With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber secure workforce and an engaged security culture.
“People have become the primary attack vector for cyber-attackers around the world,” said Lance Spitzner, SANS Security Awareness Director and Co-Author of the report. “Humans rather than technology represent the greatest risk to organisations and the professionals who oversee security awareness programs are the key to effectively managing that risk.”
After analysing the data of more than 1,000 security awareness professionals worldwide, SANS Security Awareness has released its seventh annual SANS Security Awareness Report. The 2022 report establishes updated global benchmarks for how organisations manage their human risk and provides actionable steps to making improvements with key metrics in the Security Awareness Maturity Model Indicators Matrix to measure progress.
“Awareness programs enable security teams to effectively manage their human risk by changing how people think about cybersecurity and help them exhibit secure behaviours, from the Board of Directors on down,” said Spitzner. “This report enables security awareness professionals to make data-driven decisions on how to best secure their workforce and speak to leadership about risk in a compelling way that demonstrates value and support for their strategic priorities.”
Key action items to increase program success:
“The most mature security awareness programs not only change their workforce’s behaviour and culture but also measure and demonstrate their value to leadership via a metrics framework,” continued Spitzner. “Organisations can no longer justify an annual training to check the compliance box and it remains critical for organisations to dedicate enough personnel, resources and tools to manage their human risk effectively.”
For a more detailed analysis, the 2022 SANS Security Awareness Report is available for download here.