Fortinet Report Finds Nearly 70% of Organizations Say Their Employees Lack Fundamental Security ....
Fortinet, the
global cybersecurity leader driving the convergence of networking and security,
today released its annual 2024 Security
Awareness and Training Global Research Report, highlighting the
crucial role a cyber-aware workforce plays in managing and mitigating organizational
risk.
Key findings from the
global report include:
· As malicious actors
use AI to increase the volume and velocity of their attacks, leaders believe
these threats will be harder for their employees to spot. More than 60% of
respondents expect more employees to fall victim to attacks in which
cybercriminals use AI. However, the good news is that most respondents (80%)
also say enterprise-wide knowledge of AI-augmented attacks has made their
organizations more open to implementing security awareness and training.
· Employees can be an
organization’s first line of defense, but leaders are increasingly worried that
their employees lack security awareness. Nearly 70% of those surveyed
believe their employees lack critical cybersecurity knowledge, up from 56% in
2023.
· Leaders recognize the
importance of security awareness training but believe specific attributes make
some training programs more effective than others. Three-quarters
of leaders say they plan their security awareness campaigns, delivering content
monthly (34%) or quarterly (47%). Executives also point to high-quality content
playing a leading role in the success or failure of the program.
“ As threat actors harness new technologies like AI to augment the
sophistication of their attacks, it’s increasingly crucial that employees serve
as a robust first line of defense. Fortinet’s new research underscores the
importance of creating a culture of cybersecurity and the need to deploy
organization-wide security awareness and training. These findings reinforce the
importance of our award-winning Security Awareness and Training service for
enterprises, including the free educational version available at no cost to
primary and secondary schools around the world, and its role in strengthening
cyber resilience,” said, John Maddison, Chief Marketing Officer at
Fortinet
The Latest Threats
That Employees Must Battle
One prominent way
cybercriminals use AI is to make phishing schemes more believable and harder to
detect. Because phishing targets individual users directly, organizations are
heavily focused on teaching employees how to recognize and avoid falling victim
to these attacks.
· End-users remain
attractive targets. More than 80% of
organizations faced attacks last year, such as malware,
phishing, and password attacks that directly targeted individuals.
· As attacks evolve,
security awareness and training will only become more vital. Nearly all
(96%) of those surveyed say their leadership team supports employee security
awareness training.
· Nearly all
respondents (98%) say phishing prevention is a component of their training
programs and plans. Other top training priorities include data security (48%) and
privacy (41%).
Employees Can Serve
as a Strong First Line of Defense against Attacks
While security and IT
teams are crucial to safeguarding organizations against cyberthreats, an
enterprise’s employees also play an important role in preventing breaches.
· Employees are open to
cybersecurity awareness and training opportunities. Most leaders
(86%) say their employees positively view security awareness and training.
· Organizations see
positive results when they implement security and awareness training programs. An overwhelming
majority of leaders (89%) say their organization saw at least some improvement
in its security posture after security awareness and training were implemented.
Not a single respondent claimed to see no improvement.
Cyber Awareness
Training Is Vital, but Not All Programs Are Created Equal
Most organizations
are motivated to introduce security awareness and training based on their
experience of being breached or knowledge of threats in their industry or
sector. Almost all decision-makers (96%) say their leadership team supports
implementing training to raise employees’ cybersecurity awareness.
According to this
year’s survey, 97% of leaders think increased employee awareness would
strengthen the organization’s cybersecurity posture. Yet respondents also agree
that there are key attributes of training programs that are important for
effectiveness.
· Engaging content is
paramount. While 86% of decision-makers say they are satisfied with their
current security awareness and training solution, the biggest complaint was a
lack of engaging content among those not satisfied.
· Consider the time
commitment required. Avoid training fatigue by considering the amount of time required
from learners. Demanding too much time from employees can overburden them. Between
1.1 and 2.0 hours is the most common time proposed, with three hours as the
average.
Develop a
Cyber-Aware Workforce with the Fortinet Security Awareness and Training
Service
One breach incident
alone has significant repercussions for a business. It is vital to build a three-pronged defense
strategy that includes security awareness and training for all employees,
technical cybersecurity skills for IT and security staff, and advanced security
solutions for the network.
Beyond teaching
individuals what to do when they encounter threats, awareness and training lay
the foundation for creating a culture of cybersecurity throughout the organization.
Fortinet offers its Security Awareness and Training service to
businesses that want to develop a cyber-aware workforce. Designed by the
Fortinet Training Institute’s world-class trainers, this service covers a broad
range of topics, offers content customization opportunities, and reinforces
learnings with periodic reminders and checks. Organizations using the service
also have access to a variety of dashboards to track learner progress and
reporting to address cyber insurance and compliance needs.
Leave A Comment