No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity
Sponsored by

Hackers Are Winning the Cyber War, Largely Because They Target People

Employee Training and Testing Are Crucial Aspects to Any Security Strategy

by Stu Sjouwerman
April 26, 2021
in Cybersecurity
stylized crowd shot of people

Most companies’ single greatest cyber vulnerability is its workforce. Phishing represents the most common hacking technique. Don’t neglect to train and regularly test your employees on the cybersecurity front.

Sponsored

Organizations often think about cyber defenses in terms of hardware upgrades, software updates and cybersecurity tools. Boards want something tangible when they allocate resources. But the truth is that people are by far the weakest link for most companies. Hacking complex systems is a daunting task, and there’s simply no need when threat actors can directly target employees and use social engineering techniques to persuade them to bypass security measures.

These kinds of attacks are alarmingly common. As many as 27 percent of businesses report weekly breaches or attacks, according to recent research from the U.K.’s Department for Digital, Culture, Media and Sport (DCMS). The DCMS also found that the most common threat vector by far was phishing, which accounted for 83 percent of those attacks. For organizations to overcome this threat, it’s crucial to prioritize proper training and testing of the workforce.

Traditional Approaches Are Failing

The pandemic has exposed and exacerbated existing issues by accelerating the rise of remote working. Traditional approaches such as employee monitoring have become more challenging to deploy – and less effective. Managing a rapidly growing list of endpoints, trying to keep software patched and restricting access to networks has never been more difficult.

With limited resources, some form of triage is needed to help prioritization. This process starts with an in-depth risk assessment. What are the main threat vectors facing your organization? Conduct an autopsy on any breaches or incidents that have occurred. Factor in the importance of particular systems and data to identify the most likely security scenarios that would have the most disastrous impact if they came about.

Security Awareness Training and Testing

There’s an opportunity to enlist the help of employees in maintaining a high level of security, but they must be thoroughly briefed about the kinds of threats they face and precisely what they should do when facing a suspected attack. All security awareness training programs are not created equal. It takes thought and careful planning to craft truly effective training materials.

  • Training must be fun and engaging if you expect employees to put real effort into it.
  • It must be relevant to particular roles, with examples that employees are likely to encounter in their daily work.
  • Cater to the shifting landscape and update training based on emerging threats and incidents that occur.
  • Model the behavior you want to encourage and reward employees who nail it.

It’s vital to follow training with regular testing to measure its effectiveness. Mock phishing exercises make it clear instantly whether employees are up to speed and capable of spotting an attempted attack. Not only do they reveal who may fall victim to an attack, but they also highlight how often suspected phishing emails go unreported. Despite the value of mock phishing exercises, the DCMS found that only 20 percent of companies currently test their staff.

Building a Case for Adoption

Tightening the security performance of employees is challenging and it takes time. Compared to the acquisition of a new software tool, the benefit may not be as readily apparent. That’s why it’s so important to paint a picture for the board to secure buy-in. You can do this in several ways, but a mock phishing campaign is a great place to start to learn where your workforce is and create a baseline to measure improvements against.

Analyze previous breaches and security incidents and try to identify the root causes. Drill down into the expense and disruption that can be caused by a single successful targeted phishing attack. When you weigh the potential costs of a major data breach, proper security awareness training and testing starts to look relatively cheap.

Fostering a Security Culture

Raising awareness isn’t an end in itself. Training employees to have better security hygiene should be followed up with clear policies and tools for reporting. Testing is crucial to gauge whether your training program is effective. The idea of building a security culture can seem vague, but at heart, it’s about making security part of every conversation and making everyone responsible.

Training and testing are also complementary activities, not replacements for firewalls, VPNs and vulnerability scanning. By bringing your staff on board and showing that your organization values security, you encourage them to make improvements in their departments, raise standards and squeeze more value from the tools and procedures you have in place.

Ultimately, it could not be clearer that hackers see people as low-hanging fruit. As long as they continue to target employees, the most effective response is to do likewise and arm your workforce with the knowledge, processes and tools it needs to fight back.

The best defense against social engineering attacks? Teach people to spot them, make it easy for them to report anything suspicious and reward the behavior you want to see.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 37,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.


Tags: Cyber RiskTraining
Previous Post

PwC: How Boards Can Effectively Govern Cyber Risk

Next Post

ThetaRay’s AML Solution for Cross-Border Payments Now Cloud-Based

Stu Sjouwerman

Stu Sjouwerman

SjouwermanStu Sjouwerman is founder and CEO of KnowBe4 [NASDAQ: KNBE], developer of security awareness training and simulated phishing platforms, with 41,000 customers and more than 25 million users. He was co-founder of Sunbelt Software, the anti-malware software company acquired in 2010. He is the author of four books, including “Cyberheist: The Biggest Financial Threat Facing American Businesses.” He can be reached at ssjouwerman@knowbe4.com.

Related Posts

Ethiciti Neuroscience Compliance Training

Neuroscience of Compliance Training

by Corporate Compliance Insights
May 14, 2025

Is your compliance training working with your employees' brains or against them? Whitepaper Neuroscience-Driven Training Techniques What’s in this whitepaper...

news roundup green bars

In-House Counsel Salary Increases Slow

by Staff and Wire Reports
May 2, 2025

Majority of execs predict rise in fincrime in ’25

data abstract green purple

66% of CISOs Worry Cyber Threats Are More Advanced Than Companies’ Defenses

by Staff and Wire Reports
April 25, 2025

US business sector falling behind in adoption of renewable energy

robot hand pointing to sky

Agentic AI Can Be Force Multiplier — for Criminals, Too

by Steve Durbin
April 21, 2025

How polymorphic malware and synthetic identities are creating unprecedented attack vectors

Next Post
ThetaRay’s AML Solution for Cross-Border Payments Now Cloud-Based

ThetaRay’s AML Solution for Cross-Border Payments Now Cloud-Based

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights