Your people are not as secure as you think
Summary
Independent research in New Zealand indicates a significant gap between businesses believing they provide cybersecurity training and employees actually receiving it. A security culture expert offers insights on developing effective employee education programs that resonate with staff and integrate into overall security strategies.
IFF Assessment
The article highlights a common defender challenge (lack of effective employee training) and offers potential solutions for improvement, making it beneficial for those working in cybersecurity defense.
Defender Context
This article underscores the critical importance of human factors in cybersecurity. Defenders must recognize that technical controls are insufficient if employees are not adequately trained to identify and avoid threats. Organizations should focus on practical, engaging training that addresses the reality of employee awareness and behavior, rather than relying solely on superficial exercises.