This month’s issue introduces Security Awareness and Training (SA&T) as one of the measures to be considered for the fiscal year 2024, taking into account the recent trends in cybersecurity incidents that were discussed in the previous blog.
Due to the pandemic of the COVID-19, employees have found themselves spending unprecedented amounts of time online. Along with this shift, there has been a significant increase in email-based attacks such as phishing and targeted attacks, using recipients as the focal point. As employees continue to work remotely from home, it is crucial for awareness of security to extend beyond the boundaries of the office to encompass both the office and home environments. Currently, it is essential to promote a culture of "security anywhere" to address these challenges.
Security measures for IT systems such as network equipment and servers have traditionally been a routine expenditure for many companies. However, with the increasing cyber attack tactics like phishing, which specifically target the vulnerable aspect of "human" behavior, it is crucial for companies to recognize the need for additional security measures. Unlike conventional security focused on hardware and software, these attacks exploit human vulnerabilities. Therefore, it is imperative for companies to reassess their awareness and training programs to address and counteract these evolving threats effectively.
As a measure against attacks targeting individuals, there is something called "Security Awareness." This aims to foster awareness in individuals to recognize IT security issues and respond appropriately. However, since it is primarily intended to raise "awareness," it is insufficient as a standalone measure. Therefore, to actually enable individuals to take action, "training" becomes necessary as a set.
Up until now, there has been training for employees that involves mandatory viewing of videos on security risks. However, with the increasingly sophisticated tactics employed by hackers, the effectiveness of such traditional styles of security education has reached its limits.
In this article, we would like to introduce the program from KnowBe4, which received the highest ratings in recent years in the Security Awareness & Training Solution Report by FORRESTER Research.