primary attack vector for cyber threats and discuss how organisations can better manage this challenge. The conversation also touches on how Melanie and partnerships with companies like Bob’s Business are reshaping Cyber Security strategies, particularly in addressing human vulnerabilities.

?

With Cyber Security Awareness Month upon us, it’s the perfect time to reflect on these insights and strengthen your organisation’s defences. For Cyber Security leaders, this is a crucial opportunity to assess current training initiatives and ensure that all team members are equipped to navigate the complexities of modern cyber threats.

We invite you to listen to the full episode featuring Melanie on Spotify, Apple Podcasts, and watch the full video content on our YouTube channel.

??Watch Full Video Here: https://youtu.be/NNvum3TRWvs?si=48PoVrWgVbm4X9ab

SECURE | CYBER CONNECT Community

Become part of the SECURE | CYBER CONNECT Community for exclusive access to valuable resources, including live streams, panel discussions, and a Directory connecting members with trusted partners specialising in Red, Blue, White, and Purple teaming. Reach out directly to Warren Atkinson or Jay Adamson to learn more about how we can navigate the complexities of AI and cyber security together to build a safer digital future.

??? The SECURE | CYBER CONNECT Podcast, hosted by Justin (Jay) Adamson and Warren Atkinson, is now available on all platforms. This community-led podcast delivers exclusive insights from leading experts in information and cyber security, technology, and talent acquisition.

Join us as we explore the challenges and opportunities in today’s digital landscape, and be sure to subscribe, like and share for the latest episodes and updates-Thank you in advance!

?Subscribe Here: https://www.youtube.com/@securecyberconnectcommunity

??Spotify: Cyber Connect Podcast

??Apple Podcast: Cyber Connect Podcast

??X: @_securerecruit

??Instagram: @securerecruit

Join the SECURE | CYBER CONNECT Community:

For?Sustained?Engagement beyond our Friday Sessions, Please Sign Up & Join Our Community to connect with SMEs, Special Interest Groups & Cyber Clusters.

Join Today: https://www.secure-recruitment.com/cyber-connect/

Join Our Weekly Online Networking Events:

Our Free Weekly Online Networking Session has helped over 2,000 Individuals Connect & Expand their Networks. Curious about how it can benefit you? Join Us this coming Friday!

Sign Up Here: https://www.meeow.com/meeows/cyber-connect-networking?t=1717160400000

For Further Value, Please See Our Other Newsletters:

Stay Informed & Secure with our Latest Insights & Updates. Subscribe to?Our Newsletter for more valuable information from our colleagues across the business:

Subscribe on LinkedIn: https://www.dhirubhai.net/newsletters/secure-cyber-connect-7210953272369573890/