- Ben Cole, Executive Editor
The importance of cybersecurity awareness keeps growing, but what exactly does that mean? What does it mean, in 2020, to make employees aware of cybersecurity? Given the daily headlines about data breaches, stolen credentials and more, it's doubtful that any employees -- even those who spend a fraction of their workdays online -- do not already understand that their everyday actions contain the potential to create new vulnerabilities for their organization.
But, even though weak passwords and phishing emails are among the most common access points for hackers, it's still not enough for aware employees merely to be conscientious about changing their access codes frequently or to take care not to click on suspicious emails. Threats are expanding, and so cybersecurity awareness must broaden, too, to be certain that employees are equipped to do all they must to keep their organizations secure.
These expanded threats include modern hackers who take advantage of unsecure access management to tap into employees' privileged credentials and gain entry to corporate data and infrastructure. They include the use of machine learning to make phishing emails more convincing and harder to detect. And social engineering attacks are getting more sophisticated as well, with criminals using deepfakes to impersonate executives' voices and likenesses.
As these cyberthreats grow larger, employees' role as the first line of defense in a company's cyberdefenses grows, too. Providing your workforce with the latest information about specific threats to the company and explaining clearly the essential role workers play in protecting against them can go a long way toward securing corporate networks and systems.
It is on CISOs to lead the efforts to educate the workforce in cybersecurity. Their internal security awareness training strategies must be continually tweaked to reflect the evolving threat landscape. In general, cybersecurity awareness requires building an adaptable, security-first culture, one in which employees learn to keep potential risks top of mind when doing their jobs. The CISO must constantly find ways to engage the workforce in cybersecurity efforts. Hands-on training exercises are a must -- as are awareness competitions and rewards for proper cybersecurity hygiene.
The importance of cybersecurity awareness only increases as the threat rises. Meanwhile, standards that define the best approaches to employee training are changing rapidly as well. Next-generation cybersecurity leaders know that a well-prepared staff is essential to protecting corporate data but also realize that, sometimes, knowing doesn't translate into doing. In this issue of Information Security magazine, learn how some cybersecurity leaders are effectively putting security awareness into action.