Feb 23, 2022 9:00:00 AM
More and more new malware variants and so-called fileless attack vectors threaten corporate networks. The AV-TEST Institute registers more than 450,000 new malware and potentially unwanted applications (PUA) every day. In 2021, it registered more than 1312 million malware variants, an average of more than 10 million new variants per month. Software vulnerabilities are being exploited in a targeted manner - check our blog post about the Log4j hack. So, it is only logical to upgrade technical controls and defense mechanisms as much as possible to prevent the execution of malware, scan software versions for vulnerabilities, enable multi-level authentication, etc.
However, it would be too simplistic to see cyber defense purely as a technical challenge - people's actions play a significant role. The cause of security incidents is almost always human error. Large and complex systems are vulnerable to mistakes made by inexperienced or untrained staff, as well as to the activities of malicious insiders.
In companies, information security awareness training for all employees (including executives!) can help to build security awareness. It is also important that these trainings are not stand-alone, one-off special measures that only apply to the fulfillment of recommendations and standards. After all, 81 percent of companies invested in awareness measures before and during the pandemic.
Let's look at an analogy for our early learning phases: Before we are allowed to drive a car, we have to pass a driving test. But we can drive safely on the road after sufficient driving practice, i.e. through constant repetition. One-off training is not enough. Applying to cyber security: We need warnings and repetition to build up security awareness. These 'pulses' should be timed to coincide with security-related activities - which could have precarious consequences if we are not highly focused. Ideally, IT security training is supported by or integrated into the IT security solution used.Although human error can never be completely ruled out, well-planned cyber security awareness training helps to reduce the risk to an acceptable level. To raise awareness in the long term, it is essential to integrate a program of awareness-raising and training into everyday work.
Security awareness training for employees educates users on what they can do to detect malicious activity and how to act in the event of such activity. Security awareness training is an important layer of security added to existing 'technical' security controls.
The goal of these cyber security awareness trainings is multi-layered:
Figure: Security Awareness Training from DriveLock - Phishing
The DriveLock Security Education module serves to increase the security awareness of your company's employees. Through continuous and event-related learning in security-relevant situations, they are made aware of possible dangers. Employees can receive targeted information on the correct behavior and necessary security measures during certain activities, such as inserting a USB stick or connecting to a Bluetooth device.When an application is started, DriveLock can check whether it is a secure application and play a short campaign with security instructions.In the event of an acute security incident, you can publish appropriate behavioral measures ad hoc across the company to minimise impact and costs.
Figure: Security Awareness Training from DriveLock
You can set up DriveLock Security Awareness campaigns flexibly according to your requirements (group of people, time, media format of the training) to ensure target group-oriented and effective communication. And we have tests at the end of each section, which allow you to review your employees' learning success.
You can find out more in our Security Education solution module.
In our next article, you will learn why security awareness must focus on the end user.
Fotos: iStock, DriveLock Security Education module
With its security solution, DriveLock is actively involved in the market for more than 15 years. The company with headquarters in Munich, Germany, has become one of the leading IT specialists for IT and data security.
+49 (89) 546 36 49-0
Landsberger Str. 39681241 Munich, Germany
©2022 DriveLock SE | All rights reserved