SC Magazine recently posed this question on its website: “How frequent is the training related to the security awareness program at your organization?” When I looked at the results on September 3, more than 40% of respondents said they have no security awareness training program. Another 36% said they do annual training. Which means that more than 75% of responding organizations focus on security awareness and training once a year or not at all.
Let’s go ahead and compare these security training frequencies to some recent stats about frequencies of security attacks:
o More than 125,000 phishing attacks were observed by APWG from January through March
o Nearly 172,000 phishing reports were submitted to APWG by consumers during the same time frame, an increase of 6.8% over reports received in Q4 of 2013
o More than 32% of personal computers worldwide are infected with malware, adware, or spyware
- The 2013 Norton Report by Symantec revealed that, globally, 50% of adults have been victims of cybercrime and risky behaviors, with 378 million victims tallied in 2013
Interestingly, even though actual security education programs seem to be at the bottom of priority lists, a recent survey by Deloitte indicated that 70% of organizations identified the “lack of employee security awareness” as a top vulnerability.
A head-scratcher to be sure.
The bright side is that you can battle these burgeoning threats pretty effectively. According to PWC’s Information Security Breaches Survey 2012, organizations with a security awareness program were 50% less likely to have staff-related security breaches. Maybe it’s time you started playing those percentages?
Find out how Wombat helped a college in the northeastern U.S. to reduce successful phishing attacks by 90%.
