New research highlights the connection between increased employee-wide cyber awareness to decreased organizational risk
TAGUIG CITY, Philippines, November 13, 2024
John Maddison, Chief Marketing Officer at Fortinet
“As threat actors harness new technologies like AI to augment the sophistication of their attacks, it’s increasingly crucial that employees are a robust first line of defense. Fortinet’s new research underscores the importance of creating a culture of cybersecurity and the need to deploy organization-wide cyber awareness and training.
These findings reinforce the significance of our award-winning Security Awareness Services offering for enterprises, as well as our free educational version available to school districts worldwide, in strengthening cyber resilience.”
Alan Reyes, Country Manager at Fortinet Philippines
“As cybercriminals increasingly leverage AI to enhance their attacks, it becomes imperative for organizations in the Philippines to elevate their security awareness initiatives. Employees must be equipped with the skills to identify and respond to these evolving threats, serving as a strong first line of defense. However, for these initiatives to be truly effective, organizations need to regularly reassess and refine their training programs, ensuring they are engaging and relevant. Strengthening cybersecurity awareness, alongside employing skilled security professionals and implementing advanced security tools, further enhances an organization’s ability to defend against sophisticated threats.”
News Summary
Fortinet® the global cybersecurity leader driving the convergence of networking and security, released its 2024 Security Awareness and Training Global Research Report, highlighting the crucial role a cyber-aware workforce plays in managing and mitigating organizational risk.
Key findings for the Philippines and Malaysia from the global report include:
- As malicious actors use AI to increase the volume and velocity of their attacks, leaders believe these threats will be harder for their employees to spot. Nearly 60% of respondents expect more employees to fall victim to attacks in which cybercriminals use AI. However, the good news is that most respondents (92%) also say enterprise-wide knowledge of AI attacks has made their organizations more open to implementing security awareness and training.
- Employees can be an organization’s first line of defense, but leaders are increasingly worried that their employees lack security awareness. Nearly 60% of those surveyed believe their employees lack critical cybersecurity knowledge.
- Leaders recognize the importance of security awareness training but believe there are specific attributes that make some training programs more effective than others. More than 90% of leaders are satisfied with their enterprise’s existing security awareness and training efforts.
The Latest Threats That Employees Must Battle
One prominent way in which cybercriminals use AI is to make phishing schemes more believable and harder to detect. Because phishing targets individual users directly, organizations are overwhelmingly focused on teaching employees how to spot and refrain from falling victim to these attacks.
- End users remain attractive targets. More than 80% of organizations, Globally faced attacks last year such as malware, phishing, and password attacks that directly targeted individuals.
- As attacks evolve, security awareness and training will only become more vital. Nearly all (96%) of those surveyed say their leadership team supports security awareness training for employees.
- Nearly 90% say phishing prevention is a component of their training programs and plans. Other top training priorities include data privacy (62%), malware and ransomware (60%), and data security (50%).
Employees Can Serve as a Strong First Line of Defense Against Attacks
While security and IT teams are crucial to safeguarding organizations against cyber threats, an enterprise’s employees also play an important role in preventing breaches.
- Employees are open to cybersecurity awareness and training opportunities. Most leaders (92%) say their employees view security awareness and training positively, with 52% saying “very positively.”
- Organizations see positive results when they implement security and awareness training programs. An overwhelming majority of leaders (98%) say their organization saw at least some improvement in its security posture after security awareness and training was implemented, and not a single respondent claimed to see no improvement.
Cyber Awareness Training is Vital, But Not All Programs Are Created Equal
Most organizations are motivated to introduce security awareness and training based on their experience being breached or knowledge of threats in their industry or sector.
Almost all decision-makers (96%) say their leadership team supports implementing training to raise employees’ cybersecurity awareness.
According to this year’s survey, 100% of leaders think increased employee awareness would strengthen the organization’s cybersecurity posture. Yet respondents also agree that there are key attributes of training programs that are important for effectiveness.
- Engaging content is paramount. While 96% of decision-makers say they are satisfied with their current security awareness and training solution, among those not satisfied, the biggest complaint was a lack of engaging content.
- Consider the time commitment required. Avoid training fatigue by considering the amount of time required from learners. Demanding too much time from employees can overburden them. Between 1.6 and 2.0 hours is the most common amount of time proposed, with three hours as the mean average.
Develop a Cyber-Aware Workforce with Fortinet’s Security Awareness and Training Service
One breach incident alone has significant repercussions for a business. Building a three-pronged defense strategy that includes awareness and training, technical cybersecurity skills, and advanced security solutions is vital.
Beyond teaching individuals what to do when they encounter threats, awareness and training lay the foundation for creating a culture of cybersecurity throughout the organization. Fortinet offers its Security Awareness and Training service to businesses that want to develop a cyber-aware workforce. Designed by the Fortinet Training Institute’s world-class trainers, this service covers a broad range of topics, offers content customization opportunities, and reinforces learnings with periodic reminders and checks. Organizations using the service also have access to a dashboard to track learner progress and reporting to address cyber insurance and compliance needs.
About the Fortinet Cyber Awareness Survey:
- The survey was conducted among 50 executive-level and management-level professionals in the Philippines and Malaysia at organizations that have cybersecurity awareness training in place.
- Survey respondents came from a range of industries, including manufacturing (16%), financial services (10%), technology (24%), and professional services (12%).