GEC NEWS WIRESANS 2017 Security Awareness report has revealed the lack of time dedicated to employee training and the lack of communication skills as the key reasons organizations’ cyber security awareness programs fail to meet their objectives. In identifying these factors, the researchers also found that women are twice as likely as men to be dedicated full-time to cyber security awareness. The report further went on to specify human resource allocation, partnerships, hiring of dedicated professionals, and fostering of security ambassadors as the four areas organizations need to focus on to dramatically improve the effectiveness of their awareness campaigns.
“While Middle East organizations are doubling down on their security investments, the challenges cannot be solved by technology alone. The behaviour of end-users, most commonly unintentionally malicious, are often the root-cause of data breaches, which is why SANS has worked to pinpoint the shortcomings of security awareness programs and provide enterprises with a clear outline for how they can overcome these” stated Ned Baltagi, Managing Director, MEA at SANS.
The report pointed out that to bring awareness up to a basic level, organizations should on average have 1.4 full time employees dedicated to these initiatives. This number increases to 2.6 FTEs in organizations that have the most successful awareness programs.
Reported by 30.23% of respondents as their biggest challenge, the lack of communication and employee engagement is the other major hurdle that security awareness professionals face. This largely results from the inability of IT staff dedicated to this function to translate the impact human risks present to cyber security to their non-technical counterparts. While 80% of security awareness professionals have technical backgrounds, just 8% of them have soft skills backgrounds such as communications, marketing, training or human resources.
