Over the past few decades, many organizations have spent countless millions on information security awareness activities. The main objective behind this approach was to take their biggest asset – people – and change their behavior, thus reducing risk by providing them with knowledge of their responsibilities and what they need to do. But, have these activities succeeded?
While many organizations have compliance activities which fall under the general heading of ‘security awareness’ – and may remain necessary to convince regulators – the real commercial driver should be risk, and how new behaviors can reduce that risk.
Infotechglobe proposed a way forward for organizations that want to embed positive and sustainable information security behaviors into their organization’s culture. This new way fulfills four key requirements that were identified based on received feedback and input from subject matter experts, as well as thorough analysis:
1. Develop a risk-driven program
2. Target behavioral changes
3. Set realistic expectations
4. Engage people on a personal level
Interested to know more about our cybersecurity awareness and training services? For more information on how we can help you building your internal information security awareness and training program, contact us, and we will answer all your questions, and help identifying the best solutions for your organization.