TechTarget

Awareness training not enough, says security researcher

Cyber security awareness training of employees does not go far enough to be effective, says McAfee research director

Cyber security awareness training for employees does not go far enough to be effective, according to David Marcus,...

director of advanced research and threat intelligence at McAfee.

He said businesses more commonly fail in systemic issues when it comes to IT security, chief among these being effective training for users.

Although adversaries use many different attack methods, there is a lot of commonality around the social engineering techniques they use, and there is a lot of value in tackling that,” he said.

But pure awareness training is not as effective as scenario-based training, he told Computer Weekly.

Marcus believes employees need to face simulated hacking attempts to learn how to recognise them properly and take appropriate action.

“Only by getting into the boxing ring will anyone learn how to block blows from an opponent,” he said.

The military would not send soldiers into an operational area without practical training, said Marcus, yet enterprises routinely put employees in a position where they will get attacked without any training.

“Information security professionals who fail to provide behavioural training are doing a disservice to the company, its employees and its shareholders,” he said.

While not all companies have the resources to devise such training programmes, Marcus said there is a growing number of providers of this type of training, such as PhishMe  and TrustedSec.

“But this is a long-term process that information security practitioners need to undertake if they really want to protect their organisation's data assets and people,” he said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close