Latest news with #securityawareness
Forbes
30-06-2025
- Business
- Forbes
Rethinking Security Training With A Human Risk Management Approach
Masha Sedova, VP of Human Risk Strategy, Mimecast. What's the one area in cybersecurity that is overdue for change? It's security awareness training. After three decades of underwhelming results, it's clear that security awareness programs haven't kept up with today's threat landscape. Human error remains the leading cause of data breaches, with Mimecast reporting that 95% of data breaches involve user mistakes. While those numbers remain stubbornly high, conventional training methods fail to instill lasting behavioral change. If we want security awareness to truly protect organizations, we need to rethink everything—from how we structure training, to the metrics we track, to what 'success' actually looks like. It's time to stop measuring attendance and start measuring action. By focusing on adaptive learning, personal accountability and measurable outcomes, we can evolve security awareness from a compliance checkbox into a core defense mechanism. Why Legacy Training Fails To Deliver For years, security awareness relied on outdated tactics like annual training modules and phishing simulations. These tools often create a false sense of progress while leaving companies exposed when behavior doesn't shift. The problem isn't just outdated content—it's one-size-fits-all structure. Most organizations deliver the same training to every employee, regardless of job role, risk exposure or history of security missteps. Expecting uniform outcomes from workers with vastly different responsibilities is both unrealistic and ineffective. Worse, the metrics used to assess these programs are often meaningless. Completion rates and engagement scores track participation, not progress. It's time to prioritize behavior and results, not just check-the-box compliance. What Human-Centric Training Should Look Like To truly reinvent security awareness, organizations need to move from static, one-dimensional programs to those that empower employees and respond to evolving risks. Grounded in a human risk management framework, this new approach should center on three pillars: The calendar-based model no longer works. Cyberthreats evolve rapidly, and training must evolve with them—meeting employees at the point of risk. Just-in-time learning is essential. If an employee clicks on a risky link, a prompt that explains the mistake and offers safer alternatives helps cement the lesson when it matters most. Threat-responsive updates are just as vital. Security programs should shift with threat levels—deploying phishing alerts during surges or ransomware simulations when relevant. Even simple interventions, like monthly nudges, help keep good habits top of mind. Not all employees face the same risks. Senior leaders are often targeted by spear-phishing. Developers may encounter credential-harvesting threats. Yet most training programs treat all employees the same. A more tailored approach improves both relevance and retention. This can be achieved by taking the following steps: • Categorize employees by their risk level (low, medium, high) based on job role, access level and past behavior. • Use real user data to shape future training and deliver targeted feedback or additional simulations for those who have fallen for phishing attempts. • Create transparent risk profiles that show employees how their behavior compares to peers (e.g., "You are two times more likely than your peers to click a phishing link.") to promote self-awareness. Customization doesn't just drive better results. It shows employees that the training applies directly to their day-to-day challenges—and empowers them to reduce risk on their own. One of the biggest shifts needed is how we define success. Vanity metrics like completion rates won't cut it. Focus instead on data points that reflect behavioral change and reduced risk outcomes, including: • Reduced successful phishing attacks over time • Improved password hygiene (e.g., reduction in reused or weak credentials) • Decreased risky activities, like installing unapproved apps or mishandling sensitive data • Tangible economic benefits, such as lower remediation costs or fewer downtime events Behavior-based metrics are not only more meaningful—they drive continuous improvement by showing what's working and where to focus next. Creating A Culture Of Accountability Modern security awareness must build trust, not fear. Employees shouldn't be punished into compliance—they should be brought into the process as active defenders. Give them visibility into their own progress. Simple dashboards or comparative banners (e.g., 'You're in the top 10% for secure behavior!') drive motivation and clarity. Recognition matters too. Celebrate employees who report phishing attempts or avoid traps. Positive reinforcement builds morale—and reinforces the right habits. When employees feel invested and informed, participation turns into ownership. Reframing Awareness As Human Risk Management Security awareness is just one part of a broader human risk strategy—but it's a high-impact opportunity hiding in plain sight. The poll results are clear: Industry frustration is high and legacy methods no longer serve. By shifting toward adaptive, personalized and outcome-based training, organizations can finally address the human vulnerabilities that attackers exploit most. When done right, security awareness doesn't just educate—it protects. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Associated Press
24-06-2025
- Business
- Associated Press
Telesystem Announces the Return of #HackersSuck Summit at Ford Field
NORTHWOOD, OH / ACCESS Newswire / June 24, 2025 / Telesystem, a leading provider of nationwide managed technology solutions, is excited to announce the return of its highly anticipated #HackersSuck Summits. The first summit of the season will kick off July 16th at Detroit's iconic Ford Field, home of the Detroit Lions. Now in its third year, the summits continue to evolve, building on the momentum of past events while introducing new security based educational content to arm partners and customers with the latest tools and knowledge to defend against today's security Announces the return of #HackersSuck Summit In Detroit Telesystem Announces the return of #HackersSuck Summit In Detroit Since its inception in 2023, the #HackersSuck initiative has gained nationwide recognition, characterized by iconic '#HackersSuck' tee shirts and engaging viral campaigns. Telesystem's initiative is focused on a single mission: to elevate security awareness and provide actionable steps for businesses of all sizes to fortify their operation. This year's summits will spotlight security tips and insights that organizations can immediately implement to reduce risk and strengthen their cybersecurity posture. A key focus will be placed on employee training as a means of threat prevention, equipping attendees with the tools and education to enable organizations to defend themselves from within. 'Our mission with #HackersSuck is to provide actionable education to our customers and partners to give them the best chance at protecting both their people and their valuable data,' said James Maloney, President of Telesystem. 'These summits provide insightful education and direct access to industry experts on today's most critical security challenges,' continued Maloney. 'Demonstrating our 'IT's About Trust' philosophy, we're proud to offer these events at no cost to our customers and partners because supporting the communities we serve is at the core of who we are as a company.' The keynote speaker for the Detroit summit is Eric O'Neill, a former FBI counterterrorism and counterintelligence operative best known for helping capture America's most notorious spy, Robert Hanssen. O'Neill, also an attorney, bestselling author of 'Gray Day', and the real-life inspiration for the film 'Breach', will share his insider perspective on cyber warfare, national security, and how to defend against modern-day cybercriminals. In addition to O'Neill's keynote address, the summit will feature a diverse range of panel discussions led by experts in cybersecurity, technology, and cyber insurance. Attendees will have the unique opportunity to engage with these experts, ask questions, and share personal experiences related to their challenges with security breaches. On July 14th, In-person attendees will enjoy a once-in-a-lifetime experience on the turf at Ford Field and complimentary breakfast and lunch. Virtual registration is also available. Registration is free at About Telesystem For over 30 years, Telesystem has been empowering SME and mid-market US-based organizations with a range of innovative cybersecurity, networking and communication solutions designed to address the business-specific needs of each customer. Guided by strategic partnerships and a customer-centric mission, these customized solutions are backed by an end-to-end managed experience and 24/7 US-based support team. Contact InformationMorgan Hull Marketing Generalist SOURCE: Telesystem press release
