Cybersecurity Training – The Dangers Of A ‘Box Ticking’ Strategy

by | Jul 7, 2021 | CEO Blog, Tip of the Week

In many organisations, training is seen as a comparatively inexpensive way to address cybersecurity weaknesses. On the face of it, it’s a logical investment – compared to technology procurement, for example, it can be a relatively quick and simple process and in many cases, certainly cheaper.

It also focuses on a very real need. One recent study revealed that human error is the leading cause of data breaches, with 88% coming as a result of employee mistakes. As a result, end user awareness training focuses on a wide range of potential pitfalls, from guarding against email scams, malware and poor data management practices to password security, to the dangers associated with Bring Your Own Device (BYOD) technology and more latterly, the risks associated with remote working. 

It plays a vital role in any rounded approach to cybersecurity by arming as many users as possible to be alert to risks and follow best practices. The problem is, much of these training efforts are little more than an exercise in box ticking, covering the basics with employers then assuming their staff will remember what they need to do on every single occasion in the future when they are exposed to risk.

This simply fails to acknowledge the increasing sophistication and opportunism of cybercriminals, where email-based attacks, for instance, are becoming more convincing all the time. It begs the question as to why organisations choose to put their employees in the front line of their security strategy? And even more importantly, why do they think that putting people back in the classroom for a day is fit for purpose? For busy people under pressure to perform, momentary lapses in concentration are inevitable and no amount of training will close off every avenue of attack.

In some circumstances, there’s also the possibility that an ‘enforcement’ style of cybersecurity training could do more harm than good. In hammering home the message to people that they must not be the weak link in the security chain, organisations can quite easily establish a culture of fear and punishment for people who make cybersecurity mistakes. 

While leaders may think they need to be crystal clear in what is expected of everyone on their team, it’s an approach that is both counterproductive and ineffective. Not only does it fail to acknowledge that everyone makes errors, it shifts employee focus away from their core responsibilities and instills a feeling among people that it’s perhaps safer to say nothing than to share details of a potential breach.

Instead, employers should be celebrating those who highlight secure failings – even their own. People should understand that protecting their organisation from the impact of a security breach isn’t just about always applying every element of their training on every single occasion, it’s also about raising the alarm if a breach may have occurred without fear of punishment. Whether they are right or wrong, employees should be encouraged to always raise the alarm if something doesn’t feel right.

By employing proactive cybersecurity technologies such as Content Disarm and Reconstruction (CDR), organisations not only take the pressure off employees to continually police file-based threats, but they can massively increase their ability to deliver instant protection. It’s a simple approach that ensures every document entering or leaving the organisation is safe, without sacrificing productivity. What’s more, it can enable organisations to boost the value and impact of training for users who are much more effectively protected from the risks of clicking on file attachments.

Creating a successful cybersecurity culture requires that training and technology must combine if organisations are to create an effective defence. In the face of growing risks and more sophisticated attacks, it’s a change of approach that can deliver transformational benefits.

Related

What is Glasswall CDR?

Embedded Engine

CDR Platform

Solutions

REST APIs

Email Security

Threat Intelligence

Plug-ins

CDS Plug-in

ICAP Plug-in

Menlo Plug-in

Palo Alto Plug-in

apps

Apps

Clean Room

Desktop

Why CDR?

We believe people should be free to open their files without fear. Glasswall CDR takes a proactive approach to automatically remove all Zero-day threats from files, without sacrificing productivity.

Use Cases

Secure Email

File Uploads and Downloads

Malware Risk Removal

Metadata Removal

Cybersecurity Crisis Response

Cybersecurity Crisis Prevention

Cloud Native Integrations

Data Migrations

SDK Integration

Resource Library

Blog

Events

support lines

Support

Glasswall CDR Portfolio

Reactive cybersecurity is failing - it’s time for a better way. Traditional detection-based security methods play catch up with new threats. Find out how your organization can take a proactive approach to cybersecurity.

strategic alliances

About our Partner Program

Our Partners

Become a Partner

Bringing File-based threat protection to your customers

Offer a richer security portfolio with the most agile CDR platform on the market. Stand out from the competition with a partner program built for you. Let’s make files safer together.

About Glasswall

Our People

Careers

communication

Contact Us

support lines

Support

Raising the bar on file security

We believe people should be free to open their files without fear. To click on anything without risk of catastrophe. To use systems the way they were meant to be used. That’s why we’re raising the bar on file security at Glasswall.