Key Security Awareness Training Topics

It is a well-established fact that security awareness is paramount for business, but this is a very simplistic overview of what is in fact a very layered and complex topic. A perfect indication of this was that last month, which famously hosted October cybersecurity awareness month all over the world, a large focus was put on security awareness training. This topic, especially the training and education component, is growing every year in importance, and for very evident reasons that we will deconstruct.

We also need to take a look at the most popular security awareness topics being discussed right now to appreciate how key this concept is to the survival of any business and the protection of customer data. It will be important to understand internal and external threats -the reason the cybersecurity industry exists at all.

IMAGE: UNSPLASH

What Is Security Awareness And Why Is It Important?

Security awareness (in the digital sense in this case) is a general term that encapsulates the growing need for awareness surrounding cybersecurity -security in the digital age in the digital realm. Just glancing at cybercrime statistics as well as business cybersecurity preparedness statistics is enough to quickly appreciate why security awareness should be as fundamental as being able to communicate in English in today’s world. To put this into perspective by using an analogy, not having cybersecurity measures in place is akin to driving in the rain without defogging the front windshield -very dangerous.

The problem is that enough attention has not been given to security awareness. There are a few reasons for this, some of them are; the costs involved, the time involved and too much trust in major and third-party vendor security. Another reason for this is simply, lack of cybersecurity awareness. A large percentage of the world’s organizations, whether large or small, are not implementing the best possible security awareness practices and as a result, there are sometimes catastrophic results. Here are some points to ponder;

Cyberthreats is the number one global risk, ahead of natural disasters
Trillions of dollars were incurred in financial losses due to a lack of security awareness
The livelihood of small businesses depends on their level of security awareness
95% of data breaches are caused by human error
Phishing and ransomware make up the brunt of cyberthreats
On average, 5% of company folder data is adequate protected
Data breaches caused the leak of over 40 billion records in 2020
Over 70% of organizations feel that cybersecurity risk is increasing
The average cost of a data breach worldwide is almost $4 million
The average time to identify a data breach in 2020 was over 200 days
It takes approximately 280 days to resolve data breach incidents

Judging from this information gathered from Verizon, IBM, Varonis, Accenture, CISA, NCSA, ECSM, and others it is easy to see that without security awareness built into the core of an organization, catastrophic consequences are sure to follow sooner rather than later.

Internal And External Cybersecurity Threats

A solid plan to address cybersecurity gaps is required to address the simple fact that almost all cyber incidents can be traced back to human error -an internal threat. This can mean anything from basic security mistakes at the office, to misconfigured firewalls or routers, to bad credential and password practices, to even disgruntled employees. The remaining 10% of cyber incidents occur due to external threats. External threats are cybercrime (a.k.a hackers), and the various flavors of cybercrime out there.

Cybercriminal acts have a process, which is defined as TTP or Tools, Techniques and Procedures by the security community. A typical computer system or network has several entry points where cybercrime schemes can commence, some of which are vulnerable software codes that can be exploited.

Another entry point (also called an attack surface) is email e.g. BEC or Business Email Compromise is caused by phishing and malware. Next, there are the specific methods, or attack vectors that cybercriminals use, such as; ransomware attacks, DDoS, man-in-the-middle attacks, fileless attacks, worms, trojans, viruses, and more.

Key Cybersecurity Awareness Topics

The 2021 cybersecurity climate is quite different from that from a few years ago, namely because the scope of traditional work models has drastically changed after lockdowns, and cybercrime has become very sophisticated in the meantime. Some key cybersecurity awareness topics going forward (inspired by Cybersecurity Awareness Month, Red Hat, IBM, FireEye, Cisco, and others) are;

How to deal with ‘Phishing’, ‘Ransomware’ and malware attacks in general
Keeping our digital lives secure with simple actions
Spreading cybersecurity awareness to others
Promoting cybersecurity career opportunities

Adding to this, some additional specific subtopics cover the following;

Securing video conferencing from cyber threats
Understanding password security hygiene
The threat of spear-phishing
Understanding multi-factor authentication
Mobile device security and BYOD policies
Supply chain cybersecurity
Third-party vendor security risks
Cloud storage security awareness
Data backup hygiene
Privacy, personally identifiable information, consent, and data gathering
Risk management
Security and compliance certifications

According to the National Cybersecurity Alliance’s “Cybersecurity Awareness Month 2021 Theme” report, “The line between our online and offline lives is indistinguishable. In these tech-fueled times, our homes, societal well-being, economic prosperity, and nation’s security are impacted by the internet.” With all of the points above, and the statistics before it, there has never been a more salient time to approach the topic of security awareness for everyone -whether that be personal cybersecurity or e.g. managed security solutions for SMBs or large organizations.

Cybersecurity awareness should not be contained to one month in the year, but it should be an everyday occupation for all of us who jointly use and depend on the internet for the basic functioning of our daily lives. The good news is that cybersecurity awareness has grown significantly in the past couple of years, as has the cybersecurity industry itself. Cybersecurity positions have become the highest-paid positions in Information Technology, so it is a good time to be cyber aware and contribute to our collective digital safety.