In many ways, security awareness training exemplifies the way information security is seen and tackled by senior management.
A once-a-year, classroom-based approach may be traditional, with security updates and warnings posted on walls and the Intranet, but it is also a sign of a tick-box, compliance-driven approach to security. It is often done to appease industry regulators, PCI and data protection authorities, and the training can offer relatively basic – arguably condescending- advice.
But times are changing. The threat landscape is growing with the arrival of millions of mobiles and wearables, each with their own IP address, while organized crime and nation-state APT groups are looking at new ways of compromising victims. From exploit kits and Trojans to ransomware, phishing and social engineering scams – the criminal game has moved on.
To continue reading this article register now