Breaking bad habits

Understanding the essential components of security awareness training.

06 April 2023

Monique Hart, VMware

Are your employees putting your organisation at risk? Absolutely. According to Verizon’s 2022 Data Breach Investigations report, the root cause of 82% of data breaches is due to human error. From downloading a malware- infected attachment to opening up phishing mails or failing to use a strong password, unintentional actions – and sometimes, the lack of – allows cybercrime to happen. “For criminals, targeting people makes sense as it’s faster, easier, and more profitable than targeting systems,” says Monique Hart, lead solutions engineer at VMware Sub-Saharan Africa. “Cyber attackers target weak points, and it’s easy to exploit human nature with diversionary tactics, such as creating a false sense of urgency or impersonating trusted people.” And, the true cost of cybercrime can continue long after a breach occurs. Be it insurance rate hikes or legal costs, reputational damage and regulatory fines, one of the most important ways to maintain a safety-first organisation is through security training and awareness.

“The whole idea of security awareness training was generated by the fact that people make silly mistakes,” says Guy Golan, the co-founder and chief executive officer of Performanta. For Golan, it’s not simply about education – creating real awareness is a psychological matter. Everyone makes mistakes; it’s a key part of how people grow and learn, and Golan’s approach to security awareness training is something he calls the ‘triple A’. “First, you need to be aware. After that, you need to acknowledge and then you need to act. So, the reality is that you need to address the awareness element first – move people from unaware to aware. Once you move into acknowledgement and take some action, that is the training element,” he explains.

ITWeb Premium

Get 3 months of unlimited access
No credit card. No obligation.

Already a subscriber Log in