What's Your Frequency of Security Training vs. Frequency of Attack?
Share our post
SC Magazine recently posed this question on its website: “How frequent is the training related to the security awareness program at your organization?” When I looked at the results on September 3, more than 40% of respondents said they have no security awareness training program. Another 36% said they do annual training. Which means that more than 75% of responding organizations focus on security awareness and training once a year or not at all.
Let’s go ahead and compare these security training frequencies to some recent stats about frequencies of security attacks:
Data shared in the most recent Phishing Activity Trends Report by the Anti-Phishing Working Group (APWG) reveals that Q1 of 2014 was an incredibly busy time for fraudsters:
oMore than 125,000 phishing attacks were observed by APWG from January through March
oNearly 172,000 phishing reports were submitted to APWG by consumers during the same time frame, an increase of 6.8% over reports received in Q4 of 2013
oMore than 32% of personal computersworldwide are infected with malware, adware, or spyware
The 2013 Norton Report by Symantec revealed that, globally, 50% of adults have been victims of cybercrime and risky behaviors, with 378 million victims tallied in 2013
Interestingly, even though actual security education programs seem to be at the bottom of priority lists, a recent survey by Deloitte indicated that 70% of organizations identified the “lack of employee security awareness” as a top vulnerability.
A head-scratcher to be sure.
The bright side is that you can battle these burgeoning threats pretty effectively. According to PWC’s Information Security Breaches Survey 2012, organizations with a security awareness program were 50% less likely to have staff-related security breaches. Maybe it’s time you started playing those percentages?
Find out how Wombat helped a college in the northeastern U.S. to reduce successful phishing attacks by 90%.