Headlines

The Human Factor: Unveiling Key Findings from SANS 2023 Security Awareness Report

The Human Factor: Unveiling Key Findings from SANS 2023 Security Awareness Reportwordpress,securityawareness,SANS,humanfactor,keyfindings,report

SANS Institute Releases 2023 Security Awareness Report: Managing Human Risk

Introduction

Bethesda, MD (PRWEB) – In an era where artificial intelligence (AI) has amplified the sophistication and reach of cyberattacks, understanding and managing human cyber risks has become increasingly vital. The SANS Institute, a global leader in cybersecurity training, has released its annual Security Awareness Report for 2023, titled “Managing Human Risk.” The report is rooted in the experiences of nearly 2,000 participants from 80 countries and provides an in-depth analysis and actionable steps for security professionals to mature their awareness programs, advance their careers, and benchmark their programs globally using the Security Awareness Maturity Model®.

The Escalating Stakes of Human Cyber Risks

The report highlights the escalating stakes in human cyber risks and emphasizes the growing importance of the human element in cybersecurity. In the past year, 20% of organizations worldwide reported security incidents involving remote workers. Lance Spitzner, SANS Security Awareness Director, and co-author of the report, stresses that the digital world’s rapid expansion has made the human element a primary target for cyber threats globally.

Top Human Risks

The report identifies several primary human cyber risks, including phishing, vishing, and smishing attacks. It also highlights the challenges of managing password authentication risks, fostering a security culture for effective detection and reporting, and mitigating the risk of IT admin misconfigurations, particularly in complex cloud environments.

Leadership Perspective

The report reveals that security awareness remains predominantly considered a part-time commitment within organizations. Surprisingly, 70% of security awareness practitioners reported dedicating half or less of their working time to it this year. This finding underscores the ongoing challenge of elevating the importance of continuous cybersecurity awareness in the day-to-day operations of organizations.

Compensation and Skill Sets

For the first time, the report reveals that professionals specializing in human risk management earn up to 5% more than their peers in broader security roles. This points to the increasing demand and value for these skill sets in the industry.

Action Steps for Success

The report provides key action items to increase the success of security awareness programs:

Talk in Terms of Risk

To change leadership and security teams’ perceptions and align security awareness with strategic security priorities, it is essential to speak in terms of human risk management. By demonstrating the impact of effective communications, training, and engagement in reducing human risk, security teams can gain buy-in from leadership and align with their priorities. Collaborating with Security Operations Center, Incident Response, and Cyber Threat Intelligence Teams can also help identify and solve human-risk-related challenges.

Leadership Support

Dedicating two to four hours a month to collecting metrics about the impact and value of the Security Awareness Program is crucial. Communicating this information to leadership through informal metrics, key performance indicators, and success stories helps them understand the program’s value and make informed decisions.

Team Size

The report highlights the imbalance between technical security and human-focused security in organizations. To bridge this gap and combat human cyber risks effectively, a starting point of a 10-to-1 ratio of technical to human-focused security professionals is recommended. This balanced allocation of resources ensures that the workforce is not left vulnerable to cyberattacks.

Editorial Opinion

The SANS 2023 Security Awareness Report emphasizes the growing importance of understanding and managing human cyber risks. As AI continues to amplify cyber threats, organizations must prioritize cybersecurity awareness as a vital component of their defense strategies. The report‘s findings provide valuable insights into the challenges faced by security professionals and offers practical steps to mitigate human risk.

The need to shift the perception of security awareness from a compliance effort to a risk management strategy is crucial. By focusing on the human element and aligning security awareness goals with the organization’s strategic priorities, leaders can ensure that the workforce is equipped with the necessary skills and knowledge to protect against cyber threats.

Additionally, the report emphasizes the importance of leadership support and dedicated resources for security awareness programs. By communicating the value and impact of these programs to leadership and allocating sufficient resources, organizations can effectively address human cyber risks and safeguard their digital assets.

Conclusion

The SANS 2023 Security Awareness Report highlights the critical role of managing human cyber risks in today’s digital landscape. By understanding the top human risks and taking the recommended action steps, organizations can proactively mitigate the threats posed by phishing, password risks, and IT admin misconfigurations. The report serves as a compass, guiding security professionals to enhance their awareness programs and create a culture of cybersecurity within their organizations. Download the full report to benchmark your program against industry standards and equip yourself with the necessary tools to manage human risk effectively.

Keywords: Cybersecurity, Security Awareness, SANS, human factor, key findings, report

Cybersecurity-wordpress,securityawareness,SANS,humanfactor,keyfindings,report


The Human Factor: Unveiling Key Findings from SANS 2023 Security Awareness Report
<< photo by Sigmund >>
The image is for illustrative purposes only and does not depict the actual situation.

You might want to read !