Headlines have suggested that enterprises need a higher level of security awareness ever since it became clear that firewalls are not enough.
Though IT and security leaders are often blamed for an incident, the reality is that security isn’t only security’s job or IT’s job. It’s everyone’s job. And if it’s everyone’s job, then every employee in an organization needs to develop enough sensitivity to the current threats, whatever they may be, to stay mindful and vigilant. In short, everyone should adopt a Zero Trust mindset which requires a Zero Trust culture.
Achieving a Zero Trust mindset throughout the enterprise can be challenging because it runs counter to the common human belief that people are generally well-intentioned. As children, we’re taught not to trust everyone and as adults we are reminded from time to time, such as when we read stories about cyber crime. However, reading about incidents isn’t the same as experiencing one, which is why security awareness training should be immersive.
One of the problems companies run into with a dedicated training session is that the knowledge is not retained after the student leaves the classroom. Recognizing that, some companies have gamified security training. They explain what a type of threat is and why it can be difficult to identify. Then, students are tested with several examples that vary so the student must think hard before taking any action which will be graded. This immersive approach gives the non-security professional hands-on experience with an issue and provides a more impactful learning experience than sitting through a talking head or PowerPoint presentation.